Your privacy, our priority

Privacy Policy

At anonimiza.do we take the protection of your personal data very seriously. This policy explains what data we collect, how we use it and what rights you have over it, in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD).

Data controller

1. Identity

The data controller for personal data collected through anonimiza.do is:

  • Company name: Cedesa Digital SL
  • Tax ID (CIF): B06684369
  • Registered address: Avenida de Elvas s/n, PCTEX, Office 2.1, 06006, Badajoz, Spain
  • Phone: +34 924 090 608
  • Contact email: contacto@cedesa.es

If you have any questions about how we process your personal data, please contact us at the email address above.

Data we collect and how we use it

2. Purposes of processing

Account registration

When you create an account on anonimiza.do we collect your name, email address and password (stored in encrypted form). These data are necessary to identify you, grant access to the service and manage your account.

Anonymization service

Documents you upload for processing (PDF, DOCX, images) are processed solely to provide you with the anonymization service. We do not analyze the content of your documents beyond what is necessary for processing, and we do not share them with third parties.

Files are stored in encrypted form on AWS infrastructure (EU-Frankfurt region) and are deleted automatically according to the retention period you configure in your account. You can delete them manually at any time.

Payment processing

Payments are processed through Stripe. anonimiza.do does not store card data; this is managed entirely by Stripe, acting as a data processor under its own security policies and PCI-DSS compliance. You can review Stripe's privacy policy at stripe.com/privacy.

Communications

We use your email to send you service-related notifications (confirmations, account alerts, invoices). We do not send marketing communications without your prior consent.

Legal basis for processing

3. Lawfulness

Processing of your data is based on the following legal grounds under Article 6 of the GDPR:

  • Performance of a contract (Art. 6.1.b GDPR): processing is necessary to provide the service you have contracted.
  • Legal obligation (Art. 6.1.c GDPR): we retain certain accounting and tax data in compliance with Spanish commercial and tax legislation.
  • Legitimate interests (Art. 6.1.f GDPR): for service security and detection of fraudulent use.

How long do we keep your data?

4. Retention periods

  • Account data: while your account is active. If you cancel it, we will delete your data within a maximum of 30 days, unless a legal retention obligation applies.
  • Processed documents: according to the retention period you configure (minimum 24 hours, custom maximum). They are irreversibly deleted when that period expires or when you request it.
  • Billing data: 5 years in accordance with Spanish tax law (General Tax Act 58/2003).

Who do we share your data with?

5. Recipients

We do not transfer your personal data to third parties for their own purposes. The only data processors that may access your data are:

  • Amazon Web Services (AWS): cloud infrastructure provider, EU-Frankfurt region (Germany). Your data remain within the European Union at all times.
  • Stripe Inc.: payment gateway. It only processes data necessary to manage payments for your subscription.

All data processors are bound by contracts that require them to process your data solely according to our instructions and in compliance with the GDPR.

Your rights over your data

6. Data subject rights

You may exercise the following rights at any time by sending an email to contacto@cedesa.es, stating the right you wish to exercise and attaching a copy of your identity document:

  • Access: find out what personal data we hold about you.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion of your data when it is no longer necessary.
  • Restriction: request that we suspend processing in certain circumstances.
  • Portability: receive your data in a structured, commonly used format.
  • Objection: object to processing based on legitimate interests.

If you believe that the processing of your data infringes the regulations, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.

We will respond to your request within a maximum of 30 days.

Security and cookies

7. Technical measures

Security

We implement technical and organisational measures to protect your data: encryption in transit via TLS 1.3, encryption at rest with AES-256, and strict access controls on infrastructure. Processed documents are stored in user-isolated environments.

Cookies

This website uses only strictly necessary cookies for the operation of the service (session management, theme preferences). We do not use tracking, advertising or third-party analytics cookies. Your consent is not required for these cookies as they are essential to provide the service.

Updates to this policy

8. Changes

We may update this Privacy Policy to reflect changes to the service or applicable regulations. When we do, we will update the date at the bottom of this page and, if changes are significant, notify you by email.

Last updated: April 2026.