Presuo Presuo

Privacy Policy

Effective Date: April 18, 2026

This Privacy Policy describes how Recrea Vision S.L. ("Presuo", "we", "us", "our") collects, uses, and processes personal data in connection with the Presuo SaaS platform (presuo.com) and related services.

This policy applies to:

  • The public website (presuo.com)
  • The authenticated budgeting and collaboration platform
  • Billing, email communications, and related infrastructure

2. Categories of Data We Process

We process personal data strictly necessary to operate the Service.

2.1 Account and Identity Data

  • Email address, first name, last name
  • Company description (optional), custom logo (optional, PNG/SVG ≤2MB)

Used for: account creation, authentication, billing, communication

2.2 Authentication and Security Data

  • Password (securely hashed)
  • Session data and authentication state
  • Password reset tokens (temporary)

Used for: secure access and account protection

2.3 Collaboration and Project Data

  • Project names, descriptions, ownership
  • Budgets, line items, measurements, categories, pricing data
  • Comments, mentions, notifications, read states
  • Membership roles and invitations

Used for: core collaboration and budgeting functionality

2.4 Billing and Subscription Data

  • Subscription plan, usage metrics, billing status
  • Stripe customer and subscription identifiers
  • Invoice and payment status metadata

Used for: subscription management, quota enforcement, billing

Note: We do not store payment card details. Payments are processed by Stripe.

2.5 Uploaded Files and Documents

  • Project documents (e.g., PDF, DOCX, XLSX, images, CAD files)
  • Profile logos
  • Budget import/export files

Used for: storage, collaboration, and document generation

2.6 Technical and Usage Data

  • IP address
  • Request logs (method, path, status, duration)
  • User agent
  • Error logs and diagnostics data

Logs may include limited contextual information (e.g., user identifiers or project references) strictly for debugging, monitoring, and audit purposes.

Used for: security, monitoring, and system reliability

2.7 Preferences and Localization Data

  • Preferred language (e.g., en, es, fr)
  • Preferred currency
  • UI preferences stored in browser storage

Used for: personalization and user experience

3. How We Use Your Data

We process personal data for the following purposes:

  • Providing and operating the Service
  • Managing accounts and authentication
  • Enabling collaboration features
  • Processing subscriptions and billing via Stripe
  • Sending transactional communications (e.g., invitations, login links) via Brevo
  • Ensuring security and preventing abuse
  • Monitoring performance and errors
  • Improving the Service

We do not use personal data for advertising, profiling, or marketing purposes.

4. Legal Basis (GDPR)

  • Service provision: Contract performance (Art. 6(1)(b))
  • Collaboration & invitations: Contract performance and legitimate interest (Art. 6(1)(b), 6(1)(f))
  • Security & monitoring: Legitimate interest (Art. 6(1)(f))
  • Billing & invoicing: Legal obligation (Art. 6(1)(c))

5. Data Sharing and Third Parties

We do not sell personal data.

We share data only with trusted service providers necessary to operate the Service.

Service Providers

  • Stripe: Payments & invoicing. Data shared: Email, name, billing data, transaction metadata. Notes: Independent controller.
  • Brevo: Transactional email delivery. Data shared: Email, name, email content. Notes: Processor.
  • Oracle Cloud Infrastructure: File and object storage. Data shared: Documents, logos, generated files. Notes: Processor.
  • Sentry: Error monitoring. Data shared: Technical logs, limited request data. Notes: Processor.
  • GoatCounter (self-hosted): Analytics. Data shared: Page views, navigation paths. Notes: Controlled by us.

Some processing depends on third-party services that may independently determine aspects of data handling (e.g., payment processing by Stripe).

6. Data Retention

We retain data only as long as necessary for the purposes described.

  • Signup invitations: ~30 minutes
  • Project/budget invitations: ~7 days
  • Password reset tokens: Up to 24 hours
  • PDF exports: Up to 48 hours
  • PDF import files: Up to 14 days
  • Stripe webhook logs: Up to 365 days
  • Project documents: Until deleted by user
  • Account data: Until account closure, plus a limited retention period if required
  • Security & operational logs: Limited retention for monitoring and security purposes

7. Cookies and Storage

We use only strictly necessary and functional technologies.

Cookies

  • Authentication/session cookies
  • CSRF protection cookies
  • Language preference cookie (django_language)

Browser Storage

  • localStorage and sessionStorage for UI preferences and state

These technologies are used solely for functional purposes, do not enable cross-site tracking, and do not track users across services.

We do not use advertising cookies or third-party advertising analytics.

8. International Data Transfers

Some providers (e.g., Stripe, Brevo, Sentry, Oracle) may process data outside the European Economic Area (EEA).

Where applicable, we rely on:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Appropriate safeguards in line with GDPR requirements

9. Security Measures

We implement appropriate technical and organizational measures, including:

  • Secure password hashing
  • HTTPS/TLS encryption
  • CSRF protection
  • Role-based access controls
  • Logging and monitoring

No system can guarantee absolute security.

10. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

11. Your Responsibilities

Users are responsible for ensuring that:

  • Data they input into the Service is accurate
  • They have the necessary rights to share personal data (e.g., inviting collaborators)

12. Your GDPR Rights

You have the right to:

  • Access: Email privacy@recreavision.com
  • Rectification: Profile settings or email
  • Erasure: Email request
  • Restriction: Email request
  • Portability: Email request
  • Objection: Email request

We respond within one month. You may lodge a complaint with the Spanish Data Protection Authority (AEPD).

13. Account Closure and Deletion

  • No automated self-service account deletion is currently available
  • Requests must be submitted via email
  • We will process deletion requests within a reasonable timeframe in accordance with applicable law
  • Data may be retained where required for legal or operational reasons

14. Children

The Service is not intended for individuals under 18. We do not knowingly collect data from children.

15. Changes to This Policy

We may update this Privacy Policy from time to time.

Changes will be published on this page with an updated date.

About Presuo
© 2026 Presuo - Construction budgets that work from start to finish
ES EN FR