Pluria Privacy Policy

Last Updated: June 16, 2026

1. Introduction

Welcome to Pluria. This Privacy Policy explains how Pluria International Inc. (“Pluria,” “we,” “us,” or “our”) collects, uses, processes, and protects your Personal Data when you use our services, including our mobile app and website. We are committed to safeguarding your privacy and the security of your information.

This Policy applies to all Users of our services, including employees of our Clients, account administrators designated as company representatives by Clients, and website visitors. By using our services, you acknowledge that you have read and understood this Privacy Policy.

This Privacy Policy outlines the types of Personal Data we collect, how we use and share it, and our practices for storing, protecting, and deleting it. It covers data collected through the Pluria app, website, email, WhatsApp, text messages, and other electronic communications sent via or in connection with our services.

Please note, this Policy does not apply to information collected by third parties—including service providers, business partners, or systems embedded in our platform. We recommend reviewing the privacy policies of such third parties before sharing your Personal Data with them.

Unless otherwise defined in this Privacy Policy, the terms used in capital letters shall have the meaning assigned to them under the TERMS OF SERVICE of the Pluria Platform (“Terms of Service ”).

2. Data Controller

The legal entity responsible for the collection, use, and processing of your Personal Data is:

Company Name: Pluria International Inc.

Address: 838 Walker Rd Suite 21-2, Dover, DE 19904, United States

Privacy Contact Email: [email protected]

3. Key Definitions

Personal Data: Any information relating to an identified or identifiable natural person.

Data Subject: The natural person to whom the Personal Data relates.

Processing: Any operation performed on Personal Data, such as collection, storage, use, circulation, or deletion.

Authorization: The prior, express, and informed consent of the Data Subject to carry out the Processing of their Personal Data.

Data Controller: The natural or legal person who decides on the database and/or the Processing of the data.

Data Processor: The natural or legal person who processes Personal Data on behalf of the Data Controller.

4. Scope of Application

For the purposes of this Policy, Pluria acts as the Data Controller for Personal Data collected from Users and visitors in connection with the use and access of its website, application and related domains. Additionally, Pluria is responsible for processing Personal Data for all applicable purposes described in this Privacy Policy.

This Privacy Policy applies to the Personal Data of the following individuals:

Individuals who visit or interact with our Website, without necessarily maintaining a contractual relationship with Pluria;

Clients who use our Services, as well as their representatives, designated points of contact, ultimate beneficial owners, controlling persons, or any individual acting on behalf of a Client;

Service providers, including their representatives, points of contact, ultimate beneficial owners, controlling persons, or individuals acting on their behalf, who access the Pluria Website or Pluria Platform;

Candidates applying for employment opportunities with Pluria;

Business partners, their representatives, or individuals acting on their behalf;

Individuals receiving marketing communications from Pluria;

Individuals who engage with us through event registration, participation in trade shows, webinars, or conferences, or through any other form of communication, whether via email, social media, WhatsApp, phone, in person, or other electronic means.

All entities and individuals who, by virtue of a written agreement, are required to accept this Privacy Policy.

Please review this Privacy Policy carefully to understand how Pluria collects, uses, and protects your Personal Data. If you do not agree with our policies and practices, you should refrain from using our Website, App, Platform, and Services. By accessing, downloading, registering with, and/or using our systems or services, you expressly consent to the processing of your Personal Data as described herein.

5. Personal Data We May Collect

Pluria collects and manages data necessary to provide and improve our services. This may include, when necessary:

Identity Data: Full name, identification information and photograph.

Contact Data: Personal and corporate email address, and landline and mobile phone numbers.

Professional Data: The company you work for and your job title or position.

Platform Usage Data: Information about the bookings you make (workspace location, date, and time), check-in and check-out history, Flexible Points consumption, and usage preferences.

Technical Data: IP address, device type, operating system, browser information, app version, and other technical information generated when you interact with our Website or Application. This may include approximate country or city-level location, obtained from your IP address for limited application functionality.

