Comminari

Privacy Policy

Version 1.0. Effective from May 13, 2026.

1. Data controller

The data controller is the person who owns and operates Comminari, acting from Spain.

You can contact Comminari about privacy or support matters by writing to [email protected].

2. Data we process

Comminari processes only the data needed to provide the service, manage payments, control access and handle incidents.

We may process account data, email address, verification status, basic session data, technical identifiers and external authentication data when you use Google to log in.

We may also process Telegram data, such as user identifier, username when available, relationship with groups or channels, access status and events needed to validate, activate or revoke permissions.

For creators, we may process data about connected groups or channels, plan configuration, prices, discounts, Stripe connection status and operational preferences.

For buyers, we may process data about the selected plan, purchased community, payment status, access duration, terms acceptance date and subscription status when applicable.

For payments, we process Stripe operational identifiers, checkout session statuses, subscriptions, customers, payments, disputes, refunds and events needed to reconcile access.

Comminari does not store complete bank card data. Payments are processed through Stripe in its own secure environments.

Comminari does not request or intend to process special categories of data, such as health data, ideology, religion, sexual orientation, biometric data or other specially protected data.

3. Purposes of processing

We process data to create and manage accounts, verify email addresses, log users in, allow creators to connect and administer Telegram communities, create access plans, discounts and payment links, and allow buyers to purchase access to groups or channels.

We also use data to validate payments and subscriptions through Stripe, activate, maintain, cancel or revoke access to Telegram communities, send operational communications and handle support requests.

We may process technical data to prevent fraud, abuse, unauthorized access or misuse, comply with legal obligations and improve the stability, security and technical operation of the service.

Comminari currently does not send commercial communications or newsletters. If commercial communications are sent in the future, users will be informed and, when necessary, consent will be requested.

4. Legal basis

The main legal basis is the performance of a contractual or pre-contractual relationship, needed to create accounts, manage communities, process purchases, activate access and provide the requested service.

We may also process data to comply with legal obligations and retain information needed for tax, accounting, claims, payments or legal requests.

Legitimate interest allows us to maintain service security, prevent fraud, resolve incidents, keep technical records and improve platform operation.

When processing is optional or requires consent, Comminari will request it expressly.

5. Providers and recipients

To provide the service, Comminari uses external providers that may process personal data on behalf of Comminari or as independent controllers, depending on the case.

These providers may include Stripe for payments, subscriptions, refunds, disputes and creator account connection; Telegram for user validation, group or channel connection and technical access management; Neon for database; Upstash Redis for sessions, usage limits, temporary states and technical data; Resend for automated email; Zoho Mail for the support mailbox; Google for authentication when the user chooses Google login; Fly.io or other infrastructure providers to host the application; and Doppler or other secret managers to administer technical credentials.

Comminari does not sell personal data to third parties.

Data may be disclosed when required by legal obligation, request from a competent authority, defense against claims or protection of legitimate rights and interests.

6. International transfers

Some providers may be located outside the European Economic Area or process data from other countries.

When this happens, Comminari will seek to use providers offering appropriate GDPR safeguards, such as standard contractual clauses, adequacy decisions or other valid mechanisms.

7. Data retention

Comminari keeps personal data for the time needed to provide the service and fulfill the purposes described in this policy.

Account data is kept while the account remains active. Payment, access, subscription, dispute and refund data is kept while needed to manage the service and comply with legal obligations. Support data is kept while needed to resolve the request and maintain incident traceability. Technical logs and security data are kept for the time reasonably needed to protect the service, investigate errors or prevent abuse.

Data deletion is handled on request by writing to [email protected], unless certain blocked data must be retained due to legal obligations, pending claims, fraud prevention or defense of rights.

8. User rights

You may exercise the rights of access, rectification, erasure, objection, restriction, portability and withdrawal of consent when applicable.

To exercise these rights, write to [email protected] with your request. Comminari may ask for additional information to verify your identity before handling it.

You may also file a complaint with the Spanish Data Protection Agency if you believe the processing of your data does not comply with applicable law.

9. Security

Comminari applies reasonable technical and organizational measures to protect personal data against loss, misuse, unauthorized access, alteration or disclosure.

Among other measures, secure connections, access control, specialized providers, separate secret management, technical logs and limitation of access to data needed to operate the service are used.

No internet-connected system can guarantee absolute security.

10. Minors

Comminari is not specifically directed at minors.

If a minor uses Comminari or purchases access to a community, they declare that they have the necessary legal capacity or authorization from their legal representatives when required.

Creators are responsible for ensuring that the content of their communities is appropriate for the intended audience and for complying with applicable rules on age, consumer protection, sensitive content or regulated activities.

11. Cookies and analytics

Comminari currently does not use analytics tools, behavioral advertising or marketing pixels.

Comminari may use cookies or similar technologies strictly necessary for the technical operation of the site, such as maintaining sessions, security or essential preferences.

If non-essential cookies, analytics or advertising tools are added in the future, this policy will be updated and, where applicable, user consent will be requested.

12. Changes to this policy

Comminari may update this Privacy Policy to reflect legal, technical or functional changes.

When changes are relevant, users will be informed through the website, email or other reasonable means where possible.

The applicable version will be the one published on comminari.com at any given time.

13. Contact

For any question about this Privacy Policy or the processing of personal data, you can contact Comminari at [email protected].