Last updated: 31 May 2026.
We try to keep this simple. This policy explains what personal data Fresco.Farm collects, why, and what you can do about it, under the EU GDPR/RGPD and Spanish law (LOPDGDD).
1. Who is responsible
The data controller is Fresco Farm, NIF X2057755Z, calle peña del aguila 6, 11520 Rota, Spain. Privacy contact: frescofarmcommunity@gmail.com.
2. What we collect
You give us: your name, email, and password (stored encrypted); optionally a phone number and photo; your order information (items, pickup/delivery address, notes); for producers, farm and product details and the bank/identity details needed to get paid (held by Stripe, not by us); and any support messages.
We generate: your order history, your running-tab balance with each producer, and basic technical data (e.g. your login session).
We do not store your card number — card payments are handled by Stripe.
3. Why, and our legal basis
| What we do | Legal basis |
|---|---|
| Run your account; let you order, pay, and collect | Performance of a contract |
| Process payments and producer payouts (Stripe) | Performance of a contract |
| Send order updates and reminders | Performance of a contract |
| Keep accounting/tax records | Legal obligation |
| Keep the Platform secure, prevent fraud | Legitimate interest |
| Optional marketing emails (if any) | Your consent (withdrawable) |
4. Who we share it with
Only as needed to run the service, with providers acting on our behalf:
- Stripe — payments and producer payouts.
- Resend — transactional emails.
- Neon — database hosting (in the EU / Frankfurt).
- Netlify — website hosting/delivery (may process in the US — see §6).
- Push-notification delivery (only if you enable browser push).
We do not sell your data. Other members see only what's necessary — a producer sees orders placed with them, and the community ledger shows running-tab and dispute entries for transparency. Your password, email, and payment details are never shown to other users.
5. How long we keep it
Account data while your account is active (and a reasonable period after); order, payment, and accounting records as required by law (generally up to 6 years in Spain); support messages as long as needed.
6. International transfers
Your data is stored in the EU. Some processing happens outside it — Stripe may process in the US, and Netlify currently runs parts of the service in the US. These transfers are protected by Standard Contractual Clauses.
7. Your rights
You can access, correct, delete, restrict, object to, or port your data, and withdraw consent where applicable — email frescofarmcommunity@gmail.com. You may also complain to the Spanish Data Protection Agency (AEPD, aepd.es).
8. Security
We use reasonable measures including password encryption and HTTPS. No system is perfectly secure, but we work to keep your data safe and will notify you and the authorities of a serious breach as required.
9. Children
The Platform is for adults (18+). We do not knowingly collect children's data.
See also our Cookie Policy.