Privacy Notice

The WeRule app is owned and managed by PrivacyCloud SL of Calle Ponzano 51, 28003, Madrid (Spain), which acts as Data Controller with regard to the processing of personal data. This privacy notice explains how we use any personal information we collect about you when you use this website and/or any of our mobile apps.

What information do we collect about you?

We collect information about you when you register with us or provide feedback through our contact forms. We do not use cookies as part of such data collection.

If you choose to register with us as an individual through the WeRule app, we will ask you for an email address. You may choose to add other details about yourself in order to complete your profile, but this will be entirely up to you (they will simply save you time if you ever want to use them elsewhere).

Your profile picture, should you choose to add it to your account, will be stored locally in your device. In no case will we incorporate it to our data processing activities.

How will we use the information about you?

a) Information that you add to your WeRule profile (as an individual)

The information in your WeRule profile will be used for two separate purposes:

  1. Login with WeRule. It allows us to provide a “personal data wallet” service that spares you the trouble of creating and maintaining multiple user accounts across a myriad of third-party services while ensuring full transparency and control over the amount of data accessed by such third parties.

  2. Single point of access. It helps you, and the businesses you have connected with, consolidate all of the data that a specific business holds about you in a manner that is open, transparent, and easy to manage by both parties.

PrivacyCloud acts as a Data Controller (as defined by article 4.7 of the EU General Data Protection Regulation). Insofar as they represent our primary value proposition to you, we rely on legitimate interest as a legal basis for both purposes.

Retention period

We will only keep your data for as long as it is necessary for the provision of the services being offered.

Closing your WeRule account will trigger a complete deletion of your data. Propagating such deletion through our servers will take up to 30 days.

b) Contact details that you provide when submitting a form on

We will use your email address to get back to you if and when the business you have suggested has joined the Trusted Brands program, as well as to notify you of any changes related to the manner in which such business is facilitating the exercise of your data subject rights.

Automated decisions and profiling

PrivacyCloud does not rely on data-driven automated decisions or profiling.

Data sharing and international transfers

We will only share your personal data with a particular Trusted Brand whenever:

  1. You have specifically consented to such data transfer (when expressly asked); AND

  2. PrivacyCloud’s has completed an audit of the manner in which that business has implemented its GDPR obligations, with particular attention to the availability of open protocols for the exercise of your data subject rights through self-service tools.

In no case will your data be transferred to any countries outside the EEA that have not been identified by the European Commission as providing an adequate level of protection for your privacy.

Access to your information, correction, and portability

The WeRule app grants you full control over your data and the manner in which it is used.

Additionally, you may also exercise your individual rights vis-à-vis PrivacyCloud through a specific section provided in the WeRule app. A self-service solution has been provided with regards to your rights of access, rectification, erasure, and data portability.


We do not use cookies.


We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information we collect from you.

Data Protection Officer

Our Data Protection Officer (“DPO”) is D. Ignacio Menéndez-Manjón Tartiere, who can be reached at [email protected]

In accordance with Article 38 of the GDPR, you may contact our DPO if you find any difficulties in the exercise of your rights. This may include any issues regarding our self-service tools, or your preference for a direct exchange through other means of communication.

Complaining to a supervisory authority

If you feel we have not dealt with your concern and that we are failing to properly protect your personal data or meet our legal obligations, you can report this to your local data protection regulator or Spain’s Data Protection Agency (“AEPD”). More information on reporting a concern to the AEPD can be found at

Changes to our privacy notice

We will do our best to maintain this privacy notice up to date through a monthly review.