M
MelonTag
ES EN JA
Back to home

Privacy Policy

Last updated: March 7, 2026

At MelonTag, we deeply value the privacy of our users and their educational centers. This Privacy Policy describes how we collect, use, process, and protect your data, in full compliance with the European Union's General Data Protection Regulation (GDPR) and the Spanish LOPDGDD.

1. Data Controller

MelonTag acts as a **Data Processor** with respect to the data entered into the platform by users of the educational centers. The educational center itself (or registered institution) acts as the **Data Controller** for the data of its own inventory and staff.

2. Data We Collect

  • Registration Data: Name of the institution, administrator name, contact email, and telephone number (if provided) when requesting a Demo, Assisted Setup, or registering for the Starter plan. For administrators added to the control panel, we collect Name, Email, and Job Title.
  • Inventory and Operations Data: Information about equipment, physical status, school location (classrooms), history of incidents, and active staff data.
  • System-Generated Data: Audit details ('logs'), login events, and IP addresses, limited for security purposes.

3. Purpose of Processing

We use your data to:

  • Provide, operate, and maintain the features of our B2B SaaS application, facilitating QR scanning and inventory reports.
  • Manage the creation, authentication, and secure login of users.
  • Transactional Emails: We securely process your email address and that of invited users to send password reset reminders, welcome emails upon Tenant creation, and incident notifications, using Brevo as a secure external platform.
  • Generally notify technical service updates (software versions).
  • On the commercial side, follow up on registration and manage B2B leads by our team (superadministrators).

4. Data Storage and Security

  • Hosting: Our technological infrastructure (servers and PostgreSQL databases, and Node.js backend) is hosted on secure servers provided by DigitalOcean.
  • Security: We apply rigorous technical and organizational measures (password hashing with Bcrypt, SSL connections via NginX and Certbot, expirable JWT tokens, authentication middlewares) to protect your information against unauthorized access, alteration, or destruction in an isolated environment (Docker).

5. Data Retention

We keep your information (including the tenants model and registration_requests CRM) only while your account is active or as necessary to comply with our legal obligations or resolve disputes.

Under the Starter/Free plan, we reserve the right to delete or anonymize data after 12 months of total inactivity, with prior notice.

6. Sharing with Third Parties

MelonTag does not sell, rent, or exchange your personal data with third parties under any circumstances. We may share strictly necessary information with:

  • Cloud Service Providers: Our hosting already mentioned.
  • Transactional Email Providers: Brevo acts as an outsourced processor for sending and routing automated transaction emails.
  • Legal Requirements: If we are required by law to disclose information.

7. User Rights (GDPR)

As a resident of the European Union, you have fundamental rights, including:

  • **Access:** Learn what data of yours and your educational center we hold.
  • **Rectification:** Modify incorrect data directly from the web Panel.
  • **Cancellation/Erasure:** Request full deletion of the Tenant account or your request to the Assisted service.
  • **Portability:** Export inventory data (available in CSV/JSON format within the platform itself).

8. Changes to this Policy

We may modify this Policy at any time. If so, we will communicate it appropriately or send an email, and the new effective date will appear at the top of the document.

9. Contact

If you have any questions, concerns, or wish to exercise your privacy rights as an Administrator or User, please contact us at: hello@melontag.com