⚠️ Reference information. You decide. You assume the risk. Not financial advice.

BurMarket
Sign inStart free
Current version: 0.1.0-draft·Effective from 5/9/2026

Burmarket Privacy Policy

Notice · Draft version 0.1.0: this document is in provisional state. The definitive version (1.0.0) will be reviewed by legal counsel before Sprint 5. Internal marker: TODO_REVIEW_LEGAL.

1. Data controller

BeachValencia Luxury SL (hereinafter "Burmarket") is the controller of the personal data collected through the platform. Controller contact details: pending in version 1.0.0.

2. Data collected

Burmarket collects the following user data:

  • Identification: email, full name (optional), language and time zone.
  • Usage preferences: target markets, excluded sectors, time horizon, risk tolerance and approximate capital range (optional).
  • Legal audit: IP address, user agent, hash and version of the legal documents accepted, date and time of acceptance.
  • Watchlists: assets selected by the user and tracking metadata.

Burmarket does not collect banking or payment data in Sprint 1. When payments are introduced, the payment processor (Stripe or other) will handle such data under its own policies.

3. Purpose

Data is processed for the following purposes:

  • Service provision (dashboards, watchlists and analyses requested by the user).
  • Content personalization based on preferences.
  • Legal audit of terms, disclaimer and privacy acceptance (GDPR art. 7).
  • Operational communications (email verification, password recovery).

4. Legal basis

  • Performance of the service contract (GDPR art. 6.1.b).
  • Explicit consent for legal document acceptance (GDPR art. 6.1.a).
  • Legitimate interest in security and fraud prevention (GDPR art. 6.1.f).

5. User rights

The user has the right to access, rectify, erase, object to processing, restrict processing and request portability of their data. To exercise these rights they may:

  • Edit their data at /profile.
  • Delete their account (soft-delete) from /profile.
  • Contact the controller via the email indicated in version 1.0.0.

TODO_REVIEW_LEGAL: exact wording of rights exercise channel, legal deadlines, right to lodge a complaint with the AEPD/SA and reference to international transfers (Supabase eu-central-1, Vercel global edge).

6. Retention

Data is retained while the account is active. After deletion, data is retained in soft-delete state for accounting and legal reasons (GDPR art. 5.1.e). Consents are retained indefinitely as legal evidence.

7. Processors

  • Supabase Inc. (Frankfurt, eu-central-1): database and auth hosting.
  • Vercel Inc. (global): application hosting.
  • Resend Inc. (US): transactional email delivery.
  • Anthropic PBC (US): AI analysis processing in future sprints.

TODO_REVIEW_LEGAL: SCC model clauses for international transfers and subprocessor matrix pending audit.

Version 0.1.0-draft · BeachValencia Luxury SL