Kiaveo

Legal

Privacy Policy

Last updated 10 July 2026

This policy explains how Kiaveo (kiaveo.com) collects and uses your personal data, and the rights you have. We keep the data we hold to what we genuinely need to sell you a licence, invoice it correctly, and support you.

1. Data controller

The data controller is meeco Servicios Globales S.L., VAT ESB42774703, with registered office at Avenida de Cataluña 16, 03540 Alicante, Spain. Email our privacy contact directly at privacy@kiaveo.com. Full registration details appear in our Legal Notice.

2. What we collect

  • Order and contact details — the email address you order with, and your name where you provide it.
  • Billing and tax details — billing address, company name and VAT identification number when you buy as a business, so we can issue a compliant invoice.
  • Order history — the products you bought, the licence keys issued to you, and your invoices.
  • Support content — the messages and any order references you send us when you open a case.
  • Technical data — basic, security-related information such as your IP address and the essential cookies needed to run your cart and session.

We do not store your full card number. Card and wallet payments are processed directly by our regulated payment providers (such as Revolut and PayPal), who handle your payment credentials under their own terms.

3. Why we use your data, and our legal bases

  • To perform our contract with you — to take payment, deliver your keys and invoice, and provide support.
  • To meet a legal obligation — to issue invoices and retain accounting records as required by Spanish and EU tax law.
  • For our legitimate interests — to keep the store secure, prevent fraud, and improve our service, balanced against your rights.
  • With your consent — where we ever ask for it, for example for optional marketing, which you can withdraw at any time.

4. Sharing your data

We share data only with providers needed to operate the service, and never sell it. The production configuration currently identifies the following processors or independent payment recipients:

  • StripeCard payment processing and fraud prevention. International-transfer position: Provider safeguards and applicable adequacy/SCC mechanisms.
  • PayPalPayPal payment processing. International-transfer position: Provider safeguards and applicable adequacy/SCC mechanisms.
  • RebillLocal payment-method processing. International-transfer position: Provider safeguards and applicable SCC mechanisms.
  • ResendTransactional email delivery. International-transfer position: Applicable SCC mechanisms.
  • Hetzner Online GmbHApplication hosting, encrypted storage and backups. International-transfer position: Hosting region and safeguards stated in the provider agreement.

Payment providers generally act as independent controllers for the payment credentials and compliance data they collect. Processors acting on our behalf are covered by appropriate contractual terms. Where personal data leaves the EEA, we use an applicable adequacy decision or contractual safeguards such as the EU Standard Contractual Clauses, according to the provider and processing location.

5. How long we keep it

Our operational retention schedule is: invoices, order records and accounting evidence for six years from the last relevant accounting entry; closed support cases for 24 months; rate-limit/security request records for up to 24 hours; reseller API-usage summaries for 30 days; and optional marketing preferences until you withdraw consent. An active account profile is kept while the account remains open. Closing an account removes the login and reusable profile immediately, while statutory financial records are restricted until their retention period expires. Data needed for an active dispute, fraud investigation or legal claim may be restricted for longer while that matter remains live.

The six-year accounting period reflects Article 30 of Spain's Commercial Code. Retention is also subject to any longer or more specific legal requirement that applies to a particular record.

6. Your rights

Under the GDPR you have the right to access the data we hold about you, correct inaccurate data, request erasure, restrict or object to certain processing, and receive portable data. Signed-in customers can export their data, update it, change marketing consent and close their account under Account → Profile & preferences. You can also email privacy@kiaveo.com. We respond within the legally required period and may need to verify identity. You may complain to your local supervisory authority; in Spain this is the Agencia Española de Protección de Datos.

7. AI-assisted processing

Authorised staff may use configured AI providers for catalogue translation, image quality checks, and explicitly approved support or operational assistance. Customer data is not used to train our own model, high-impact writes require human approval, and staff must minimise or redact personal data before it is sent. The processor list above shows which AI providers are enabled in production. You can object to optional AI-assisted handling of a support case by telling us in that case.

8. Cookies

We use the essential cookies required to keep you signed in, remember your cart and currency, and secure checkout. These are necessary for the store to function, so they do not require consent. We do not use advertising cookies without your consent.

9. Changes to this policy

We may update this policy from time to time. The date at the top shows when it last changed; material changes will be made clear on this page.

Privacy Policy — Kiaveo