6. Categories of Processed Data, Legal Bases, and Recipients

Pluria processes Personal Data in accordance with GDPR standards and all extant regulations in the jurisdictions in which it operates. The processing activities below are carried out either for the performance of a contract, to comply with legal obligations, on the basis of legitimate interests, or with the data subject’s consent, where required.

Below is a summary of the categories of data processed, the corresponding legal bases, and the third parties or processors with whom such data may be shared:

Account Registration

Data processed: Work email address, mobile phone number, first and last name, company name (Client), and User ID.

Recipients: Freshworks Inc., acting as data processor under a Data Processing Agreement (DPA); data stored in the EU. Freshworks Inc. (EU-stored CRM records). HubSpot (CRM and onboarding pipeline management – US/Germany)

User Authentication (Login)

Data processed: Work email address and User ID.

Recipients: Mailchimp (The Rocket Science Group LLC) – bound by SCCs and DPA; no sale or trading of User data. Google Inc. (Firebase Authentication), for login-related push tokens and dynamic links (Global)

Log and Device Data (automatically collected)

Data processed: Device type, IP address, access timestamp, HTTP response, request metadata, app version.

Recipients: Internal Pluria systems only, unless otherwise specified. Posthog – analytics logs (EU) Google Firebase – mobile telemetry and push delivery (Global)

Customer Queries and Service Use

Data processed: Name, email, company name, details of User inquiries, reviews, space bookings or cancellations.

Recipients: Pluria internal support teams. Railway (hosting and storage provider for service-related data). HubSpot (customer support ticketing/CRM).

Location Data

Data processed: GPS coordinates (not stored), collected via Google/Apple Maps with express User consent.

Recipients: None (data is not stored on Pluria servers).

IP-Based Approximate Geolocation for Default City Suggestions

Data processed: IP address, used transiently, with the purpose of inferring an approximate country or city-level location, and the resulting suggested default Pluria city or general location.

Recipients: Internal Pluria systems only. This functionality relies on a locally hosted IP geolocation database provided by MaxMind. Pluria does not make external API calls to MaxMind, and does not transmit the user’s IP address for this purpose.

Retention: The IP address is not stored by Pluria for this specific purpose. Any technical logs that may also contain IP addresses are handled in accordance with the retention periods and purposes described in this Privacy Policy. Users may object to this processing at any time, pursuant to the “Data Subject Rights” section of this Privacy Policy.

Check-in / Check-out Information

Data processed: Location data and timestamps.

Recipients: The User’s employer (Client) for invoicing purposes. Space Providers for access and service delivery. Railway (hosting of transactional logs).

Marketing Communications

Data processed: Name, email, phone number, company, User ID.

Recipients: Processors including Whatsapp Business and MoEngage, Inc, all bound by appropriate DPAs and privacy safeguards.

Legal and Regulatory Compliance

Data processed: Name, email, phone number, booking details.

Recipients: Relevant authorities as mandated by law.

Audits and Business Analytics

Data processed: Name, contact details, usage data.

Recipients: Authorized auditors and regulators. Tableau (business intelligence dashboards — US/Germany)

Legal Claims and Rights Protection

Data processed: Contact details, account activity, booking records.

Courts, arbitrators, or competent legal authorities.

Technical and Performance Analytics

Data processed: Device type, OS, IP, usage logs, error reports.

Recipients: Authorized third parties, such as Posthog, Google Analytics, Hubspot, Facebook Analytics, Sentry, and Hosting and CDN providers listed in Subsection L. MoEngage, Inc. — Analytics platform used to understand user behavior, track engagement, and optimize user journeys for marketing and product improvement.

Hosting & Infrastructure Providers

Data processed: Any data stored, transmitted, or processed through Pluria’s cloud systems, including registration data, technical data, logs, performance data, booking information, and metadata.

Recipients: Railway (hosting infrastructure); Cloudflare, Inc. (security & CDN services).

Optional Messaging Integrations (OPT-IN ONLY)

Data processed: Name, phone number, message content, and associated communication metadata — only if the Client enables the WhatsApp Business integration. Recipients: Meta Platforms, Inc. (United States) — solely for the purpose of connecting the Client’s WhatsApp Business account to the conversation inbox.

