Last updated: 2026-03-18 12:00:00 UTC
This document was originally drafted in Spanish, which is the legally binding version. Versions in other languages that may be available in the Application are courtesy translations provided for informational purposes only. In the event of any discrepancy between the Spanish version and any translation, the Spanish version shall always prevail.
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter, "GDPR"), and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the guarantee of digital rights (hereinafter, "LOPDGDD"), the User is informed that the controller responsible for the processing of their personal data is:
Controller: Miguel Angel Pacheco Villanego (hereinafter, "MPApps")
Address: Calle Drago 7, 11130 Chiclana de la Frontera (Cádiz), Spain
Email: contact@mpapps.club
Phone: +1 585-282-6739
This Privacy Policy applies to the processing of personal data carried out through the mobile curriculum vitae creation application (hereinafter, the "Application" or "App"), available on Google Play Store and Apple App Store, and operated by MPApps.
This Policy does not apply to information collected by third parties through other websites, applications or services linked from the Application, even if they are accessible through it. We recommend that the User review the privacy policies of such third parties before providing them with personal information.
MPApps collects the following categories of personal data depending on the User's interaction with the Application:
For the proper functioning of the Application, the verification of device legitimacy and the provision of the service, the following technical data is automatically collected when registering the device on our servers. Without this information, the Application cannot function:
a) Unique device identifier (UUID): a UUID v4 identifier automatically generated by the Application exclusively for internal use. It does not correspond to the IMEI, serial number or any other hardware identifier of the device.
b) Platform: the device's operating system (Android or iOS).
c) Language (locale): the regional and language settings of the User's device, necessary to serve content in the correct language.
d) Integrity Token: a token generated by Google Play Integrity API (Android) that verifies that the Application is running on a legitimate and unmodified device. It is used exclusively during the initial device registration.
e) Push Token: a Firebase Cloud Messaging (FCM) identifier necessary for sending push notifications, if the User has enabled them. It is registered during the device registration process but is only actively used if the User authorises notifications.
When the User voluntarily activates the analytics feature through the toggle available in the Application, the following data is collected via Firebase Analytics:
a) Usage data: information about the User's interaction with the Application (screens visited, frequency of use, interaction events) for the purpose of improving the service.
b) Technical error data (Firebase Crashlytics): technical information about errors and crashes in the Application (error logs, device state at the time of the crash) to identify and fix technical issues.
If the User does not activate this option, Firebase Analytics operates in a restricted mode that only sends anonymous and aggregated signals, without personal identifiers, in accordance with Google's Consent Mode v2.
The Application displays advertisements through Google AdMob. Before showing personalised ads, the User's consent is requested through Google's UMP (User Messaging Platform) consent management platform, in accordance with Google's EU User Consent Policy.
If the User grants consent, advertising identifiers from the device are collected for the personalisation and measurement of advertisements displayed in the Application. If the User declines consent or grants it only partially, non-personalised advertisements will be displayed. The User may modify their consent preferences at any time from the Application's settings.
When the User installs the Application through a Google Ads advertisement, Google generates a click identifier called GCLID (Google Click Identifier) that is associated with the installation. Once the User has accepted this Privacy Policy, this identifier is sent to MPApps' servers for the sole purpose of reporting to Google Ads that a conversion has occurred (installation of the Application and, where applicable, in-app purchases).
This data is used exclusively to measure the effectiveness of MPApps' advertising campaigns and is not used to identify, profile or track the User. The GCLID is not collected before the User has accepted this Privacy Policy.
When the User voluntarily decides to use the Google Drive backup feature, authentication via Google Sign-In is required. It is important for the User to know that:
a) MPApps does not store any data from Google Sign-In on its servers. Neither the access credentials, nor the name, nor the email address, nor the User's authorisation token are sent to or stored on MPApps' servers at any time.
b) Authentication and the Google Drive access token are managed entirely locally on the User's device, through Google's own services.
c) The Application uses said local token exclusively to read and write backup files in the designated folder within the User's own Google Drive. Once authenticated, the backup process can be performed automatically while the User maintains an active session.
The User may revoke the Application's access to their Google account at any time by signing out of the Application or from the security settings of their Google account (https://myaccount.google.com/permissions).
MPApps does NOT collect, store or have access to the content of the curricula created by the User. All personal information that the User enters in their curricula (name, work experience, education, photograph, etc.) is stored exclusively on the User's device and, if the User so chooses, in their own Google Drive account. MPApps does not have access to such content at any time.
The following details the purposes for which MPApps processes the User's personal data, together with the legal basis that legitimises each processing activity pursuant to Article 6 of the GDPR:
Legal basis: Performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR).
The processing of technical device data (UUID, platform, language, Integrity Token and Push Token) is strictly necessary to register the device on our servers, verify that it is a legitimate device, manage subscriptions and AI credits, serve content in the appropriate language and, in general, provide the contracted service. Without this data, the Application cannot function.
Legal basis: User consent (Art. 6(1)(a) GDPR).
