Privacy Policy

1. Introduction & Scope

This Privacy Policy describes how Comply (the “Application”), owned and operated by DAP Consulting, S.L.(“DAP Consulting” or the “Controller”), collects, uses, stores, and protects personal data processed through the Application, our websites, and any related channels.

Regulatory Alignment – The Application has been engineered from the ground up to comply with the following Spanish anti‑fraud and invoicing framework:

  • Law 11/2021 of 9 July on measures to prevent and combat tax fraud ("Anti‑Fraud Law") – Art. 29.2 j) and Art. 201 bis of the Spanish General Tax Act 58/2003 (LGT).
  • Royal Decree 1007/2023 of 5 December approving the Technical Requirements for Invoicing Systems (RRSIF), including the definition of VERI*FACTU systems (Arts. 7‑16).
  • Ministerial Order HAC/1177/2024 of 17 October detailing the data structure, signature policies, QR format, and developer self‑declaration requirements.

These provisions demand software integrity, traceability, immutability, and—where applicable—real‑time communication with the Spanish Tax Agency (AEAT). Comply fulfils all mandatory requirements and already supports VERI*FACTU mode in anticipation of the 1 January 2026 deadline.

We also adhere to the EU General Data Protection Regulation (GDPR) and any other applicable data‑protection laws.

 

 

2. Data Controller

DAP Consulting, S.L.
CIF / VAT ID: B75568832Address: Av. Isabel de Farnesio 34, Local 7 BIS, 28660 Boadilla del Monte, Madrid, Spain
E‑mail: hello@storelink.tech

 

 

3. Categories of Data We Process

Merchant identification data: Legal name, VAT ID, postal address, store contact e‑mail (Provided by the merchant during onboarding)

 

Shopify POS transactional data: Order ID, items, amounts, taxes, payment method, returns (Synced in real time via Shopify API)

 

Fiscal metadata: Chained hash, serial number, QR, signed XML (Generated by Comply in line with Verifactu / TicketBAI)

 

Device data: App version, public IP, error logs (Collected automatically for support & security)

 

Note: The Application targets corporate users (companies and sole traders). It is not intended for individuals acting as consumers or for minors.

 

 

4. Purposes & Legal Bases (Art. 6 GDPR)

Real‑time fiscalisation: creation and submission of XML/QR to the AEAT or relevant regional tax authorities: Compliance with a legal obligation (Art. 6 (1) c) GDPR; Art. 29.2 j) LGT; RRSIF)

 

Service delivery: dashboard, customer support, updates: Contract performance (Art. 6 (1) b) GDPR)

 

Fraud prevention & security logging: Legitimate interest (Art. 6 (1) f) GDPR)

 

Product updates & relevant feature announcements (opt‑in): Consent (Art. 6 (1) a) GDPR)

 

 

5. Data Retention

Data are retained only for as long as necessary to:

  • safeguard the legal validity and audit trail of issued invoices;
  • comply with statutory limitation periods (up to 4 years under Art. 66 LGT);
  • handle potential claims or liabilities.

After these periods, data are securely deleted or anonymised.

 

 

6. Recipients & International Transfers

  • Tax authorities: AEAT and, where applicable, the Provincial Tax Authorities of Álava, Bizkaia, and Gipuzkoa.
  • Shopify Inc. (Canada) as the e‑commerce platform provider used by the merchant.
  • EU‑based cloud providers (Microsoft Azure EU Region) hosting the Application.

No data will be shared with third parties except where legally required or strictly necessary for service provision. International transfers outside the EEA are covered by valid safeguards (e.g., EU Standard Contractual Clauses).

 

 

7. Data Subject Rights

You may exercise your rights of access, rectification, erasure, restriction, objection, and portability, or withdraw consent at any time by contacting hello@storelink.tech or writing to the Controller’s address. You also have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD).

 

 

8. Information Security

Comply implements appropriate technical and organisational measures, including TLS 1.3 encryption, XAdES/X.509 digital signatures, Azure Key Vault key management, and role‑based access controls, to ensure confidentiality, integrity, and availability of personal data.