Important: Activation of this integration is entirely optional. If the Client does not install or activate the WhatsApp/Meta integration, no Customer Data is shared with Meta Platforms, Inc.

N. Payments and Billing

Data processed: Payment card details (tokenized), billing address, transaction identifiers, purchase history, subscription details, and related metadata necessary to process payments. Recipients: Stripe, Inc. (United States) – Payment processor used to support self-serviced payments. Stripe processes payment information securely on Pluria’s behalf and in accordance with applicable PCI-DSS standards.

For further information regarding Railway services, visit: https://railway.com/legal/dpa 

For further information regarding Cloudflare services, visit: https://www.cloudflare.com/network

For further information regarding Google services, visit: https://firebase.google.com/terms/data-processing-terms

For further information regarding Hubspot services, visit: https://legal.hubspot.com/dpa

7. How We Use Personal Data

The collection and processing of your Personal Data enables Pluria to provide services that are responsive, secure, and tailored to your needs. We may use your Personal Data for the following purposes:

Service Delivery and Business Operations

We process your Personal Data to manage our relationship with you and deliver our services. This includes, but is not limited to:

Entering into and performing contractual agreements;

Responding to your inquiries and fulfilling your requests;

Sending administrative or operational information (e.g., updates regarding the services);

Managing customized contracts and, where applicable, services such as international access to workspaces;

Conducting quality control and User satisfaction initiatives.

Legal basis: This processing is necessary for the performance of a contract or to take steps at your request before entering into a contract.

Communications and Marketing (With Consent)

If you have provided your consent, we may use your Personal Data to:

Communicate with you about products, services, promotions, and events;

Invite you to participate in User surveys, campaigns, or promotional activities;

Analyze your feedback to improve our services.

You can withdraw your consent to marketing communications at any time.

Security and Fraud Prevention

We process Personal Data to help ensure the security of our services, including:

Protecting Pluria, its Users, partners, employees, and service providers;

Detecting and preventing fraud or other suspicious activity;

Analyzing IP addresses and transaction history to assess potential risks or respond to legal inquiries.

Where necessary, relevant data may be shared with clients, partners, or public authorities.

Website and Platform Optimization

We use Personal Data to operate, maintain, and improve our digital platforms, including:

Managing the Website and App functionality;

Understanding how Users interact with our services;

Ensuring content is presented effectively across different devices.

This is done based on our legitimate interest in optimizing User experience and system performance.

Legal and Regulatory Compliance

We may process Personal Data as required to:

Fulfill legal obligations, including compliance with financial, tax, labor, and anti-fraud regulations;

Conduct background checks where necessary (e.g., KYC procedures);

Respond to requests from regulatory authorities or law enforcement;

Enforce our Terms of Service and protect our legal rights and interests.

Aggregated and Anonymized Data for Business Intelligence

We may anonymize or aggregate Personal Data so that it no longer identifies individuals. Such data may be used for:

Internal reporting, analytics, and research;

Market research and statistical analysis;

Sharing with existing or potential clients, business partners, affiliates, and service providers for legitimate commercial purposes.

Marketing and Event-Related Communications

Subject to applicable laws and consent requirements, we may use your Personal Data to:

Inform you about new services, features, or promotions;

Invite you to participate in events, webinars, or User engagement initiatives;

Improve the efficiency of our marketing strategies and communications.

This processing may rely on your consent, our legitimate interest in promoting our services, or the need to fulfill our contractual obligations.

Partnerships and Perks

Pluria may collaborate with third parties to offer value-added services or perks. In such cases, we may share relevant Personal Data—including contact details, transaction history, and other identifying information—with trusted partners to facilitate access to these offerings. Such sharing will occur only where appropriate safeguards are in place.

Other Uses Based on Your Consent

We may use your Personal Data for other purposes, but only where you have explicitly provided consent for such use. You may withdraw your consent at any time, without affecting the lawfulness of processing prior to withdrawal.

8. Account Setup and User Identification

Your account on the Pluria User App is created based on Pluria’s direct contractual relationship with your employer or contracting entity.. Under this agreement, Pluria receives your work email—and indirectly, your name and surname—via a secure, encrypted connection, enabling us to set up your User account.

