Privacy policy

Controller

Devinet 2013, S.L.U., tax ID B66111550 and registered address at C/ Vallseca, 8, Bajos (local), 08024 Barcelona (Barcelona), Spain, is the controller of the personal data collected. You can contact us at [email protected] with any privacy question.

Collection and use of data

Personal data gathered through the forms on https://www.devinet.es or the SnapRace app are incorporated into automated processing activities owned by Devinet.

We use the data to maintain our commercial relationship, manage information requests, deliver support, training or consultancy services, and keep you informed about improvements to the Site.

Purposes and lawful bases

We process your data for the following purposes on the bases indicated:

• Providing and managing the services you request or contract (performance of a contract).
• Handling enquiries and sending the information you ask for (legitimate interest and, where appropriate, consent).
• Sending newsletters, promotions and commercial communications about Devinet (consent, which you may withdraw at any time).
• Complying with legal obligations, preventing fraud and ensuring service security (legal obligation and legitimate interest).

Recipients and processors

We share data only when necessary to meet the stated purposes or when required by law.

• Service providers that supply hosting, support, analytics or communication tools, bound by confidentiality and data-processing agreements.
• Platforms you choose to synchronise with, such as health or analytics services, subject to your prior authorisation.
• Administrative or judicial authorities whenever required to comply with legal obligations or to safeguard public safety.

AI processing (GPT-5.1)

In certain SnapRace features, such as the virtual coach or the assessment of races and route recordings, we use artificial intelligence services to provide you with personalised recommendations.

For this purpose we temporarily send some information to the GPT-5.1 API provided by OpenAI, which acts as our processor under our instructions and with appropriate security and confidentiality measures.

• Source of the data: we momentarily read workout data from HealthKit (for example, duration, distance, pace or estimated effort) and may combine it with the texts and descriptions you enter.
• SnapRace does not store HealthKit health data: this data is used only to generate the GPT-5.1 response and is not saved in the SnapRace database.
• Data processed by the AI: the minimum information needed to produce the analysis or training plan (texts, workout metrics and route summaries). We do not send clinical health data or other special categories of data that we may store in SnapRace.
• Retention: the information sent to GPT-5.1 is used only for as long as is necessary to process the request; the provider may apply its own retention periods in line with its privacy policy.
• Lawful basis: performance of the requested service and our legitimate interest in improving and tailoring training-related features.
• International transfers: using GPT-5.1 may involve transfers of data outside your country; we have put in place contracts and appropriate safeguards with OpenAI to protect your information.

Security and confidentiality

We implement the technical and organisational measures needed to guarantee the security, integrity and confidentiality of the data, preventing alteration, loss or unauthorised access.

If a security incident significantly affecting your data occurs, we will inform you promptly together with the corrective measures adopted.

Your rights

You may exercise the rights of access, rectification, erasure, objection, restriction and portability, withdraw the consent you have given and opt out of commercial communications at any time.

Send your request free of charge to [email protected] or to the postal address indicated above, attaching proof of identity.

If you believe your rights have been infringed, you can lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).

Data retention

Data will be stored for as long as the contractual relationship remains in force or until you request erasure. Afterwards, it will be kept blocked for the legally required periods to address any liabilities arising from the services provided.

Retention under the Spanish E-Commerce Act

In accordance with Law 34/2002 on Information Society Services, Devinet retains for up to 12 months the essential information needed to identify the origin of hosted data and the time the service began. That information will only be disclosed to courts or competent authorities in the context of criminal investigations or to safeguard public safety.

User-provided content

If you host files containing personal data on our servers you are solely responsible for ensuring compliance with data-protection regulations regarding such content. Devinet will not be liable for unlawful uses made by users of the contracted services.

Intellectual property

Devinet owns the intellectual and industrial property rights over the content published on https://www.devinet.es and over the software required for its operation.

Unauthorised reproduction, publication or use of that content is prohibited. Access to the services does not grant any intellectual property rights other than those strictly necessary to use them.

• Respect the licences of any software or materials made available by Devinet.
• Do not publish or transmit content that is violent, obscene, unlawful, racist, xenophobic or defamatory.
• Do not share 'cracks', serial numbers or any other material that infringes third-party intellectual property.
• Do not collect personal data from other users without their express consent.
• Do not use Devinet mail servers or addresses to send unsolicited bulk communications.

Protection of hosted information

We perform periodic backups to safeguard hosted information; however, we are not responsible for the accidental deletion of data by users.

Restoring content deleted by the user is not included in the service unless the loss is attributable to Devinet, in which case recovery will be performed at no extra cost.

Commercial communications

In line with Law 34/2002, we do not send unsolicited commercial communications by electronic means. Where there is a prior contractual relationship we may send information about products or services similar to those originally contracted.

You can object to receiving commercial communications at any time via the usual contact channels, providing proof of identity.

Changes to this policy

We may update this Privacy Policy to reflect changes in the processing we carry out or in the applicable regulations. The revised version will be published on the Site and, where appropriate, we will inform you through suitable channels.