Data collected through Firebase Analytics and Firebase Crashlytics is used to analyse the use of the Application, detect and fix technical errors, and improve the User experience. This processing is only activated when the User expressly authorises it through the toggle available in the Application. The User may enable or disable this option at any time from the Application's settings.
While the User does not activate this option, Firebase operates in restricted mode in accordance with Google's Consent Mode v2, sending only anonymous and aggregated signals without personal identifiers. This restricted mode is based on the legitimate interest of MPApps (Art. 6(1)(f) GDPR), as no identifiable personal data is processed.
Legal basis: User consent (Art. 6(1)(a) GDPR).
The personalisation of advertisements through Google AdMob requires the User's prior consent, which is requested through Google's UMP (User Messaging Platform) consent management platform, in accordance with Google's EU User Consent Policy and Consent Mode v2.
The User may grant or deny consent on a granular basis (choosing which advertising purposes they accept) and may modify their preferences at any time from the Application's settings. If the User does not grant consent for ad personalisation, non-personalised advertisements will be displayed.
Legal basis: Legitimate interest of the controller (Art. 6(1)(f) GDPR).
MPApps has a legitimate interest in measuring the effectiveness of its advertising campaigns on Google Ads to ensure the economic sustainability of the service. The GCLID is used exclusively to report to Google Ads that a conversion has occurred (installation or purchase), without this data being used to identify, profile or individually track the User.
MPApps has carried out the corresponding balancing exercise between its legitimate interest and the rights and freedoms of the User, concluding that this processing does not entail a disproportionate impact, given that: (i) the GCLID is collected only after the User has accepted this Privacy Policy; (ii) the data is not used to profile or identify the User; and (iii) its sole purpose is the aggregated measurement of advertising results.
The User may exercise their right to object to this processing at any time, in accordance with section 8 of this Policy.
Legal basis: Explicit consent of the User (Art. 6(1)(a) GDPR).
Only when the User voluntarily decides to activate the backup feature and signs in with Google Sign-In does the Application access their Google Drive account to store and retrieve backups. All authentication data (credentials, access token) is managed locally on the User's device and is never sent to MPApps' servers. This processing requires an affirmative action by the User and can be revoked at any time by signing out of the Application or revoking permissions from the security settings of their Google account.
Legal basis: User consent (Art. 6(1)(a) GDPR).
If the User agrees to receive push notifications through the permissions dialogue of their operating system, the Push Token registered during setup is used to send relevant information about the service, updates and, where applicable, commercial communications. The User may disable notifications at any time from their device settings.
Personal data will be retained for the time necessary to fulfil the purpose for which it was collected and to address any liabilities arising from the processing and use of the service. The retention periods are as follows:
Technical device data (UUID, platform, language, Integrity Token, Push Token): will be retained while the User maintains an active subscription or uses the Application. In the absence of an active subscription or any interaction with the Application for a continuous period of five (5) years, the data may be deleted. This period is justified by the need to address potential legal claims, given that the general limitation period for personal actions in Spain is five years pursuant to Article 1964 of the Civil Code.
Analytics data (Firebase Analytics): will be retained in accordance with the data retention policy configured in Firebase Analytics (maximum 14 months from the User's last interaction). MPApps does not directly manage the deletion of this data, as it is administered by Google in accordance with its own retention policy.
Conversion tracking data (GCLID): will be retained for a maximum period of ninety (90) days from collection, a period necessary to complete the conversion attribution process in Google Ads. After this period, the GCLID will be permanently deleted from MPApps' servers.
Google Sign-In authentication data: this data is not stored on MPApps' servers. It is managed locally on the User's device through Google's services. The User has full control over this data and can delete it by signing out of the Application or revoking permissions from their Google account.
Once the indicated retention periods have elapsed, the data will be deleted or irreversibly anonymised. In the event that the User exercises their right to erasure, the data will be deleted as soon as possible, unless a legal obligation requires its retention.
MPApps does not sell, transfer or share the User's personal data with third parties for their own purposes. However, for the provision of the service, MPApps uses the following providers who act as data processors or independent controllers, as applicable:
Services: Firebase Analytics, Firebase Crashlytics, Google Ads/AdMob, Google Sign-In, Google Drive API, Google Play Integrity API.
Role: Data processor (for Firebase Analytics, Crashlytics and Play Integrity) and independent controller (for Google Ads/AdMob).
Google's Privacy Policy: https://policies.google.com/privacy
Tax ID (CIF): B85049435
Address: Avenida de la Vega, 1, Edificio Veganova, Floor 3, Door 5C, 28108 Alcobendas (Madrid), Spain.
Role: Data processor — Web hosting and infrastructure services provider where MPApps' servers are hosted.
Privacy Policy: https://www.ionos.es/terms-gtc/terms-privacy/
In relation to the management of payments, subscriptions and downloads made through the App Store (Apple) or Google Play Store (Google), these platforms act as independent controllers for the processing of the User's payment data, in accordance with their own privacy policies.
