Privacy Policy

Last updated: March 3, 2026

1. Data controller

Netvista Media S.L. CIF: B54981352 Av. Sant Rafel 23, 03580 l'Alfàs del Pi, Alicante, Spain Email: hello@voila.cash Tel: +34 628 662 912

Netvista Media S.L. (“Voila”, “we”, “us”) is responsible for the processing of your personal data through the platform voila.cash (“the Platform”). This Privacy Policy has been drawn up in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Spanish Ley Orgánica 3/2018 (LOPD-GDD) and the Ley 34/2002 (LSSI-CE).

2. What personal data we collect

2.1 Data you provide yourself

Account data: name, email address, username, password, profile photo
Profile information: display name, subtitle, bio, links, contact details (phone, WhatsApp, email)
Payment data: Voila does not store bank account, credit card or payment card data. Payments are processed directly through your linked Stripe account.
Communications: messages you send us via email or the contact form

2.2 Data from social media platforms

When you connect a social media account, we receive data from the respective platform depending on the permissions you have granted:

| Platform | Data | | --- | --- | | Instagram | Profile data, media, bio, follower/following count | | TikTok | Profile data, avatar, display name, videos, follower count | | LinkedIn | Profile data, name, title, employer, profile photo | | YouTube | Channel information, video metadata, subscribers, view statistics | | X | Profile data, posts, follower/following count |

2.3 Automatically collected data

Device data: browser type, operating system, screen resolution
Usage data: pages visited, click behavior, session duration
IP address: for fraud prevention and security

3. Purposes and legal bases

| Purpose | Legal basis (GDPR Art. 6) | | --- | --- | | Creating and managing your account | Performance of a contract (Art. 6.1.b) | | Processing payments via Stripe | Performance of a contract (Art. 6.1.b) | | Displaying social media content on your profile | Consent (Art. 6.1.a) | | Customer service and communication | Legitimate interest (Art. 6.1.f) | | Invoicing and tax administration | Legal obligation (Art. 6.1.c) | | Fraud prevention and security | Legitimate interest (Art. 6.1.f) | | Marketing communications | Consent (Art. 6.1.a) | | Analytics (anonymized) | Legitimate interest (Art. 6.1.f) |

4. Recipients and third parties

We only share your personal data with third parties to the extent necessary for the Service:

4.1 Stripe (payment processing)

When you provide personal data in connection with Voila's payment features, Stripe receives this personal data and processes it in accordance with the Stripe Privacy Policy.

Data shared with Stripe includes: name, email address, phone number, address, payment method, identity verification documents, tax identification numbers, IP address and transaction history. Bank details are managed exclusively through your own Stripe account.

Stripe acts as an independent data controller for the data it processes. Stripe's use of your personal data is governed solely by their own Privacy Policy.

As part of account verification, Stripe may request information from credit bureaus and identity verification services.

4.2 Social media platforms

When connecting social media accounts, we share data with and receive data from the respective platforms in accordance with their privacy policies:

4.3 Hosting and infrastructure

The Platform is hosted within the EU/EEA. Our hosting provider processes data as a processor on our behalf under a data processing agreement (Art. 28 GDPR).

4.4 Other recipients

We may share data with:

Tax authorities (legal obligation)
Law enforcement agencies (based on valid legal requests)
Legal advisors (to protect our rights)

We do not sell personal data to third parties.

5. International transfer of data

Some of our processors (including Stripe) are located outside the EU/EEA, notably in the United States. In such cases, appropriate safeguards are implemented in accordance with the GDPR:

Standard Contractual Clauses (SCCs) approved by the European Commission (Art. 46.2.c GDPR)
Adequacy decisions by the European Commission (Art. 45 GDPR), where applicable

By using Voila's payment features, you consent to the transfer of data to Stripe in accordance with the safeguards mentioned above.

6. Retention periods

| Data category | Retention period | | --- | --- | | Account data | Duration of the agreement + 3 years | | Transaction data | At least 5 years (tax obligation) | | Invoices and accounting records | 6 years (Spanish commercial law) | | YouTube data | Maximum 30 days, unless actively renewed by the user | | X/Twitter content | Deleted within 24 hours of a deletion request from X or the account holder | | LinkedIn data | Deleted immediately upon revocation or account closure | | Other social media data | No longer than necessary; deleted upon revocation of the connection | | Consent records | Duration of consent + evidence period | | Fraud prevention data | Up to 5 years (principle of proportionality) |

7. Your rights

Under the GDPR and the LOPD-GDD you have the following rights:

Right of access (Art. 15 GDPR) — you can request a copy of your personal data.
Right to rectification (Art. 16 GDPR) — you can have incorrect data corrected.
Right to erasure (Art. 17 GDPR) — you can request the deletion of your data, subject to statutory retention periods.
Right to restriction (Art. 18 GDPR) — you can request that processing be restricted.
Right to data portability (Art. 20 GDPR) — you can receive your data in a structured format.
Right to object (Art. 21 GDPR) — you can object to processing based on legitimate interest.
Right against automated decision-making (Art. 22 GDPR) — you have the right not to be subject to decisions based solely on automated processing.

You can exercise your rights by sending a request to hello@voila.cash. We will respond to your request within 30 days (extendable to 3 months for complex requests).

Withdrawal of consent

Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing prior to the withdrawal.

Revoking YouTube authorization

You can revoke your YouTube authorization at any time through Google Security Settings. After revocation, we will delete your YouTube data within 30 calendar days.

Complaint to the supervisory authority

You have the right to file a complaint with the competent supervisory authority:

Agencia Española de Protección de Datos (AEPD) C/ Jorge Juan 6, 28001 Madrid, Spain www.aepd.es

EU citizens can also file a complaint with the supervisory authority in their own member state.

8. Cookies

The Platform uses cookies and similar technologies. We distinguish between:

Necessary cookies (no consent required)

Session cookies for authentication and login status
Security cookies (CSRF protection)
Preference cookies (language, theme)

Optional cookies (consent required)

Analytical cookies (to improve the Service)

In accordance with the 2024 AEPD guidelines, we provide a cookie banner with equal “Accept” and “Reject” buttons. You can change your cookie preferences at any time.

Recommended maximum cookie duration: 13 months. Consent is requested again after 24 months.

9. Minors

The Platform is not directed at persons under 14 years of age (minimum age for digital consent in Spain under Art. 7 LOPD-GDD). If we discover that we have collected data from a person under 14 without verifiable parental consent, we will delete this data without delay.

The minimum age for using payment features is 18 years.

10. Security

We implement appropriate technical and organizational measures to protect your personal data (Art. 32 GDPR), including:

Encrypted connections (HTTPS/TLS) for all data transfers
Secure password storage (hashing)
Access controls and audit logs
Regular security assessments
Incident response procedures with notification to the AEPD within 72 hours in the event of a data breach

Credit card and payment card data are processed exclusively by Stripe and are never stored on our servers.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be announced by email or through the Platform. The “Last updated” date at the top of this document indicates the most recent version.

12. Contact

For questions about this Privacy Policy or to exercise your rights:

Netvista Media S.L. Av. Sant Rafel 23, 03580 l'Alfàs del Pi, Spain Email: hello@voila.cash Tel: +34 628 662 912