1. Who is responsible for your data
The controller for personal data processed through Optiroom is Aveniro S.L., Partida Cap Blanch, 03590 Altea, Alicante, España.
Aveniro S.L. can also be identified by NIF B27686534.
For privacy questions, requests, or rights-related inquiries, you can contact us at [email protected].
2. Data we collect
We collect information you provide directly, information generated through use of the service, and limited technical information needed to operate, secure, and improve the platform.
- Account and profile data such as name, email address, password credentials, locale, and organization details.
- Workspace and project data such as uploaded images, listing information, instructions, exports, and activity history.
- Operational and security data such as login events, session details, IP addresses, browser or device information, and audit logs.
- Billing and transaction data such as subscription state, invoices, payment status, and credit-ledger activity.
- Communications data such as support requests, marketing contact submissions, and notification preferences.
- Marketing attribution data supplied through public website links, such as UTM parameters and click identifiers, when it is needed to understand which public page or campaign led to a contact request or signup.
- Cookie and consent preference records, including whether optional analytics or marketing attribution storage has been accepted or rejected.
3. Why we use personal data
We use personal data to provide the service, authenticate users, process uploads and exports, operate billing, maintain security, respond to support requests, and communicate service-related notices.
We may also use limited usage and diagnostic data to monitor performance, investigate incidents, prevent misuse, and improve reliability, accessibility, and product quality.
For public website campaigns, we use attribution fields only to measure aggregate funnel performance, avoid duplicate follow-up, and give operators context for approved outreach. Optiroom does not use this data to send automated outreach without human approval.
When AI-assisted features are used, uploaded images, prompts, directions, generated outputs, quality checks, and processing logs may be handled so the requested enhancement can be generated, reviewed, stored, refunded where needed, and audited.
4. Legal bases
Depending on the context, we process personal data because it is necessary to perform a contract, to comply with legal obligations, to pursue legitimate interests in operating and securing the service, or because you have given consent where consent is required.
Where consent is relied upon, you may withdraw it at any time for future processing that depends on that consent.
Optional analytics and marketing attribution technologies are activated only after a consent choice. Required security, authentication, language, billing, and service-continuity mechanisms may be used where they are necessary to provide the service or comply with legal obligations.
5. Cookies and similar technologies
Our Cookie Statement explains how the website uses cookies and similar storage technologies. Optiroom relies on technically necessary storage and session mechanisms for security, account continuity, language preferences, checkout return handling, and similar operational flows, and uses Google Analytics only after consent to understand aggregate website usage and improve the public experience.
Where analytics or other non-essential technologies require consent, Optiroom will request that consent before relying on it for those purposes.
6. Sharing and processors
We may share personal data with trusted service providers who support hosting, infrastructure, authentication, communications, analytics, payment operations, or customer support, but only to the extent reasonably necessary to provide and secure the service.
We may also disclose data where required by law, regulation, legal process, or to establish, exercise, or defend legal claims.
7. International transfers
Where personal data is transferred outside the European Economic Area or other jurisdictions with transfer restrictions, we use appropriate safeguards such as adequacy decisions, contractual safeguards, or other recognized transfer mechanisms where required.
Some providers that support infrastructure, analytics, payments, email, or AI processing may operate internationally. We assess those providers and use contractual and technical safeguards intended to protect customer data in line with applicable law.
8. Retention
We retain personal data for as long as reasonably necessary for the purposes described in this statement, including to provide the service, preserve auditability, resolve disputes, enforce agreements, and meet legal, accounting, tax, and security obligations.
Retention periods may vary by data type, workspace settings, contractual obligations, and legal requirements. Where possible, data is deleted, anonymized, or irreversibly de-identified when no longer needed.
Cookie-consent choices are retained locally in the browser until the applicable consent version changes, the visitor clears site data, or the stored preference is replaced by a newer choice.
9. Security
We use organizational, technical, and procedural measures designed to protect personal data against unauthorized access, disclosure, alteration, loss, or destruction. No service can guarantee absolute security, but we aim to apply security controls proportionate to the sensitivity of the data and the nature of the platform.
10. Your rights
Subject to applicable law, you may have rights to access, correct, delete, restrict, object to, or port personal data, and to withdraw consent where consent is the legal basis.
You may also have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD) or your local supervisory authority.
11. Processor and customer-controlled content
For many workspace activities, such as handling customer-uploaded property images and team-managed listing records, Aveniro S.L. may process personal data on behalf of the workspace customer. Workspace owners are responsible for having a lawful basis for the content they upload and for handling requests from their own clients, photographers, staff, or other data subjects where they act as controller.
If we receive a request about data controlled by a customer workspace, we may direct the requester to the relevant workspace owner or support the customer in responding where legally appropriate.
12. Children's data
Optiroom is intended for professional and business use and is not directed to children. We do not knowingly collect personal data from children in connection with the service.
13. Updates to this statement
We may update this Privacy Statement from time to time to reflect legal, operational, or product changes. The latest version will always be posted on this page with an updated effective date.