import React from 'react'; import { useTranslation } from 'react-i18next'; import { Shield, Mail, FileText, Calendar } from 'lucide-react'; import { Card } from '../../components/ui'; export const PrivacyPolicyPage: React.FC = () => { const { t } = useTranslation(); const lastUpdated = '2025-10-15'; return (

{t('legal:privacy.title', 'Privacy Policy')}

{t('legal:privacy.last_updated', 'Last updated')}: {lastUpdated}

1. {t('legal:privacy.section_1_title', 'Data Controller')}

The data controller responsible for your personal data is:

Panadería IA

Email: privacy@panaderia-ia.com

Website: https://panaderia-ia.com

If you have any questions about this Privacy Policy or our data processing practices, please contact us at the above email address.

2. {t('legal:privacy.section_2_title', 'Personal Data We Collect')}

We collect and process the following categories of personal data:

2.1 Account Information

  • Full name
  • Email address
  • Phone number
  • Password (encrypted)
  • Account creation date
  • Last login information

2.2 Business Information

  • Business name (bakery name)
  • Business type
  • Business address
  • Tax identification number
  • Business license information

2.3 Usage Data

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and features used
  • Time and date of access
  • Referring website addresses

2.4 Customer Data (If Applicable)

  • Customer names and contact information
  • Order history and preferences
  • Delivery addresses
  • Payment information (processed by Stripe, not stored by us)

3. {t('legal:privacy.section_3_title', 'Legal Basis for Processing')}

We process your personal data based on the following legal grounds under GDPR Article 6:

Contract Performance (Art. 6(1)(b))

Processing necessary to provide our services, manage your account, and fulfill our contractual obligations to you.

Consent (Art. 6(1)(a))

For marketing communications, analytics cookies, and other optional data processing where you have provided explicit consent.

Legitimate Interests (Art. 6(1)(f))

For improving our services, security purposes, and fraud prevention, where our legitimate interests do not override your rights.

Legal Obligation (Art. 6(1)(c))

For compliance with legal obligations such as tax, accounting, and regulatory requirements.

4. {t('legal:privacy.section_4_title', 'How We Use Your Data')}

We use your personal data for the following purposes:

  • To provide, operate, and maintain our bakery management platform
  • To manage your account and provide customer support
  • To process transactions and send you related information
  • To send administrative information, updates, and security alerts
  • To improve and personalize your experience on our platform
  • To monitor and analyze usage trends and activities
  • To detect, prevent, and address technical issues and fraud
  • To send marketing communications (with your consent)
  • To comply with legal obligations and enforce our terms

5. {t('legal:privacy.section_5_title', 'Data Sharing and Third Parties')}

We may share your personal data with the following third parties:

5.1 Service Providers

  • Stripe: Payment processing (PCI-DSS compliant)
  • Clouding.io: Cloud infrastructure hosting in the EU
  • Email service providers: For transactional and marketing emails

5.2 Data Processing Agreements

All third-party service providers are bound by Data Processing Agreements (DPAs) that ensure GDPR compliance and protect your data rights.

5.3 Legal Disclosures

We may disclose your data if required by law, legal process, litigation, or government authorities, or to protect our rights, property, or safety.

6. {t('legal:privacy.section_6_title', 'Data Retention')}

We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

Retention Periods:

  • Account data: Duration of account + 30 days after deletion request
  • Transaction records: 7 years (legal/tax requirements)
  • Audit logs: 1 year (anonymized after)
  • Marketing data: Until consent withdrawn + 30 days
  • Session data: 90 days

7. {t('legal:privacy.section_7_title', 'Your Rights Under GDPR')}

You have the following rights regarding your personal data:

Right to Access (Art. 15)

Request a copy of your personal data in a structured, commonly used format.

Right to Rectification (Art. 16)

Request correction of inaccurate or incomplete personal data.

Right to Erasure (Art. 17)

Request deletion of your personal data ("right to be forgotten").

Right to Restrict Processing (Art. 18)

Request limitation of processing in certain circumstances.

Right to Data Portability (Art. 20)

Receive your data in a portable format and transfer it to another controller.

Right to Object (Art. 21)

Object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent (Art. 7)

Withdraw consent at any time without affecting lawfulness of prior processing.

Right to Lodge a Complaint (Art. 77)

File a complaint with your local data protection authority.

How to Exercise Your Rights

You can exercise most of your rights directly from your account settings:

  • Download your data from Settings → Privacy → Export Data
  • Delete your account from Settings → Privacy → Delete Account
  • Manage consent from Settings → Privacy → Consent Preferences

For other requests, contact: privacy@panaderia-ia.com

8. {t('legal:privacy.section_8_title', 'Data Security')}

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption in transit (TLS 1.2+) and at rest
  • Password hashing using bcrypt algorithm
  • Multi-factor authentication options
  • Regular security audits and penetration testing
  • Access controls and role-based permissions
  • Comprehensive audit logging of all data access
  • Regular backups with encryption
  • EU-based data centers (clouding.io)

9. {t('legal:privacy.section_9_title', 'International Data Transfers')}

Your data is primarily stored and processed in the European Union. If we transfer data outside the EU, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for the receiving country
  • Binding Corporate Rules where applicable

10. {t('legal:privacy.section_10_title', 'Cookies and Tracking')}

We use cookies and similar tracking technologies. For detailed information, please see our Cookie Policy.

You can manage your cookie preferences at any time from the{' '} Cookie Preferences page .

11. {t('legal:privacy.section_11_title', 'Children\'s Privacy')}

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us immediately.

12. {t('legal:privacy.section_12_title', 'Changes to This Policy')}

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Updating the "Last Updated" date
  • Sending you an email notification (for significant changes)

Your continued use of our services after changes constitutes acceptance of the updated policy.

13. {t('legal:privacy.section_13_title', 'Contact Us')}

Privacy Questions or Concerns?

If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise your rights, please contact us:

Email: privacy@panaderia-ia.com

Response Time: Within 30 days of receipt

14. {t('legal:privacy.section_14_title', 'Supervisory Authority')}

You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

For Spain: Agencia Española de Protección de Datos (AEPD)
Website: www.aepd.es

{t('common:actions.back_home', 'Back to Home')}
); }; export default PrivacyPolicyPage;