Privacy Policy,,, and the iRULE apps are owned and managed by PrivacyCloud SL of Calle Ponzano 51, 28003, Madrid (Spain), which acts as Data Controller with regard to the processing of personal data. This privacy notice explains how we use any personal information we collect about you when you use this website and/or any of our mobile apps.

What information do we collect about you?

We collect information about you when you register with us or provide feedback through our contact forms. We do not use cookies as part of such data collection.

If you choose to register with us as an individual through the iRULE app, we will expressly ask you to share certain pieces of data, including: marital status, education, gender, date of birth, and country of residence. These data points can either originate in your own manual input or be imported from the profile that any third parties maintain about you (through the exercise of your portability rights under the European Union’s General Data Protection Regulation or “GDPR”).

While we do require a specific answer with regards to your age (date of birth) and country of residence to ensure that you are allowed to consent to the data processing that will follow, it is entirely up to you to add one these or any other data points to your own iRULE profile.

Your profile picture, should you choose to add it to your account, will be stored locally in your device. In no case will we incorporate it to our data processing activities.

If you choose to sign up for the Trusted Brands or iRULE Protocol programs on behalf of a business (acting as either an advertiser or a publisher, respectively), we will request an email address or phone number where you can be reached for further discussion.

If you use the forms provided by the or websites to suggest that a specific brand be included in the Trusted Brands program, you will be offered a choice to be notified whenever such business has joined the program. You will be asked for a contact email address if you have chosen to receive such notification.

How will we use the information about you?

a) Information that you add to your iRULE profile (as an individual)

The information in your iRULE profile will be used for three separate purposes:

  1. Login with iRULE. It allows us to provide a “personal data wallet” service that spares you the trouble of creating and maintaining multiple user accounts across a myriad of third-party services while ensuring full transparency and control over the amount of data accessed by such third parties.
  2. In-app promotions. It allows businesses participating in PrivacyCloud’s Trusted Brands program to define and publish special offers (“iRULE Offers”) on the basis of your own personal profile, provided that you have previously agreed to connect with each specific Trusted Brand. iRULE Offers do not require direct access to your personal details.
  3. Single point of access. It helps you, and the businesses you have connected with, consolidate all of the data that a specific Trusted Brand holds about you in a manner that is open, transparent, and easy to manage by both parties. This will be conditional to: a) your specific and granular consent with regards to the data points that Trusted Brands will be able to import into their own systems through the verification email provided for each of them; b) PrivacyCloud’s auditing of the manner in which each Trusted Brand has implemented its GDPR obligations, with particular attention to the availability of open protocols for the exercise of your data subject rights through self-service tools.

PrivacyCloud acts as a Data Controller for all purposes (as defined by article 4.7 of the GDPR). Insofar as they represent our primary value proposition to you, we rely on legitimate interest as a legal basis for purposes #1 (Login with iRULE) and #2 (In-app promotions). Both PrivacyCloud and any third parties participating in the Trusted Brands program rely on your unambiguous, specific consent as a legal basis for purpose #3 (Single point of access). As long as iRULE ceases to be the point of control and self-service for your data, Trusted Brands accessing your information as a consequence of purpose #3 (Single point of access) will act as independent Data Controllers.

Retention period

We will only keep your data for as long as it is necessary for the provision of the services being offered. Any data points stored in your iRULE account will be removed whenever they cease to be required as part of your identity management or the definition of iRULE Offers.

Closing your iRULE account will trigger a complete deletion of your data. Propagating such deletion through our servers will take up to 30 days.

b) Information that you facilitate as a business contact

We will only use your contact details to reach out to you and further explain the process involved in joining the Trusted Brands or iRULE Protocol programs. Should this lead to a successful commercial relationship, your contact details will be subject to a separate privacy policy (“Customer Relationship Management”) which will be shared with you at that point in time.

c) Contact details that you provide when submitting a form on or

We will use your email address to get back to you if and when the business you have suggested has joined the Trusted Brands program, as well as to notify you of any changes related to the manner in which such business is facilitating the exercise of your data subject rights.  

Automated decisions and profiling

PrivacyCloud does not rely on data-driven automated decisions or profiling.

Data sharing and international transfers

We will only share your personal data with a particular Trusted Brand whenever:

  1. You have accepted such Trusted Brand as a connection (via the iRULE app), specifically consenting to the processing of one or more data points by such Trusted Brand; AND
  2. PrivacyCloud’s has completed an audit of the manner in which each Trusted Brand has implemented its GDPR obligations, with particular attention to the availability of open protocols for the exercise of your data subject rights through self-service tools.

Neither PrivacyCloud nor any business participating in our Trusted Brands program will transfer your data to any countries outside the EEA that have not been identified by the European Commission as providing an adequate level of protection for your privacy.

Access to your information, correction, and portability

The iRULE app grants you full control over your data and the manner in which it is used. You will be able to access and edit the specific data points that each Trusted Brand can use about you at any given time. You will also be able to remove a particular Trusted Brand entirely.

Additionally, you may also exercise your individual rights vis-à-vis PrivacyCloud through a specific section provided in the iRULE app. A self-service solution has been provided with regards to your rights of access, rectification, erasure, and data portability.


We use Cloudflare cookies for the sole purpose of carrying out the transmission, caching, and optimization of our content over the network. This service may place a cookie in your browser to help it provide its services.


We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information we collect from you.

Data Protection Officer

Our Data Protection Officer (“DPO”) is D. Ignacio Menéndez-Manjón Tartiere, who can be reached at [email protected].

In accordance with Article 38 of the GDPR, you may contact our DPO if you find any difficulties in the exercise of your rights. This may include any issues regarding our self-service tools, or your preference for a direct exchange through other means of communication.

Complaining to a supervisory authority

If you feel we have not dealt with your concern and that we are failing to properly protect your personal data or meet our legal obligations, you can report this to your local data protection regulator or Spain’s Data Protection Agency (“AEPD”). More information on reporting a concern to the AEPD can be found at

Changes to our privacy notice

We will do our best to maintain this privacy notice up to date through a monthly review.


PrivacyCloud, SL Ponzano 51, 28003 Madrid, Spain · Privacy policy