Privacy policy
1. Introduction
Sanik Design SL (“Sopla”, “we”, “us”, or “our”) is committed to protecting your privacy and handling your personal data transparently and lawfully.
This Privacy Policy explains how we collect, use, store, and share personal data when you use the Sopla.app platform (the “Platform”, or the “Services”), in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and Spanish data protection law.
The Services are accessible worldwide. By using them, you agree to the practices described in this Policy and acknowledge that we may process your data in the EU and, where relevant, in other countries offering an adequate level of protection wherever your data is processed.
By creating an account, using the Services, or communicating with us, you acknowledge that you have read and understood this Policy.
Controller:
Sanik Design SL
Torre Mapfre, C/Marina 16–18, planta 27
08005 Barcelona, Spain
Email: contact@sopla.app
2. Data We Collect
We collect and process personal data that you provide directly, data generated during your use of the Services, and limited data from third-party providers.
2.1. Information You Provide
Account Information: Name, email address, company name, and password.
Billing Information: Company billing details, VAT number (if applicable), and payment-related information processed through our payment provider (e.g., Stripe). We do not store complete credit card numbers on our servers.
Content You Upload: Images, media, and related metadata that you submit to generate AI videos (“Content”). This may occasionally include incidental personal data if present in the images (e.g., people in the background).
Communication Data: Information you provide when contacting support or communicating with us (e.g., email content, form submissions).
2.2. Data Collected Automatically
Usage Data: Information about how you access and use the Platform, such as IP address, browser type, device information, pages viewed, time spent, and interaction logs. This may involve the use of cookies and similar technologies (see Section 9).
Log Data: Technical logs for security, debugging, and operational monitoring (e.g., error logs, access times, and service performance).
2.3. Data from Third Parties
We may receive limited personal data from third parties, such as:
Payment providers: Confirmation of payment status (success/failure), subscription type, and billing identifiers.
Authentication providers: If you register or sign in through a third-party service (e.g., Google), we may receive identifying information from that provider, in accordance with their privacy settings.
AI inference providers: When we route your Content to external AI infrastructure (e.g., for video generation), the data shared is limited to what is necessary for the requested task, and such processing is governed by their own privacy policies and terms of service.
3. Purposes and Legal Bases for Processing
We process your personal data only when there is a lawful basis under GDPR.
| Purpose | Examples of Data | Lawful Basis |
| Provide and operate the Services | Account, Content, billing | Performance of contract |
| Authenticate users and ensure secure access | Account credentials, technical logs | Legitimate interest (security) |
| Process payments | Billing details | Legal obligation / performance of contract |
| Customer support and communication | Contact info, messages | Performance of contract |
| Improve and develop our Services | Usage data, feedback | Legitimate interest |
| Marketing communications (B2B) | Email, company info | Legitimate interest with opt-out |
| Legal and compliance obligations | Billing, transaction records | Legal obligation |
4. Use of Uploaded Content and AI Processing
When you upload images or other materials to Sopla, they are processed only for the purpose of generating your requested AI videos (“Outputs”).
No Model Training: We do not use your Content or Outputs to train or improve AI models.
Storage: Uploaded files are stored for processing and may be retained for a limited period to enable regeneration or review.
No Biometric Identification: Although images may occasionally contain persons, we do not use the Services to perform biometric identification, or inference of sensitive attributes.
Responsibility: You must not upload images or Content containing personal data of identifiable individuals without proper authorization.
We may process aggregated or anonymized usage data derived from Content (e.g., volume metrics, general usage patterns) for analytics and service improvement, provided it cannot identify you or your business.
5. Sharing of Personal Data
We do not sell your personal data. We may share your data with:
Service providers and subprocessors: Companies that help us operate the Platform, including:
| Category | Purpose | Examples |
| Cloud hosting and storage | Hosting of platform and generated videos | Wasabi (EU-central), AWS (EU) |
| Payment processing | Subscription payments | Stripe |
| Analytics and performance monitoring | Service improvement | Google Analytics 4 |
| Email and communication | Transactional emails, support | Gmail, Intercom, or similar |
AI infrastructure providers: Third parties providing GPU or AI infrastructure for video generation. Content is shared only as necessary to produce Outputs.