After downloading the app, you will receive a verification code at your work email. Entering this code is required to activate your account; without it, access will be denied. A new code is sent each time you log in. These emails may be sent by a third-party processor under contract with Pluria and in full compliance with data protection laws.

Once your profile is completed in the "My Account" section, your Personal Data (e.g., name, phone number) remains unchanged unless you update it. Only the Client, as the holder of the email domain, may request changes to your email address. Account termination is subject to the Pluria User App Terms and Conditions.

10. User Reviews and Communications Submitted via the Pluria Application

Your feedback—such as reviews and ratings of workspaces—is valuable to our Partner network. If Pluria intends to share a review or rating that personally identifies you, we will do so only after obtaining your explicit consent. In all other cases, anonymized or aggregated reviews that do not allow for your identification may be shared with our Partners without requiring prior consent.

In certain instances, it may be necessary to share the content (or excerpts) of your requests with our Partners (e.g., the Spaces) in order to address or fulfill your inquiry. In such cases, the information will be anonymized in advance to prevent any possibility of personal identification. Should it become necessary to share identifiable Personal Data with a Partner, we will notify you in advance and seek your explicit consent prior to doing so.

11. Location-Based Functionalities of the Pluria User App

IP-Based Approximate Location for Default City Suggestions

When a User opens the Pluria Application, Pluria may use the User’s IP address to infer an approximate country or city-level location for the limited purpose of suggesting a default Pluria city within the Application. This functionality is designed to improve the User experience by aiding Users in finding relevant nearby spaces without having to actively share their precise location.

This IP-based functionality only allows Pluria to access an approximate location. Pluria cannot access the Users’ precise location. It is based solely on the User’s IP address and does not involve GPS, Bluetooth, Wi-Fi triangulation, or other device-based precise location technologies. The IP address is not stored by Pluria for this specific purpose..

This functionality is not used to track Users’ movements, monitor their behavior across locations, or create any location profiles. It also does not track the Users’ location over time. The suggested default city is used only to help display relevant Pluria spaces and may be changed or overridden by the User within the Application.

This functionality does not replace device-based location permissions. Users may choose to share their precise locations with Pluria, where so required for specific features in the Pluria Application. Such precise location sharings is subject to the permissions, disclosures and consent requirements contained in this Section of Pluria’s Privacy Policy.

The legal basis for this functionality derives from Pluria’s legitimate interest in improving the usability of the Pluria Application. All processing remains limited, proportionate and does not override the Users’ rights and freedoms under the pertinent regulations. Whenever the applicable law requires consent for this type of processing, Pluria will duly obtain such consent.

For the purpose of incorporating this functionality, Pluria utilizes a locally hosted IP geolocation database. Such database is provided and owned by MaxMind. Pluria does not make external API calls to MaxMind for this purpose and does not transmit IP addresses to MaxMind in connection with this functionality.

This functionality does not involve the use of cookies, fingerprinting or similar technologies for accessing information contained in the Users’ device.

Activation and Functionality

Certain features of the Pluria User App rely on the device’s geolocation capabilities. To enable these functionalities, Users must manually activate the GPS/location services on their device and ensure it is connected to a mobile network. These features are only accessible when geolocation permissions have been granted by the User.

Limited and Purpose-Specific Access

The Pluria App has been specifically designed and implemented to restrict its access to the device's location sensor to the absolute minimum, and solely when such access is essential for the proper functioning of the application, namely, to enable location-based features requested by the User (for example, checking into a Space). Location access is never continuous or automatic. Instead, the App will prompt the User via a standard permission request to grant access to location data, which is required only for clearly defined and functional purposes. Pluria does not monitor or track location data outside of these User-initiated interactions.

User Control and Device Settings

Users retain full control over location settings at all times. If location-based services are not required, Users are encouraged to disable location sharing through their device settings. This practice not only limits unnecessary data sharing but also helps reduce potential security or privacy risks associated with other third-party applications or websites that may access location data.

Nature of Location Data Collected

The location information used by the App is generated via GPS and device-based sensors, independently of telecommunications providers. This data is not classified as electronic communication metadata, and its processing falls outside the scope of sector-specific communications legislation.