 

 

9. Consent to the use of cookies

For our website to function properly we use cookies. To obtain your valid consent for the use and storage of cookies in the browser you use to access our website and to properly document this we use a consent management platform: CookieFirst. This technology is provided by Digital Data Solutions BV, Plantage Middenlaan 42a, 1018 DH, Amsterdam, The Netherlands. Website: https://cookiefirst.com referred to as CookieFirst.
When you access our website, a connection is established with CookieFirst’s server to give us the possibility to obtain valid consent from you to the use of certain cookies. CookieFirst then stores a cookie in your browser in order to be able to activate only those cookies to which you have consented and to properly document this. The data processed is stored until the predefined storage period expires or you request to delete the data. Certain mandatory legal storage periods may apply notwithstanding the aforementioned.
CookieFirst is used to obtain the legally required consent for the use of cookies. The legal basis for this is article 6(1)(c) of the General Data Protection Regulation (GDPR).
Data processing agreement
We have concluded a data processing agreement with CookieFirst. This is a contract required by data protection law, which ensures that data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.
Server log files
Our website and CookieFirst automatically collect and store information in so-called server log files, which your browser automatically transmits to us. The following data is collected:
-Your consent status or the withdrawal of consent
-Your anonymised IP address
-Information about your Browser
-Information about your Device
-The date and time you have visited our website
-The webpage url where you saved or updated your consent preferences
-The approximate location of the user that saved their consent preference
-A universally unique identifier (UUID) of the website visitor that clicked the cookie banner

 

 

10. Changes to This Policy

DAP Consulting may amend this Privacy Policy to reflect legal or functional changes. Merchants will be notified in the Shopify App Store or by e‑mail at least 10 days before the update becomes effective.

 

© 2025 Comply. All rights reserved.

Privacy Policy

Legal Notice

Cookies Policy

Help Center

Install App

Privacy Policy

1. Introduction & Scope

This Privacy Policy describes how Comply (the “Application”), owned and operated by DAP Consulting, S.L.(“DAP Consulting” or the “Controller”), collects, uses, stores, and protects personal data processed through the Application, our websites, and any related channels.

Regulatory Alignment – The Application has been engineered from the ground up to comply with the following Spanish anti‑fraud and invoicing framework:

  • Law 11/2021 of 9 July on measures to prevent and combat tax fraud ("Anti‑Fraud Law") – Art. 29.2 j) and Art. 201 bis of the Spanish General Tax Act 58/2003 (LGT).
  • Royal Decree 1007/2023 of 5 December approving the Technical Requirements for Invoicing Systems (RRSIF), including the definition of VERI*FACTU systems (Arts. 7‑16).
  • Ministerial Order HAC/1177/2024 of 17 October detailing the data structure, signature policies, QR format, and developer self‑declaration requirements.

These provisions demand software integrity, traceability, immutability, and—where applicable—real‑time communication with the Spanish Tax Agency (AEAT). Comply fulfils all mandatory requirements and already supports VERI*FACTU mode in anticipation of the 1 January 2026 deadline.

We also adhere to the EU General Data Protection Regulation (GDPR) and any other applicable data‑protection laws.

 

 

2. Data Controller

DAP Consulting, S.L.
CIF / VAT ID: B75568832Address: Av. Isabel de Farnesio 34, Local 7 BIS, 28660 Boadilla del Monte, Madrid, Spain
E‑mail: hello@storelink.tech

 

 

3. Categories of Data We Process

Merchant identification data: Legal name, VAT ID, postal address, store contact e‑mail (Provided by the merchant during onboarding)

 

Shopify POS transactional data: Order ID, items, amounts, taxes, payment method, returns (Synced in real time via Shopify API)

 

Fiscal metadata: Chained hash, serial number, QR, signed XML (Generated by Comply in line with Verifactu / TicketBAI)

 

Device data: App version, public IP, error logs (Collected automatically for support & security)

 

Note: The Application targets corporate users (companies and sole traders). It is not intended for individuals acting as consumers or for minors.

 

 

4. Purposes & Legal Bases (Art. 6 GDPR)

Real‑time fiscalisation: creation and submission of XML/QR to the AEAT or relevant regional tax authorities: Compliance with a legal obligation (Art. 6 (1) c) GDPR; Art. 29.2 j) LGT; RRSIF)

 

Service delivery: dashboard, customer support, updates: Contract performance (Art. 6 (1) b) GDPR)

 

Fraud prevention & security logging: Legitimate interest (Art. 6 (1) f) GDPR)

 

Product updates & relevant feature announcements (opt‑in): Consent (Art. 6 (1) a) GDPR)

 

 

5. Data Retention

Data are retained only for as long as necessary to:

  • safeguard the legal validity and audit trail of issued invoices;
  • comply with statutory limitation periods (up to 4 years under Art. 66 LGT);
  • handle potential claims or liabilities.

