Introduction
Wallapop SL ("Wallapop", "we", "us") operates an enterprise AI sales intelligence platform. This Privacy Policy explains what information we collect from customers, prospects, and website visitors, how we use it, and the rights available to individuals in the EEA, UK, Switzerland, California, and other jurisdictions.
This policy applies to wallapop-ai.com, the Wallapop product, and any workflow integrated with our platform. It does not cover third-party services that operate under their own terms.
Data we collect
We collect three broad categories of information:
- Account data. Name, work email, company, role, billing address, and authentication credentials.
- Customer content. Recordings, transcripts, CRM metadata, and derived intelligence you or your organization submit to the platform.
- Product telemetry. Device, browser, IP address, feature usage, and diagnostic events used to operate and improve the service.
How we use data
- Provide, secure, and improve the Wallapop platform and related services.
- Generate coaching, revenue, and conversation intelligence for authorized users.
- Bill customers, prevent fraud, and comply with legal obligations.
- Communicate about product updates, security notices, and service incidents.
- Train and evaluate internal models on de-identified or aggregated data only, unless a customer explicitly opts in.
Legal bases (GDPR / UK GDPR)
We rely on the following legal bases: performance of a contract, our legitimate interests in operating and securing the platform, compliance with legal obligations, and — where required — your consent. You may withdraw consent at any time without affecting prior processing.
Retention
We retain customer content for the duration of the subscription and for up to 90 days after termination, unless a longer period is required by law. Billing records are retained for seven years. Product telemetry is retained for up to 24 months.
Security
Wallapop maintains a written information security program aligned with SOC 2 Type II and ISO 27001 practices, including encryption in transit and at rest, least-privilege access, tenant isolation, and continuous monitoring. Report suspected vulnerabilities to [email protected].
Your rights
Depending on your jurisdiction, you may request access, correction, deletion, portability, or restriction of your personal information, and object to processing based on legitimate interests. Submit requests to [email protected]. We respond within 30 days.
International transfers
Where personal data is transferred outside of the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework.
Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be announced via email or in-product notice at least 30 days before they take effect.