Privacy Policy
Effective Date: September 11, 2025
NEXUSNOIR VENTURES SL ("Foliotrail," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services (collectively, the "Service"). This policy is designed to comply with Spain's data protection regulations, the General Data Protection Regulation (GDPR), and to provide specific disclosures for residents of California and Canada.
By using the Service, you agree to the collection and use of information in accordance with this policy.
1. Data Controller
The data controller responsible for your personal information is:
NEXUSNOIR VENTURES SL
Calle Nuñez de Balboa 114, Planta 3 Puerta 10, 28006 Madrid. SPAIN
For any privacy-related questions, please contact our data protection team at: security@foliotrail.com
2. Personal Data We Collect and Why
We collect personal data that is necessary to provide and improve our Service, process your payments, and communicate with you. We do not collect any special categories of sensitive personal data (as defined in Article 9 of the GDPR).
| Category of Data | Examples | Purpose of Processing | Legal Basis (GDPR Art.) |
|---|---|---|---|
| Account Data | Name, email address, password (hashed) | To create and manage your user account, provide access to the Service, and communicate with you about your account. | 6(1)(b) - Performance of a contract |
| Billing Data | Billing address, transaction history. Note: Payment card details are processed directly by Stripe and are not stored on our servers. | To process subscription payments and comply with financial regulations. | 6(1)(b) - Performance of a contract |
| Technical & Usage Data | IP address, page views, clicks, device type, browser information (via Plausible Analytics). | To secure the Service, monitor for fraudulent activity, and analyze usage to improve our product. | 6(1)(f) - Legitimate interest |
| Marketing Analytics Data | Anonymized conversion tracking data (via Google Analytics 4). | To measure and optimize the performance of our marketing campaigns. | 6(1)(f) - Legitimate interest |
| Marketing Consent Data | Your email address when you explicitly opt-in to our newsletter (e.g., via Substack). | To send you product updates, content, and promotional offers. | 6(1)(a) - Consent |
3. Cookies and Tracking Technologies
We use a limited number of cookies and similar technologies to operate and personalize the Service.
- Strictly Necessary Cookies: These are essential for the Service to function, such as maintaining your session and ensuring security (e.g., CSRF protection). They do not require consent.
- Analytics & Performance: We use Plausible Analytics, a privacy-focused tool that does not use cookies or generate persistent identifiers. For marketing campaign analysis, we use Google Analytics 4 (GA4) in a restricted mode focused on conversion attribution. Where required by law, we will obtain your consent before deploying non-essential cookies.
4. Data Sharing and Processors
We do not sell your personal data. We only share your data with trusted third-party service providers ("Processors") who help us operate our business, and only to the extent necessary. We have data processing agreements in place with these processors.
| Processor | Service | Location | Safeguards for International Transfer |
|---|---|---|---|
| Stripe, Inc. | Payment Processing | EU/US | Standard Contractual Clauses (SCCs) |
| Amazon Web Services (AWS) | Cloud Hosting | Stockholm, EU (eu-north-1) | Data stored within the European Union |
| Substack, Inc. | Newsletter & Email Marketing | US | Standard Contractual Clauses (SCCs) |
| Plausible Analytics | Website Analytics | EU | Data processed within the European Union |
| Google LLC | Marketing Analytics | US | Standard Contractual Clauses (SCCs) |
We may also disclose your information if required by law, such as to comply with a subpoena or other legal process.
5. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
| Data Type | Retention Period |
|---|---|
| Billing Records | 6 years, as required by Spanish commercial law. |
| Active Account Data | For the duration your account remains active. |
| Inactive Account Data | Anonymized or deleted 24 months after the last recorded login, or upon your deletion request. |
| Marketing Consent & Logs | Retained as long as you are subscribed. Deleted 12 months after you unsubscribe to handle any potential legal queries. |
6. Data Security
We implement appropriate technical and organizational security measures designed to protect the security of any personal information we process. This includes TLS encryption for data in transit, encryption for data at rest, and access controls based on the principle of least privilege. However, please also remember that no method of transmission over the Internet or method of electronic storage is 100% secure.
7. Your Privacy Rights
Depending on your location, you have certain rights regarding your personal data. To exercise any of these rights, please contact us at security@foliotrail.com.
Rights for Residents of the European Economic Area (EEA) and UK
Under GDPR, you have the right to: access, rectify, erase, restrict processing of, and object to the processing of your personal data. You also have the right to data portability. You have the right to lodge a complaint with a supervisory authority, in particular the Spanish Data Protection Agency (AEPD).
Rights for Residents of Canada
Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), you have the right to access your personal information held by us and to request correction of any inaccuracies.
Your California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have specific rights regarding your personal information:
- Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, as well as the sources of that information, the purpose for collecting it, and the third parties with whom we share it.
- Right to Delete: You have the right to request the deletion of your personal information, subject to certain exceptions.
- Right to Correct: You have the right to request the correction of inaccurate personal information.
- Right to Opt-Out of Sale or Sharing: California law provides residents with the right to opt-out of the "sale" of their personal information or the "sharing" of it for cross-context behavioral advertising. Foliotrail does not "sell" your personal information, nor do we "share" it for cross-context behavioral advertising.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
To exercise your California privacy rights, please contact us at security@foliotrail.com. We will verify your request using the information associated with your account, such as your email address.
8. Children's Privacy
The Service is not directed to or intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected such information, we will take steps to delete it as soon as possible.
9. Do Not Track Signals
Some web browsers may transmit "Do Not Track" signals to websites. Currently, there is no industry standard for how to respond to these signals. Therefore, like many other websites, our Service does not currently alter its practices when it receives a Do Not Track signal.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by sending an email to the address associated with your account at least 14 days before the new policy becomes effective. We encourage you to review this policy periodically.