Your data

Privacy policy

Last updated: May 24, 2026

1. Data controller

Trowelapp Technologies S.L. (VAT B72411960), registered office at Calle Ramón Ramírez 5, 1º · 39100 Santa Cruz de Bezana (Cantabria), Spain. Contact email: info@trowelapp.com.

Given the type and volume of processing, Trowel is not required to appoint a Data Protection Officer (DPO) under article 37 GDPR. For any question regarding the protection of your data, you can write to info@trowelapp.com.

2. Purposes of processing

We process your personal data for the following purposes:

Service provision. Creating and managing your account and your organisation's, and enabling use of the Trowel web platform and app.
Contract management and billing. Formalising and administering the contractual relationship, issuing invoices and managing payments.
Support. Responding to your queries, incidents and support requests.
Marketing communications. Sending you information about Trowel, news and industry content where there is a legitimate basis or your consent.
Analytics and improvement. Measuring use of the site and platform to improve the experience, provided you accept analytics cookies.
Legal compliance. Meeting the applicable legal, tax and accounting obligations.

3. Legal basis

The legal basis for each processing activity is:

Performance of a contract (art. 6.1.b GDPR) for service provision, account management and billing.
Compliance with legal obligations (art. 6.1.c GDPR) for tax and accounting duties.
Legitimate interest (art. 6.1.f GDPR) for handling queries, platform security and communications to customers about similar products or services.
Consent (art. 6.1.a GDPR) for sending marketing communications where required and for non-essential cookies; you may withdraw it at any time.

4. Data we collect

Depending on how you use Trowel, we may process the following categories of data:

Identification and contact data. Name, company name, email and phone you provide in the contact forms, trial requests or when signing up.
Account data. Company name, username and access credentials for the web platform and the app.
Billing data. What is needed to issue and manage invoices for the contracted service.
Content you record on the platform. The data you and your organisation's users enter in the different features (companies, contacts, income, expenses, delivery notes, photos, attendance, etc.). For this data you, as the customer, are the data controller; Trowel acts as processor.
Technical and usage data. IP address, device type and metadata, and connection information such as usage statistics of Trowel's features and traces of any errors (bugs) that occur while browsing. We process it to assess and protect system performance, deliver an optimised experience, respond quickly to errors, run internal tests and meet our legal obligations.

We do not process special categories of data (specially protected data) in any of these features.

5. Mobile app: device permissions

The Trowel mobile app requests a number of device permissions needed to provide certain features. You can manage or revoke them at any time from your device settings:

Camera. Required to use the controls of the app's «Photos» feature.
Files and media. Required to store the photos taken in the app's «Photos» feature.
Location. Required to provide the location-based services in the «Attendance» feature. You can turn it off at any time using the «STOP» button in that feature.
Notifications. Required to alert you to new records, edits or deletions made on the platform by other users from your company.

You can request the deletion of your account and associated data at any time by writing to info@trowelapp.com.

6. Retention period

We retain your data for as long as the contractual relationship lasts and, once ended, for the applicable statutory limitation periods (in particular tax and commercial obligations, generally up to 6 years). Data processed on the basis of your consent is kept until you withdraw it. After these periods, data is securely deleted or anonymised.

7. Recipients and international transfers

We do not share your data with third parties except where legally required. To provide the service we rely on providers acting as data processors under article 28 GDPR (cloud infrastructure, support tools, analytics and communications), with whom we maintain the corresponding processing agreements.

Your organisation's data hosted on the platform is processed on infrastructure located in the European Union. Should any provider involve an international transfer, it will be carried out with the safeguards set out in Chapter V GDPR (adequacy decisions or standard contractual clauses). The terms of processing as a processor are detailed in our Data Processing Agreement (DPA).

8. Rights of data subjects

You may exercise at any time your rights of access, rectification, erasure, objection, restriction of processing and portability by sending an email to info@trowelapp.com with the subject «GDPR Rights» and a copy of an ID document.

You have the right to lodge a complaint with the Spanish Data Protection Agency (aepd.es) if you believe the processing of your data does not comply with regulations.

9. Cookies

You'll find detailed information about the cookies we use in our cookie policy.

Cookie	Provider	Duration	Purpose
`trowel_cookie_consent_v1`	Trowel (first-party)	Persistent	Stores your cookie consent preference.
`trowel_culture_suggest_v1`	Trowel (first-party)	Persistent	Remembers we already suggested the local version of the site.
`trowel_demo_modal_v1`	Trowel (first-party)	Persistent	Remembers you dismissed the demo prompt so we don't repeat it.

Cookie	Provider	Duration	Purpose
`_ga`	Google	2 years	Anonymous user identifier.
`_ga_*`	Google	2 years	Google Analytics 4 session state.
`_gid`	Google	24 hours	Distinguishes users.