Privacy Policy

1. Information We Collect

At Control Your Bills, we collect and process the following information:

• Account information: Email and password (encrypted) for your account.
• Subscription information: Billing data managed by Stripe (we do not store credit card data).
• Authentication tokens: OAuth tokens from tado° to access your devices (stored encrypted).
• Device configuration: Schedules, zones, and automatic shutdown preferences.
• Operation logs: Records of device shutdowns and notifications sent.

2. How We Use Your Information

We use your information to:

• Provide the automatic shutdown service for tado° devices
• Process subscription payments through Stripe
• Send email notifications about your device status
• Notify you when tado° authorization needs renewal
• Improve our services and features

3. Information Sharing

We do not sell, rent, or share your personal information with third parties, except:

• Stripe: To process subscription payments
• tado°: To access your devices via OAuth (only with your explicit authorization)
• Amazon Web Services (AWS): As infrastructure provider (servers, database, emails)
• Legal obligations: If required by law

4. Data Security

We implement robust security measures:

• Passwords encrypted with bcrypt
• OAuth tokens stored with AES-256 encryption
• Communications via HTTPS/SSL
• JWT authentication with 30-day expiration
• AWS infrastructure with security standards compliance

5. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate information
• Erasure: Request deletion of your data (right to be forgotten)
• Portability: Receive your data in structured format
• Objection: Object to the processing of your data
• Restriction: Request limitation of processing

To exercise these rights, contact us at: tado@geckodevs.es

6. Data Retention

We retain your data while:

• Your account is active
• It is necessary to provide the service
• Required by legal or tax obligations

When you cancel your subscription and delete your account, we will delete all your personal data within 30 days, except those we must retain for legal obligations.

7. Cookies and Similar Technologies

We use essential cookies for the service to function:

• PHP Session: To keep you logged in (session cookie, deleted when closing browser)
• JWT Token: Stored in PHP session for authentication

We do not use tracking cookies, third-party analytics, or advertising. For more information, see our Cookie Policy.

8. International Transfers

Your data may be processed on servers located in the European Union (AWS eu-west-1, Ireland). AWS complies with GDPR and has EU Standard Contractual Clauses.

9. Minors

Our service is not intended for individuals under 18 years of age. We do not knowingly collect information from minors. If we discover we have collected data from a minor, we will delete it immediately.

10. Changes to this Policy

We may update this policy occasionally. We will notify you of significant changes by email. The last update date is indicated at the top of this document.

11. Contact

For any questions about this privacy policy or the processing of your data:

• Email: tado@geckodevs.es
• Data Controller: Control Your Bills