Last updated: 21 April 2026

Privacy Policy.

How we handle the personal data you share with Tinstra during our pre-launch phase. Short, plain, and built around the rights you have under EU law.

1. Who we are

Tinstra (“Tinstra”, “we”, “us”, “our”) is operated by [Legal entity name — TO CONFIRM], with registered address at [Registered address, Spain — TO CONFIRM] and tax identification number [CIF / NIF — TO CONFIRM]. You can reach us at hello@tinstra.com.

We are the data controller for the personal data described below, within the meaning of Regulation (EU) 2016/679 (the “GDPR”) and Spain’s Organic Law 3/2018, of 5 December, on Personal Data Protection and Guarantee of Digital Rights (“LOPDGDD”).

2. What this notice covers

This notice explains how we collect and use personal data through tinstra.com and the newsletter and contact forms on it. Different terms will apply to the Tinstra marketplace when it launches; we will publish a separate, longer privacy notice at that point.

3. What we collect

Newsletter sign-up. Your email address, submitted voluntarily through the form on our home page.
Contact form. Your name, email address, chosen topic, and the content of your message, submitted voluntarily through the form at /contact.
Technical logs. Our hosting provider logs minimal request metadata (IP address, user-agent, timestamp) for operational security and service reliability. We do not use this for profiling.

We do not knowingly collect special-category data (health, beliefs, biometric, political opinions, etc.) and have no reason to request it.

4. Why we process it, and on what legal basis

Newsletter updates— to send you occasional updates about Tinstra’s launch and product. Legal basis: your consent (GDPR Art. 6(1)(a)), given when you submit the form. You can withdraw it at any time.
Replying to your enquiry— to answer messages sent through the contact form. Legal basis: our legitimate interest in operating a contact channel (GDPR Art. 6(1)(f)), and, where you are asking about a potential engagement, pre-contractual steps (GDPR Art. 6(1)(b)).
Service operation and security— to keep the site running, investigate incidents, and prevent abuse. Legal basis: legitimate interest (GDPR Art. 6(1)(f)).

5. Who we share it with

We only share personal data with service providers who process it on our behalf under written agreements that comply with GDPR Art. 28:

Resend(Resend Inc., United States) — email delivery infrastructure for the newsletter and contact pipeline.
[Hosting provider — e.g., Vercel Inc., United States — TO CONFIRM] — website hosting and request logging.

We do not sell personal data and do not share it with advertising networks.

6. International transfers

Some of our processors are established outside the European Economic Area, primarily in the United States. Where personal data is transferred outside the EEA, we rely on the European Commission’s Standard Contractual Clauses (Decision 2021/914/EU), and, where applicable, the EU–US Data Privacy Framework for providers that are certified under it. You can request a copy of the relevant safeguards by emailing us.

7. How long we keep it

Newsletter email addresses— until you unsubscribe (every email contains a one-click unsubscribe link), or after 24 months of inactivity following launch if we have not reached you.
Contact form submissions— up to 24 months after the last correspondence in the thread, then deleted unless a longer period is required to resolve a dispute or meet a legal obligation.
Technical logs— typically 30–90 days, according to our hosting provider’s default retention.

8. Your rights

Under the GDPR and LOPDGDD you have the right to:

access the personal data we hold about you (Art. 15);
rectify inaccurate or incomplete data (Art. 16);
request erasure (Art. 17);
restrict processing (Art. 18);
receive your data in a portable format (Art. 20);
object to processing based on legitimate interests (Art. 21);
withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, email hello@tinstra.com. We may ask for reasonable information to verify your identity. We respond within one month, in line with GDPR Art. 12(3).

You also have the right to lodge a complaint with the Spanish Data Protection Authority, the Agencia Española de Protección de Datos (AEPD), at aepd.es. We would, however, appreciate the chance to address any concerns first.

9. Cookies and similar technologies

This pre-launch site does not use analytics, advertising, or tracking cookies. Any cookies set are strictly necessary for the site to function (for example, to remember form state during a single session). No consent banner is therefore required under Article 22.2 of Spain’s Law 34/2002 on Information Society Services and E-Commerce (“LSSI-CE”). We will update this notice and add a cookie consent layer if that changes.

10. Children

Tinstra is not directed at children. We do not knowingly collect personal data from anyone under 14 years old (the minimum age for valid consent under Spanish law, per LOPDGDD Art. 7). If you believe a child has submitted personal data to us, please email us and we will delete it promptly.

11. Changes to this notice

We may update this notice from time to time to reflect changes in our service, processors, or the law. The “Last updated” date at the top of this page shows when it was most recently revised. Material changes will be communicated to newsletter subscribers by email.

12. Contact us

For any question about this notice or your personal data, email hello@tinstra.com.