After these periods, data are securely deleted or anonymised.

 

 

6. Recipients & International Transfers

  • Tax authorities: AEAT and, where applicable, the Provincial Tax Authorities of Álava, Bizkaia, and Gipuzkoa.
  • Shopify Inc. (Canada) as the e‑commerce platform provider used by the merchant.
  • EU‑based cloud providers (Microsoft Azure EU Region) hosting the Application.

No data will be shared with third parties except where legally required or strictly necessary for service provision. International transfers outside the EEA are covered by valid safeguards (e.g., EU Standard Contractual Clauses).

 

 

7. Data Subject Rights

You may exercise your rights of access, rectification, erasure, restriction, objection, and portability, or withdraw consent at any time by contacting hello@storelink.tech or writing to the Controller’s address. You also have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD).

 

 

8. Information Security

Comply implements appropriate technical and organisational measures, including TLS 1.3 encryption, XAdES/X.509 digital signatures, Azure Key Vault key management, and role‑based access controls, to ensure confidentiality, integrity, and availability of personal data.

 

 

9. Consent to the use of cookies

For our website to function properly we use cookies. To obtain your valid consent for the use and storage of cookies in the browser you use to access our website and to properly document this we use a consent management platform: CookieFirst. This technology is provided by Digital Data Solutions BV, Plantage Middenlaan 42a, 1018 DH, Amsterdam, The Netherlands. Website: https://cookiefirst.com referred to as CookieFirst.

When you access our website, a connection is established with CookieFirst’s server to give us the possibility to obtain valid consent from you to the use of certain cookies. CookieFirst then stores a cookie in your browser in order to be able to activate only those cookies to which you have consented and to properly document this. The data processed is stored until the predefined storage period expires or you request to delete the data. Certain mandatory legal storage periods may apply notwithstanding the aforementioned.

CookieFirst is used to obtain the legally required consent for the use of cookies. The legal basis for this is article 6(1)(c) of the General Data Protection Regulation (GDPR).

Data processing agreement

We have concluded a data processing agreement with CookieFirst. This is a contract required by data protection law, which ensures that data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

Server log filesOur website and CookieFirst automatically collect and store information in so-called server log files, which your browser automatically transmits to us. The following data is collected:
-Your consent status or the withdrawal of consent
-Your anonymised IP address
-Information about your Browser
-Information about your Device
-The date and time you have visited our website
-The webpage url where you saved or updated your consent preferences
-The approximate location of the user that saved their consent preference
-A universally unique identifier (UUID) of the website visitor that clicked the cookie banner

 

 

10. Changes to This Policy

DAP Consulting may amend this Privacy Policy to reflect legal or functional changes. Merchants will be notified in the Shopify App Store or by e‑mail at least 10 days before the update becomes effective.

 

© 2025 Comply. All rights reserved.

Privacy Policy

Legal Notice

Cookies Policy

Help Center

Install App

Privacy Policy

1. Introduction & Scope

This Privacy Policy describes how Comply (the “Application”), owned and operated by DAP Consulting, S.L.(“DAP Consulting” or the “Controller”), collects, uses, stores, and protects personal data processed through the Application, our websites, and any related channels.

Regulatory Alignment – The Application has been engineered from the ground up to comply with the following Spanish anti‑fraud and invoicing framework:

  • Law 11/2021 of 9 July on measures to prevent and combat tax fraud ("Anti‑Fraud Law") – Art. 29.2 j) and Art. 201 bis of the Spanish General Tax Act 58/2003 (LGT).
  • Royal Decree 1007/2023 of 5 December approving the Technical Requirements for Invoicing Systems (RRSIF), including the definition of VERI*FACTU systems (Arts. 7‑16).
  • Ministerial Order HAC/1177/2024 of 17 October detailing the data structure, signature policies, QR format, and developer self‑declaration requirements.

These provisions demand software integrity, traceability, immutability, and—where applicable—real‑time communication with the Spanish Tax Agency (AEAT). Comply fulfils all mandatory requirements and already supports VERI*FACTU mode in anticipation of the 1 January 2026 deadline.

We also adhere to the EU General Data Protection Regulation (GDPR) and any other applicable data‑protection laws.