Data Handling and Responsibility

Location data collected through the App may be processed in combination with device-specific identifiers, and as such, it may qualify as Personal Data under applicable privacy standards. Pluria is responsible for the processing of this data when it results from the use of its App. As part of our commitment to data minimization and privacy-conscious design, the App does not collect location data by default, nor does it activate geolocation features without prior User action.

Consent-Based Collection via Trusted Services

Location data is collected only after the User has explicitly granted permission, and the App relies on third-party mapping and geolocation tools—such as Google Maps and Apple Maps—to retrieve location coordinates. The collection process begins only after this explicit User consent is provided.

Third-Party Responsibility

Pluria is not responsible for any location data processed independent\\\\\\\\\\\ly by external service providers, including geolocation infrastructure operators (e.g., Google or Apple) or device operating system providers. These entities may process location information in accordance with their own privacy policies and under their own legal responsibility.

12. Affiliated Entities

Pluria may share Personal Data with its affiliated companies for operational and service-related purposes. This may include:

Supporting affiliated entities in delivering services on behalf of Pluria;

Coordinating shared resources or activities;

Engaging in direct marketing initiatives, where legally permitted.

Any such sharing is subject to applicable local laws and appropriate safeguards. For example, Personal Data related to customers, service providers, partners, representatives, prospective employees, or website visitors may be shared among affiliates as described in this Privacy Policy and relevant data protection terms.

13. Fraud Prevention and Protection of Legal Rights

We may disclose Personal Data to regulatory, judicial, or law enforcement authorities, or to our legal, financial, and cybersecurity advisors or investigators, in the following circumstances:

When we believe it is necessary to investigate, prevent, or respond to suspected illegal activity, fraud, abuse of our Platform or Services, or security threats (e.g., unauthorized access, denial-of-service attacks, spamming);

To protect the rights, property, or safety of Pluria, its affiliates, customers, service providers, employees, and partners;

To enforce our Terms of Service, Privacy Policy, or comply with applicable laws;

To pursue available legal remedies or mitigate potential damages;

To support litigation or other legal claims and defenses.

Where appropriate, we may share relevant Personal Data with trusted partners or authorities to support these objectives.

14. Data Subject Rights

As the Data Subject, you have the following rights regarding your Personal Data:

Right to Access, Update, and Rectify: You have the right to access your Personal Data and request the correction or update of any partial, inaccurate, incomplete, or misleading information.

Right to Request Proof of Authorization: You may request proof of the consent you granted for the processing of your data.

Right to Be Informed: You have the right to be informed about the use of your Personal Data.

Right to Lodge a Complaint: You may file complaints with the relevant data protection authority for violations of the law.

Right to Deletion (Right to be Forgotten): You may request the deletion of your Personal Data when you consider that it is not being processed in accordance with the law, or when the data is no longer necessary for the purpose for which it was collected, provided there is no legal or contractual duty to retain it.

Right to Revoke Authorization: You may revoke your consent for the processing of your data at any time, as long as it is not prevented by a legal or contractual provision.

Right to Free Access: You have the right to access your Personal Data that has been processed, free of charge.

Right to Data Portability: In certain circumstances, you have the right to receive the Personal Data you have provided to Pluria in a structured, commonly used, and machine-readable format.

Right Not to Be Subject to Automated Decision-Making: Pluria does not make decisions based solely on automated processing—including profiling—that produce legal effects or similarly significant impacts on you.

Right to Lodge a Complaint with a Supervisory Authority: If you believe that the processing of your Personal Data by Pluria is not in compliance with applicable data protection laws, you have the right to lodge a complaint with the competent supervisory authority.

Right to Rectification:

If you believe that any of the Personal Data we hold about you is incorrect, incomplete, or inaccurate, you have the right to request that it be corrected. To do so, please contact us at: [email protected].

Right to Object to Direct Marketing:

You have the right to object at any time to receiving direct marketing communications from us. You may unsubscribe by adjusting your preferences through the Pluria Application.

