Privacy Policy

Last updated: 13 May 2025

Welcome to The Mycelium ("we", "our", or "us"). We value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use The Mycelium platform (the "Service").

1. Who We Are

Company / legal entity: The Mycelium
Registered address: Pla de Martis, Esponellà 17832, Girona, Spain
Contact email: privacy@themycelium.org
Data Protection Officer: Ela Shapira — ela@themycelium.org

Because we are established in Spain, our lead supervisory authority under the GDPR is the Agencia Española de Protección de Datos (AEPD).

2. What Personal Data We Collect

Category	Examples	Collected?
Account data	Name, email address, password	✔ Yes
Content you provide	Job and service seeks/offers you publish on the platform	✔ Yes
Device & usage data	Crash logs, basic diagnostics	✔ Yes
Contact details	Phone number, postal address	✖ No
Payment information	Card or wallet details	✖ No
Location data	GPS coordinates, coarse location	✖ No
Cookies & similar tech	Analytics / ad-tracking cookies	✖ No (only essential session cookies)
Third-party / social-login data	Social-login profile info	✖ No

We do not process any special-category data (e.g., health, biometrics).

3. How We Collect Data

You provide it directly when you create an account or publish job/service listings.
Automatically when your device sends crash logs or diagnostics while using the Service.

We do not obtain data from third parties.

4. Legal Bases for Processing (GDPR Art. 6)

Purpose	Legal basis	Details
Provide and maintain the Service	Performance of a contract (Art. 6 (1)(b))	Create an account, authenticate you, match job/service postings
Troubleshooting & security	Legitimate interests (Art. 6 (1)(f))	Detect and fix crashes, keep the Service secure
Compliance	Legal obligation (Art. 6 (1)(c))	Fulfil requests from competent authorities when legally required

We do not send marketing communications, so consent for marketing is not required.

5. How We Use Your Data

To create, authenticate, and manage user accounts.
To enable you to publish and search job and service offers.
To display your listings to other registered users.
To detect crashes and improve stability and performance.
To respond to enquiries or support requests.

We do not profile users or serve personalised ads.

6. Sharing & Disclosure of Data

Recipient type	Purpose	Safeguards
AWS Europe (Frankfurt)	Cloud hosting and storage	Data Processing Agreement + EU SCCs built-in
Law enforcement / regulators	Only if legally required	Case-by-case legal assessment

We never sell personal data and we do not share it with advertisers.

7. International Data Transfers

All data is stored exclusively in the AWS EU-Central (Frankfurt, Germany) region. We do not transfer personal data outside the EEA.

8. Data Retention

Data type	Retention rule
Account data & listings	Kept until you delete your account or request erasure
Crash logs	Up to 12 months, then permanently deleted

Back-ups are automatically purged within 30 days of deletion.

9. Security Measures

All traffic is encrypted in transit using TLS 1.2 or higher.
Data at rest is encrypted with AES-256.
Access to production systems is protected by multi-factor authentication and least-privilege roles.
Regular vulnerability scans and security patches.

10. Your Rights

Within the EU you have the right to:

Access the personal data we hold about you.
Rectify inaccurate or incomplete data.
Erase your data (“right to be forgotten”).
Restrict or object to our processing.
Data portability in machine-readable format.
Withdraw consent where consent is the legal basis (not currently applicable).
Lodge a complaint with the AEPD or your local supervisory authority.

To exercise your rights, email privacy@themycelium.org. We will respond within 30 days.

11. Children's Privacy

The Service is not intended for individuals under 18. We do not knowingly collect data from minors. If you believe a minor has provided data, please contact us to delete it.

12. Changes to This Privacy Policy

We may update this Policy from time to time. We will notify you of material changes by email at least 30 days before they take effect. The “Last updated” date at the top will always show the latest revision.

13. Contact Us

The Mycelium
Attn: Data Protection Officer
Pla de Martis, Esponellà 17832, Girona, Spain
Email: privacy@themycelium.org

This document is provided for informational purposes only and does not constitute legal advice. For questions specific to your circumstances, consult a qualified privacy professional.