Privacy Policy

1. General information

This policy describes how Mi Historia processes personal data collected through the website mihistoria.app (hereinafter, "the Site"), in compliance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).

Project brand: Mi Historia
Controller email: [email protected]

The full identification of the data controller appears at the end of this document.

2. Data we collect

When you sign up to the waiting list via the Site's form:

• Email (mandatory): to send you project communications and notify you when the beta is available.
• Character preference (optional): male / female / either.
• Careers of interest (optional): football, tennis, basketball, golf, other (with a free-text field if you select "other").
• Player profile (optional): sports fan, simulation gamer, both, curious.
• Age confirmation (mandatory): declaration of being 16 years old or older.
• Consent (mandatory): explicit acceptance to receive communications about the development.

Automatic technical data (collected by Cloudflare when serving the Site):

• Visitor's IP address
• Browser user-agent
• Date and time of the request
• URL requested

This technical data is used solely to serve the Site, prevent abuse and maintain security. It is not used for profiling, personalized advertising or cross-site tracking.

3. Purposes and legal basis

We process your personal data for:

• Managing the waiting list and sending devlogs and project milestone notices.
  Legal basis: explicit consent (art. 6.1.a GDPR).
• Basic statistical analysis of Site use (aggregated visits, no individual profiling).
  Legal basis: legitimate interest in maintaining and improving the service (art. 6.1.f GDPR).
• Compliance with legal obligations applicable to the Site's operator.
  Legal basis: legal obligation (art. 6.1.c GDPR).

4. Data retention

• Email and form responses: until you withdraw your consent or request deletion, whichever comes first.
• Cloudflare technical logs: retained according to the provider's retention policy (typically between 7 and 90 days).

When no longer necessary, data will be securely deleted.

5. Third-party services (data processors)

The Site uses the following external providers to operate. Each acts as a data processor under contract pursuant to article 28 GDPR.

Brevo (formerly Sendinblue)

Email platform that stores form data and sends project communications.
Processing location: France (European Union).
Privacy policy: brevo.com/legal/privacypolicy

Cloudflare

Site hosting (Cloudflare Pages), CDN, DNS and attack protection. Also handles forwarding of the [email protected] email to the operator's personal account (Cloudflare Email Routing).
Location: United States (with transfers under the EU-U.S. Data Privacy Framework adequacy decision and standard contractual clauses).
Privacy policy: cloudflare.com/privacypolicy

Google Fonts

Service that delivers the Bebas Neue and Inter typefaces used on the Site. When the browser downloads the fonts, Google receives the visitor's IP address and limited technical data.
Location: United States (transfers under the EU-U.S. Data Privacy Framework).
Privacy policy: policies.google.com/privacy

6. International transfers

Brevo processes data within the European Union, so there is no international transfer.

Cloudflare and Google Fonts may process data in the United States. These transfers are covered by the EU-U.S. Data Privacy Framework approved by the European Commission in July 2023, as well as standard contractual clauses (SCCs) signed by the providers.

7. Your rights

As a data subject, you have the right to:

• Access: know what personal data we hold about you.
• Rectification: correct inaccurate or incomplete data.
• Erasure ("right to be forgotten"): request that we delete your data.
• Restriction of processing.
• Object to processing based on legitimate interest.
• Portability: receive your data in a structured and reusable format.
• Withdraw consent at any time, without affecting the lawfulness of prior processing.
• Lodge a complaint with the Spanish Data Protection Agency (aepd.es) if you believe any of your rights have been violated.

To exercise any of these rights, write to [email protected]. We will reply within a maximum of 30 days from receipt of the request.

To unsubscribe from communications you can also use the unsubscribe link included at the end of every email.

8. Minimum age

The Site is not directed at people under 16 years old. We do not intentionally collect personal data from minors of that age. If we discover we have collected data from a minor under 16 without verifiable parental consent, we will delete it as soon as we are aware.

If you believe a minor under 16 in your care has submitted personal data on this Site, please write to [email protected].

9. Cookies

The Site does not use first-party tracking cookies or third-party advertising cookies. There is no Google Analytics, no Facebook Pixel, no remarketing pixels.

Cloudflare may set strictly necessary cookies to protect the Site against abuse (bot detection, load balancing). These cookies do not require consent pursuant to article 22.2 LSSI-CE because they are technically essential.

10. Security

Data is always transmitted encrypted via HTTPS (TLS). Brevo and Cloudflare apply appropriate technical and organizational measures to protect data against unauthorized access, loss or alteration, in line with article 32 GDPR.

11. Changes to this policy

Any modification will be reflected on this page and will update the "Last updated" date. If changes are substantial and affect your rights as a registered user, we will notify you by email to the address provided.

12. Contact

For any question about this policy or about the processing of your personal data, you can write to [email protected].