Right to Object to Processing Based on Legitimate Interests

Whenever Pluria processes any Personal Data based on its legitimate interests, including limited processing of IP addresses when making approximate default city suggestions, you have the right to object to such processing at any time. If you object, Pluria will stop processing the required Personal Data, unless it is required to do otherwise by law or relevant authorities.

To exercise this right, please contact us at [email protected].

Right to Deletion:

You have the right to request the deletion of your Personal Data in any of the following circumstances:

(a) The data is no longer necessary for the purposes for which it was collected or processed;

(b) You withdraw your consent (where the processing is based on consent), and there is no other legal basis for continuing the processing;

(c) You object to the processing based on our legitimate interest, and we cannot demonstrate that our interest overrides your rights, freedoms, or interests;

(d) The data has been processed unlawfully;

(e) Deletion is required to comply with a legal obligation.

Please note that the right to erasure is not absolute. Your request may be denied if:

(a) We are legally required to retain the data; or

(b) The data is necessary for the establishment, exercise, or defense of legal claims.

Additionally, in certain cases, the ability to delete Personal Data may be managed by the Client, who acts as Pluria’s contractual counterpart and facilitates your access to the Pluria Platform and User App, as described in this Privacy Policy and the Pluria Terms & Conditions.

To request the deletion of your Personal Data, please contact us at: [email protected].

Right to Restrict Processing

You have the right to request the restriction of the processing of your Personal Data in the following situations:

(a) You contest the accuracy of the Personal Data, and processing is restricted while we verify its accuracy;

(b) The processing is unlawful, but you prefer restriction of use instead of deletion;

(c) We no longer need the Personal Data for processing purposes, but you require it for the establishment, exercise, or defense of legal claims;

(d) You have objected to processing based on our legitimate interests, and processing is restricted while we assess whether our grounds override your rights and interests.

To exercise this right, please contact us by email at [email protected].

Right to Data Portability

If your Personal Data is processed based on your consent or in connection with a contract, you have the right to request that your data be transferred:

(a) Directly to you; or

(b) To another data controller of your choosing.

This right applies only to Personal Data that you have provided to us directly and actively. It does not apply to data that Pluria has generated or inferred independently.

To exercise this right, please send your request to [email protected].

Right to Lodge a Complaint with a Supervisory Authority:

If you believe that Pluria’s handling of your Personal Data does not comply with applicable data protection laws, you have the right to lodge a complaint with the relevant supervisory authority.

Before doing so, we kindly invite you to contact us first at [email protected], allowing us the opportunity to address your concerns and resolve any issues promptly.

15. Procedure for Exercising Your Rights

You may exercise your rights at any time and free of charge through the email account outlined in the previous section.

All requests must contain, at a minimum, the following information:

Full name and identification number of the Data Subject.

A clear and precise description of the Personal Data and the right you wish to exercise.

Contact information to receive notifications (address and/or email).

Documents proving identity or representation, if applicable.

16. Data Transfers

Third-Party Service Providers

We may share your Personal Data with carefully selected third-party service providers who assist in delivering functionalities or services related to the Pluria User App and Platform. These providers act on our behalf and process Personal Data strictly for the purposes described in Section 4 above. All such third parties are subject to rigorous due diligence and are required to adhere to robust data protection standards, including through the execution of data processing agreements in accordance with Article 28 of the GDPR and/or all other applicable regulations.

Corporate Restructuring and Legal Audits

In the event of a business reorganization, merger, acquisition, or similar corporate transaction, your Personal Data may be disclosed to relevant third parties involved in such processes (including legal, financial, and technical advisors or auditors). In these cases, we ensure that such parties are bound by confidentiality obligations and are required to implement appropriate security measures. Access to Personal Data will be strictly limited to what is necessary for the purpose of the review or transaction.

International Data Transfers

At present, Pluria aims to store and process your Personal Data within the territory of the European Union. However, in cases where it becomes necessary to transfer Personal Data to partners, service providers, or subcontractors located outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place. These safeguards may include standard contractual clauses (SCCs) approved by the European Commission or other lawful mechanisms that ensure an adequate level of protection. If the recipient is located in a jurisdiction that does not provide an equivalent level of data protection, we will require the recipient to enter into a binding agreement that reflects the principles and protections consistent with EU data protection standards.

