This Privacy Policy describes how YCY Consulting and Investment SL (“we”, “us”, “Neuroplugin”, “the publisher”) processes personal data through neuroplugin.com and through the commercial activities relating to the Neuroplugin product family.
It is published in compliance with Regulation (EU) 2016/679 (GDPR), the Spanish Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD), and Spanish Law 34/2002 on Services of the Information Society and Electronic Commerce (LSSI-CE).
1. Data controller
- Legal name: YCY Consulting and Investment SL (trading as Neuroplugin)
- Registered office: Madrid, Spain
- Tax ID (NIF): B22450688
- Contact: through the contact form on this site or the support address listed on the relevant marketplace product page.
2. Categories of personal data we process
We process personal data only as strictly necessary to provide the contracted services. Depending on the context, the data we may process is:
Site visitors
- IP address (truncated where feasible) and standard server log data.
- Cookie identifiers (see the Cookie Policy).
- Pages visited and basic interaction events (only with consent for non-essential analytics).
Customers who purchase a Neuroplugin module license
- Name and contact details supplied at purchase (via the PrestaShop Addons Marketplace, the Shopify App Store, or directly).
- License key and the technical identifier of the PrestaShop or Shopify store the license is bound to.
- Invoice and payment-related data (handled by the relevant marketplace, not stored on our infrastructure where avoided).
People contacting support
- Email address, name, the content of the support request, and any technical diagnostic information voluntarily attached.
People who subscribe to the newsletter
- Email address and, optionally, name and language preference.
We do not knowingly collect data from minors and we do not process special categories of data (Article 9 GDPR) through this site or its products.
3. Purposes and legal bases
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Deliver the licensed software, including updates and security patches | Performance of a contract (Art. 6.1.b) |
| Provide technical support during the support window | Performance of a contract (Art. 6.1.b) |
| Send transactional notifications relating to a purchase | Performance of a contract (Art. 6.1.b) |
| Issue invoices and comply with tax and accounting obligations | Legal obligation (Art. 6.1.c) |
| Detect fraud, abuse, or breaches of the Terms of Service | Legitimate interest (Art. 6.1.f) |
| Operate the site (essential cookies, security, anti-spam) | Legitimate interest (Art. 6.1.f) |
| Send the newsletter or other marketing material | Consent (Art. 6.1.a) |
| Use non-essential analytics or marketing cookies | Consent (Art. 6.1.a) |
4. How long we keep your data
| Category | Retention period |
|---|---|
| Tax and accounting records | 6 years (Spanish Commercial Code, Art. 30) |
| License + support records | Active period + 4 years after expiry |
| Newsletter subscription | Until you unsubscribe |
| Support tickets | 3 years from the last interaction |
| Site analytics (with consent) | 14 months maximum |
| Server access logs | 30 days, then aggregated |
5. Recipients of your data
Personal data is processed by us. We share it only with the following categories of recipients, each acting as a processor under a contractual data-processing agreement:
- Hosting provider that operates the production servers.
- Email delivery provider for transactional and (with consent) marketing email.
- Payment / marketplace processors (PrestaShop Addons, Shopify App Store, Stripe, etc.) where applicable to the transaction.
- Public authorities when legally required.
We do not sell personal data to third parties. We do not transfer personal data outside the European Economic Area unless a valid transfer mechanism applies (Standard Contractual Clauses or an adequacy decision).
6. Your rights
You have the right to access, rectify, erase, restrict processing, object to processing, and request portability of your personal data, as well as the right not to be subject to a decision based solely on automated processing (Articles 15-22 GDPR). You may also withdraw any previously granted consent at any time, without affecting the lawfulness of the processing carried out beforehand.
To exercise these rights, write to us through the contact details in section 1. We will respond within one month of receipt.
You also have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, AEPD), at https://www.aepd.es.
7. Data we do NOT control: end-customer data inside a merchant's store
When a merchant installs a Neuroplugin module (such as NP Rewards Pro) on their own PrestaShop or Shopify store, the module processes end-customer data (names, emails, order references, reward balances, IP addresses used for fraud detection, payout payment references) on behalf of the merchant.
In that context, the merchant — not Neuroplugin — is the data controller. Neuroplugin does not receive, store, or transmit end-customer data from the merchant's store. The module operates entirely inside the merchant's own database and email infrastructure.
If you are an end customer of a merchant using a Neuroplugin module, please direct any privacy request to that merchant.
8. Security
We apply technical and organisational measures appropriate to the risk, including transport-layer encryption (HTTPS) on all customer data flows, access control on infrastructure, audit logging, and defence in depth on the published modules. No system is fully impenetrable; if a personal-data breach occurs that is likely to result in a high risk to your rights and freedoms, we will notify affected individuals and the AEPD within 72 hours where required by Article 33 GDPR.
9. Changes to this policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent revision. Material changes will be communicated via the site or, where applicable, by email.