Some of the providers mentioned in the previous section, in particular Google LLC, are based in the United States and may process personal data on servers located outside the European Economic Area (EEA).
Such transfers are carried out under the appropriate safeguards provided for in the GDPR, including:
a) The EU-US Data Privacy Framework, to which Google LLC is certified.
b) Standard Contractual Clauses approved by the European Commission (Implementing Decision 2021/914).
The User may obtain further information about these safeguards by contacting MPApps at the email address indicated.
In accordance with the GDPR and the LOPDGDD, the User may exercise the following rights at any time in relation to their personal data:
a) Right of access: To obtain confirmation as to whether MPApps is processing personal data concerning them and, if so, to access such data.
b) Right to rectification: To request the correction of inaccurate or incomplete personal data.
c) Right to erasure ("right to be forgotten"): To request the deletion of personal data when, among other reasons, it is no longer necessary for the purposes for which it was collected.
d) Right to restriction of processing: To request that the processing of personal data be restricted in certain circumstances.
e) Right to data portability: To receive personal data concerning them in a structured, commonly used and machine-readable format, and to transmit it to another controller.
f) Right to object: To object to the processing of personal data, including profiling. In particular, the User has the right to object to processing based on legitimate interest (such as conversion tracking via GCLID), in which case MPApps will cease processing such data unless it demonstrates compelling legitimate grounds.
g) Right not to be subject to automated decisions: Not to be subject to a decision based solely on automated processing that produces legal effects or significantly affects the User.
h) Right to withdraw consent: To withdraw at any time consent given for processing activities based on this legal basis (analytics, personalised advertising, backups, push notifications), without affecting the lawfulness of processing carried out prior to withdrawal.
To exercise any of these rights, the User may contact MPApps by sending an email to contact@mpapps.club, indicating "Data Protection" in the subject line and enclosing a copy of their identity document.
MPApps will respond to the request within a maximum period of one month, extendable by a further two months in the case of particularly complex requests, in accordance with Article 12 of the GDPR.
Furthermore, if the User considers that the processing of their personal data infringes current legislation, they have the right to file a complaint with the Spanish Data Protection Agency (AEPD), located at C/ Jorge Juan 6, 28001 Madrid, website www.aepd.es.
In accordance with Article 7 of the LOPDGDD, the Application is intended for users over the age of 14. Minors under 14 years of age may not use the Application without the prior and verifiable consent of their parents, guardians or legal representatives.
MPApps does not intentionally collect personal data from minors under 14 years of age. If MPApps becomes aware that data has been collected from a minor under 14 without appropriate consent, it will proceed to delete such data as soon as possible.
For users in other countries, the minimum age for digital consent established by the corresponding national legislation shall apply (for example, 16 years in Germany or the Netherlands, 13 years in the United States under COPPA).
MPApps has implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing, in accordance with Article 32 of the GDPR. These measures include, among others:
a) Encryption of communications using secure protocols (HTTPS/TLS).
b) Verification of device integrity through Google Play Integrity API to prevent fraudulent or tampered access.
c) Restricted access control to personal data.
d) Local storage of curriculum data on the User's device, without transmission to MPApps' servers.
e) Use of pseudonymised identifiers (auto-generated UUID v4) instead of personal device identifiers.
f) Periodic review and updating of security measures.
The Application uses the following third-party services, each of which operates under its own privacy policies:
Google Play Services: Basic Android platform services.
https://policies.google.com/privacy
Google Play Integrity API: Device integrity verification.
https://developer.android.com/google/play/integrity
Firebase Analytics (Google): Application usage analytics (requires User consent).
https://firebase.google.com/support/privacy
Firebase Crashlytics (Google): Technical error detection and reporting.
https://firebase.google.com/support/privacy
Google Ads / AdMob (Google): Advertising and conversion measurement (requires User consent via UMP).
https://policies.google.com/technologies/ads
Google UMP (User Messaging Platform): Advertising consent management platform.
https://developers.google.com/admob/ump
Google Sign-In and Google Drive API: Authentication and backups (optional, requires User action).
https://policies.google.com/privacy
Apple Services (for iOS): iOS platform services and subscription management.
https://www.apple.com/legal/privacy/
The Application may contain links to third-party websites or services that are not operated by MPApps. MPApps is not responsible for the privacy practices or content of such sites. The User is advised to review the privacy policies of any third-party website or service they access.
MPApps reserves the right to modify this Privacy Policy at any time to adapt it to legislative or jurisprudential developments or to changes in its data processing practices.
Any substantial modification will be notified to the User through a mandatory notice within the Application, which will require the reading and acceptance of the new Privacy Policy before the User can continue using the service. If the User does not accept the new Privacy Policy, they must stop using the Application.
This Privacy Policy is governed by Spanish and European data protection legislation, in particular:
a) Regulation (EU) 2016/679 (GDPR).
b) Organic Law 3/2018, of 5 December (LOPDGDD).
c) Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSI-CE).
For any enquiry related to this Privacy Policy or the processing of personal data, the User may contact MPApps at the following email address: contact@mpapps.club.