Privacy Policy
Last updated: April 12, 2026 · Effective immediately
Short version: IBLUMA collects only what's necessary to connect you with wellness providers in Ibiza. We never sell your data. You can delete your account and all data at any time.
1. Who We Are
IBLUMA ("we", "our", "us") is a wellness and lifestyle booking platform operating in Ibiza, Spain. We connect guests with certified wellness providers, beauty artists, and boat taxi captains on the island.
For data protection matters, contact us at: privacy@ibluma.com
2. Data We Collect
When you book as a guest:
- Name and contact information (WhatsApp number or email)
- Booking details (service, date, time, location)
- Payment information (processed by Stripe — we never store card details)
- Reviews and ratings you submit
When you register as a provider:
- Professional profile: name, bio, specialties, pricing, location
- Contact details for booking notifications
- Bank account details for payouts (processed by Stripe Connect)
- Photos and portfolio content you upload
Automatically collected:
- IP address, browser type, pages visited (anonymized analytics)
- Language preference and session data
3. How We Use Your Data
- To process and confirm bookings
- To send booking confirmations, reminders and receipts
- To facilitate communication between guests and providers
- To process payments and provider payouts
- To improve the platform (anonymized analytics only)
- To send marketing emails — only with your explicit consent
4. Legal Basis (GDPR)
We process your data under the following legal bases:
- Contract performance — to fulfill your booking
- Legitimate interest — platform security and fraud prevention
- Consent — marketing communications and optional cookies
- Legal obligation — tax records and compliance
5. Data Sharing
We share your data only with:
- Your booked provider — name and contact for your session
- Stripe — payment processing (PCI DSS compliant)
- Twilio — WhatsApp message delivery
- Supabase — secure database hosting (EU region)
We never sell your data to third parties.
6. Data Retention
- Booking records: 7 years (Spanish tax law requirement)
- Account data: Until account deletion
- WhatsApp chat history: 90 days, then anonymized
- Analytics: 26 months, anonymized
7. Your Rights
Under GDPR, you have the right to:
- Access — request a copy of all data we hold about you
- Rectification — correct inaccurate personal data
- Erasure — delete your account and personal data
- Portability — receive your data in machine-readable format
- Object — opt out of marketing at any time
To exercise any right: privacy@ibluma.com — we respond within 30 days.
8. Cookies
We use:
- Essential cookies — session management, language preference (no consent required)
- Analytics cookies — anonymized usage data (consent required)
You can manage cookie preferences at any time via the cookie banner or your browser settings.
9. Security
We use industry-standard security measures including TLS encryption, Row Level Security in our database, and regular security audits. All payment data is handled exclusively by Stripe and never stored on our servers.
10. Contact
For any privacy-related questions: privacy@ibluma.com
For complaints, you may also contact the Spanish Data Protection Agency (AEPD): www.aepd.es