 

 

2. Data Controller

DAP Consulting, S.L.
CIF / VAT ID: B75568832Address: Av. Isabel de Farnesio 34, Local 7 BIS, 28660 Boadilla del Monte, Madrid, Spain
E‑mail: hello@storelink.tech

 

 

3. Categories of Data We Process

Merchant identification data: Legal name, VAT ID, postal address, store contact e‑mail (Provided by the merchant during onboarding)

 

Shopify POS transactional data: Order ID, items, amounts, taxes, payment method, returns (Synced in real time via Shopify API)

 

Fiscal metadata: Chained hash, serial number, QR, signed XML (Generated by Comply in line with Verifactu / TicketBAI)

 

Device data: App version, public IP, error logs (Collected automatically for support & security)

 

Note: The Application targets corporate users (companies and sole traders). It is not intended for individuals acting as consumers or for minors.

 

 

4. Purposes & Legal Bases (Art. 6 GDPR)

Real‑time fiscalisation: creation and submission of XML/QR to the AEAT or relevant regional tax authorities: Compliance with a legal obligation (Art. 6 (1) c) GDPR; Art. 29.2 j) LGT; RRSIF)

 

Service delivery: dashboard, customer support, updates: Contract performance (Art. 6 (1) b) GDPR)

 

Fraud prevention & security logging: Legitimate interest (Art. 6 (1) f) GDPR)

 

Product updates & relevant feature announcements (opt‑in): Consent (Art. 6 (1) a) GDPR)

 

 

5. Data Retention

Data are retained only for as long as necessary to:

  • safeguard the legal validity and audit trail of issued invoices;
  • comply with statutory limitation periods (up to 4 years under Art. 66 LGT);
  • handle potential claims or liabilities.

After these periods, data are securely deleted or anonymised.

 

 

6. Recipients & International Transfers

  • Tax authorities: AEAT and, where applicable, the Provincial Tax Authorities of Álava, Bizkaia, and Gipuzkoa.
  • Shopify Inc. (Canada) as the e‑commerce platform provider used by the merchant.
  • EU‑based cloud providers (Microsoft Azure EU Region) hosting the Application.

No data will be shared with third parties except where legally required or strictly necessary for service provision. International transfers outside the EEA are covered by valid safeguards (e.g., EU Standard Contractual Clauses).

 

 

7. Data Subject Rights

You may exercise your rights of access, rectification, erasure, restriction, objection, and portability, or withdraw consent at any time by contacting hello@storelink.tech or writing to the Controller’s address. You also have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD).

 

 

8. Information Security

Comply implements appropriate technical and organisational measures, including TLS 1.3 encryption, XAdES/X.509 digital signatures, Azure Key Vault key management, and role‑based access controls, to ensure confidentiality, integrity, and availability of personal data.

 

 

9. Consent to the use of cookies

For our website to function properly we use cookies. To obtain your valid consent for the use and storage of cookies in the browser you use to access our website and to properly document this we use a consent management platform: CookieFirst. This technology is provided by Digital Data Solutions BV, Plantage Middenlaan 42a, 1018 DH, Amsterdam, The Netherlands. Website: https://cookiefirst.com referred to as CookieFirst.

When you access our website, a connection is established with CookieFirst’s server to give us the possibility to obtain valid consent from you to the use of certain cookies. CookieFirst then stores a cookie in your browser in order to be able to activate only those cookies to which you have consented and to properly document this. The data processed is stored until the predefined storage period expires or you request to delete the data. Certain mandatory legal storage periods may apply notwithstanding the aforementioned.

CookieFirst is used to obtain the legally required consent for the use of cookies. The legal basis for this is article 6(1)(c) of the General Data Protection Regulation (GDPR).

Data processing agreement

We have concluded a data processing agreement with CookieFirst. This is a contract required by data protection law, which ensures that data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

Server log filesOur website and CookieFirst automatically collect and store information in so-called server log files, which your browser automatically transmits to us. The following data is collected:
-Your consent status or the withdrawal of consent
-Your anonymised IP address
-Information about your Browser
-Information about your Device
-The date and time you have visited our website
-The webpage url where you saved or updated your consent preferences
-The approximate location of the user that saved their consent preference
-A universally unique identifier (UUID) of the website visitor that clicked the cookie banner

 

 

10. Changes to This Policy

DAP Consulting may amend this Privacy Policy to reflect legal or functional changes. Merchants will be notified in the Shopify App Store or by e‑mail at least 10 days before the update becomes effective.

 

What is comply?

Features

How It Works

Benefits

Legal

Security

© 2025 Comply. All rights reserved.

Privacy Policy

Legal Notice

Cookies Policy