top of page

REGISTERLY

📄 Privacy Policy

Last updated: 25/11/2025

This Privacy Policy explains how App With Flow (Florent Pottevin) (“we”, “our”, “us”) collects, uses, and protects personal data within the Registerly mobile application and website.

We comply with:

  • GDPR (EU Regulation 2016/679)

  • Spain’s LOPDGDD (Ley Orgánica 3/2018)

1. Who Is Responsible for Your Data?

Controller:
App With Flow (Florent Pottevin)
NIE: Y8607011B
Buzón 51, Av/Can Camps, 08490 Tordera, Barcelona, Spain
contact@appwithflow.com

If you operate a business using Registerly, you are also a data controller for your clients' data.

2. Why We Process Personal Data

We process data for:

Service functionality

  • Account login via invites

  • Device management

  • Subscription verification

  • Invoicing and quotes

  • Client CRM

  • Stock and product management

  • Emailing invoices and exports

  • Analytics generation

  • AEAT/Veri*Factu submissions (optional)

​​

Legal compliance

  • Fiscal recordkeeping

  • Anti-fraud measures

  • Request handling (access, deletion, etc.)

​​

Communication

  • Sending invoices, exports, invites

  • Support communication

3. Personal Data We Collect

Based on your audit, Registerly collects:

Identity & Contact Data

  • User name, email, phone

  • Business details (name, VAT/NIF, address, website)

  • Client CRM info (email, phone, VAT, address)

Invoice & Fiscal Data

  • Full invoice contents

  • AEAT submission metadata

  • PDF copies of invoices

  • Hash-chain fields

  • Notes and payment metadata

Device & Technical Data

  • Device model, OS

  • Persistent device_id (UUID)

  • IP and metadata through Firebase

  • Login attempt logs

Subscription Data

  • RevenueCat entitlements

  • Product IDs, expiration dates

Usage Data

  • Navigation data (limited)

  • Summary flags in local storage

  • Export actions

  • Receipt of emails

4. How We Use Personal Data

We use data to:

  • Provide the POS and invoicing functionality

  • Generate and store invoices

  • Send invoices via email

  • Allow your business to contact its clients

  • Enforce device/subscription limits

  • Create daily summaries and analytics

  • Process AEAT submissions

  • Ensure security and fraud detection

  • Provide customer support

We do not sell personal data.

5. Legal Bases

Under GDPR, we rely on:

(A) Contract performance

To operate the Service you requested.

(B) Legitimate interests

Preventing fraud, improving the Service, security.

(C) Legal obligation

Fiscal recordkeeping and AEAT compliance.

(D) Consent

When required (e.g., marketing emails—though Registerly does not send them).

6. Data Storage & Retention

Firestore & Cloud Functions

Used for all core data.

Device storage

Used for caching sessions and temporary export files.

Retention periods

  • Invoices: until deleted/anonymized by the business owner

  • Account session data: until logout

  • Client CRM: until deleted by the business

  • Export files: temporary only

  • Daily Summary flags: 1 day

7. Data Sharing

We share data with:

Firebase (hosting, database, email delivery)

RevenueCat (subscription management)

AEAT (optional Veri*Factu submissions)

OS integrations (WhatsApp, phone, email apps)

Wix website (no direct client data unless contact forms are used)

We do not sell or rent data.

8. International Transfers

Firebase and RevenueCat may process data in the EEA or USA.

All transfers comply with:

  • GDPR adequacy rules

  • Standard Contractual Clauses (SCCs)

9. Your Rights (GDPR)

You have the right to:

  • Access

  • Rectify

  • Erase

  • Portability

  • Restrict processing

  • Object

  • Lodge complaints with the Spanish AEPD

How to exercise your rights
Users can access or delete their personal data directly from within the Registerly app, using the built-in data export and data deletion tools.

If you are unable to access your account, you can also request access or deletion by contacting:
contact@appwithflow.com

We may request additional information to verify your identity before completing any request, in accordance with GDPR requirements.

10. Security

We implement:

  • Firestore security rules

  • Device ID binding

  • Encryption in transit (HTTPS)

  • Hash-based invoice immutability

No system is 100% secure, but reasonable measures are maintained.

11. Changes to This Policy

We may modify this Policy; updates are posted on this page.

bottom of page