Legal

Privacy Policy

Last updated: May 2026 · Version 1.3

In short: Afín is designed to collect the minimum data possible. You don't need an account, email, or password. Profiles are temporary and deleted when the event ends. Your contact details are only visible to people you choose.

1. Data controller

The controller of the data collected through afinapp.es and app.afinapp.es is Afín, a service operated in Spain. For any privacy-related queries, you can reach us at info@afinapp.es.

2. What data we collect and why

Event attendees:

Name or alias: to identify you to other attendees.
Professional role: to improve matching relevance.
Company or project (optional): additional context in your profile.
Interests and what you are looking for: the basis of the matching algorithm.
Contact (optional): LinkedIn, email, or any other detail you choose to share. Only revealed to attendees with whom you have mutually accepted a connection request.
Chat messages (only if the organiser enables the feature): the text of messages sent to attendees with whom you have established a connection. Content is visible only to the two parties in the conversation. The organiser has no access to message content. The service operator (Afín) has technical access for the correct operation of the service and to act on reports of misuse, but does not share or use that content for any other purpose.

We do not collect email addresses, passwords, phone numbers, or any other personal identifier beyond what you voluntarily enter. The session is identified by a random identifier stored in your browser (localStorage, event-specific), which you can delete at any time from your browser settings.

Connection requests (waves) sent during the event are stored along with their status (pending, accepted). Only mutually accepted connections are included in the post-event report. Unanswered requests are not visible to the organiser or other attendees.

Event organisers:

Name and email address: required for managing the contracted service and related communications.
Payment data: handled entirely by Stripe. Afín does not store card details.

Demo requests (contact form):

Email address and any optional details entered in the form: used solely to respond to your request.

3. Legal basis for processing

Attendees: consent given by completing the profile form and joining the event.
Organisers: performance of the service contract.
Demo requests: consent given when submitting the form.

4. How long we keep your data

Attendee profiles, connections, interactions and chat messages: automatically deleted 30 calendar days after the event closes (date set by the organiser). This period allows the organiser to download the post-event report before permanent deletion.
Organiser billing data (name, tax ID, address): for the legally required period to fulfil fiscal and accounting obligations, with a minimum of 4 years.
Organiser contact data (name, email): for the duration of the contract and the legally required period thereafter.
Demo requests: until the query is resolved or deletion is requested.

5. Sharing data with third parties

Afín does not sell or transfer data to third parties. The only providers that may access data are:

Stripe: payment processing for organisers. See their privacy policy.
Netlify: hosting of the landing page and contact form.
Cloud infrastructure provider (AWS): application hosting.

Contact information between attendees is shared exclusively between the two parties who have mutually accepted a connection request. Afín does not access or store that exchange linked to any identity.

6. Your rights

You have the right to access, rectify, erase, restrict or object to the processing of your data, as well as the right to data portability, in accordance with the General Data Protection Regulation (GDPR) and applicable Spanish legislation.

To exercise these rights, write to us at info@afinapp.es. If you consider that the processing does not comply with applicable law, you may lodge a complaint with the Spanish Data Protection Agency (aepd.es).

7. Local storage and cookies

The Afín application does not use tracking cookies. The attendee session identifier and profile are stored in your browser's localStorage, using event-specific keys, so you can return to the event without re-entering your details. This data remains on your device and is never sent to third parties. You can delete it at any time by clearing your browser's local storage.

The landing page may use technical cookies native to Netlify for the correct operation of the service.

8. Security

All communication between your device and Afín's servers is carried out via HTTPS. Data is stored on servers with industry-standard security measures.

9. Reporting misuse

If you receive inappropriate content or behaviour through the service (unwanted waves, harassment, or similar), you can notify us at info@afinapp.es, indicating the event and a description of the incident. Afín may restrict access to users who violate the terms of use. Reports are handled within a maximum of 48 hours.

10. Changes to this policy

We may update this policy from time to time. We will publish the updated version on this page with the new date. If the changes are significant, we will communicate them prominently.

11. Contact

For any privacy-related queries, write to us at info@afinapp.es. We respond within 72 hours.