Legal and compliance: We may disclose data when required by law, regulation, court order, or to protect our rights, property, or safety, or that of others.
In all such cases, we limit the data shared to what is strictly necessary for the intended purpose and ensure appropriate contractual safeguards are in place (e.g., data processing agreements).
6. International Data Transfers
We primarily process and store data in the European Union. Where data is transferred outside the EU/EEA (for example, to subprocessors or AI providers in other jurisdictions), we implement appropriate safeguards, such as:
Standard Contractual Clauses (SCCs) approved by the European Commission; or
Transfers to countries with an adequacy decision by the European Commission.
You may contact us for more information about international data transfers and applicable safeguards.
7. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations.
| Data Category | Retention Period |
| Account and contact information | As long as the account is active, plus up to 12 months after closure |
| Uploaded Content | Deleted upon account deletion or earlier upon your request |
| Billing and financial records | 6–10 years (per Spanish tax law) |
| Usage and analytics data | 12–24 months (aggregated or anonymized thereafter) |
| Backups | Rolling backups retained for 30–90 days |
Specific retention periods may vary depending on applicable legal or regulatory requirements.
8. Security Measures
We apply appropriate technical and organizational measures to protect personal data against loss, misuse, and unauthorized access. These include:
Encryption in transit (HTTPS/TLS) and at rest;
Strict access controls and authentication procedures;
Segregation of production and development environments;
Regular monitoring and security reviews;
Staff confidentiality and data protection training.
Despite these measures, no system is completely secure; you are encouraged to maintain backups of your Content.
9. Cookies and Analytics
We use cookies and similar technologies to provide and improve the Services.
| Type of Cookie | Purpose | Lawful Basis |
| Strictly necessary | Core functionality (login, account) | Legitimate interest |
| Performance | Analytics (page views, load times) | Legitimate interest |
| Marketing | Tailored communications or remarketing | Consent |
| Preferences | Remembering language or session settings | Consent |
You can manage cookie preferences through your browser settings or, where available, a cookie banner or preference center. Disabling cookies may affect certain features of the Services.
10. Your Rights
Under GDPR, you have the following rights regarding your personal data:
Access – Request confirmation and a copy of your personal data.
Rectification – Request correction of inaccurate or incomplete data.
Erasure – Request deletion when data is no longer necessary.
Restriction – Request that processing be limited in certain circumstances.
Data Portability – Receive your data in a structured, machine-readable format.
Objection – Object to processing based on legitimate interests or direct marketing.
Withdraw Consent – Withdraw consent where processing relies on it (e.g., marketing cookies).
To exercise your rights, contact us at hola@sanikdesign.com.
We may request verification of your identity before responding.
If you are not satisfied with our response, you may file a complaint with the Spanish Data Protection Agency (AEPD):
Agencia Española de Protección de Datos (AEPD)
www.aepd.es
11. Marketing Communications
We may send B2B marketing communications (e.g., product updates, offers) to business contacts where permitted by law.
You can opt out of marketing emails at any time by using the “unsubscribe” link in our messages or by contacting us directly.
Service-related communications (e.g., billing, security alerts, policy updates) are not considered marketing and you may not be able to opt out of these while retaining access to the Services.
12. Children’s Privacy
The Services are intended for use by businesses and professionals (B2B) and are not directed at children. We do not knowingly collect personal data from individuals under 18 years of age.
If we become aware that we have inadvertently collected data from a minor, we will take steps to delete such data.
13. Third-Party Links
The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices or content of such external sites.
We encourage you to review the privacy policies of any third-party services you use.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Services.
If we make material changes, we will notify you by email, in-app notice, or by updating the “Last Updated” date.
Your continued use of the Services after such updates constitutes acceptance of the revised Policy.
15. Contact Information
If you have questions, requests, or complaints regarding this Privacy Policy or our data practices, you can contact us at:
Sanik Design SL
Torre Mapfre, C/Marina 16–18, planta 27
08005 Barcelona, Spain
Email: contact@sopla.app
Last Updated: 15.11.2025