17. Data Retention

We retain the Personal Data we collect and process only for as long as there is a legitimate business need or as necessary to fulfill the purposes described in this Privacy Policy, including compliance with legal obligations and requests from regulatory or law enforcement authorities.

Personal data may be retained to meet statutory requirements, such as those related to tax, legal, or accounting obligations.

Once we no longer have a valid reason to retain your Personal Data—such as when our interactions have concluded, internal recordkeeping policies no longer require it, and there are no outstanding legal or regulatory obligations—we will securely delete or anonymize the data, in accordance with our data retention and disposal policies and subject to reasonable operational constraints.

IP-Based Approximate Geolocation

Pluria may access a User’s IP address to infer an approximate country or city-level location for the purpose of suggesting a default Pluria city. In such cases, the IP address is not stored by Pluria for this specific purpose. This, however, does not affect the retention of technical logs that may contain IP addresses for matters of security, fraud prevention or system performance. Such technical logs are retained only for as long as required to comply with the purposes set forth in this Privacy Policy.

User-Initiated Data Deletion

As a User, you have the right to request the deletion of your Personal Data at any time.

Because your account is created as a result of a direct contractual relationship between Pluria and your employer or contracting entity (the "Client"), the deletion process is as follows:

You may submit a deletion request by contacting us at [email protected].

Upon receiving your request, Pluria will notify the Client to coordinate the request, as the deletion of your data will affect the services provided under their corporate agreement. This coordination is for administrative purposes and does not affect your fundamental right to have your Personal Data erased.

Following this coordination, we will proceed with the deletion of your Personal Data, unless we are required to retain it under applicable law or for the establishment, exercise, or defense of legal claims.

Please note that the deletion of your essential Personal Data will result in the permanent and irreversible deletion of your User account and will prevent you from accessing Pluria's services. Once an account is deleted, it cannot be restored.

Deletion Initiated by the Client

The Client (your employer) may also formally request the deletion of your account in accordance with the terms of their agreement with Pluria. In such cases, your User data will be deleted or anonymized.

Automatic Deactivation Due to Inactivity

User accounts that remain inactive for a period of twelve (12) consecutive months will be automatically deactivated. The associated Personal Data will be deleted or anonymized, meaning the data can no longer be linked to an identifiable individual, unless Pluria is required to retain it under applicable law or based on legitimate interests. Users will receive advance notice prior to account deactivation.

Data Processed with Consent

Any Personal Data that is processed based on your prior consent will be used exclusively for the purposes for which consent was granted. Such data will be retained only until you withdraw your consent, unless legal, regulatory, or investigatory obligations require us to retain it for a longer period, or where it is necessary to defend Pluria’s rights.

Anonymized and Aggregated Data

Pluria may retain certain information—including check-in/check-out data, booking records, and User IDs—in anonymized or aggregated form. This data is used for internal business and analytical purposes only and does not enable the identification of individual Users.

18. Security Measures and Confidentiality

Pluria adopts the necessary technical, human, and administrative measures to guarantee the security and confidentiality of your data and to prevent its alteration, loss, and unauthorized consultation, use, or access. All Personal Data you provide to Pluria will be managed confidentially and with the appropriate constitutional and legal guarantees.

19. Our Role as Data Controller and Data Processor

Pluria as a Data Processor

For the core services we provide to you as a User of our platform, your employer or the company that gives you access to our services (our "Client") is the Data Controller.

In this scenario, your employer determines the fundamental purpose of the data processing: to provide you with access to our network of flexible workspaces as a work-related benefit. To achieve this, your employer provides us with your essential data (such as your work email address) to create and manage your User account.

In this capacity, Pluria acts as a Data Processor. We process your Personal Data only on behalf of and in accordance with the documented instructions of your employer. Our relationship and data processing obligations are governed by a formal Data Processing Agreement (DPA) established between Pluria and the Client, ensuring that your data is handled securely and in compliance with applicable laws.

Pluria as a Data Controller

Pluria acts as a Data Controller for the Personal Data it collects and processes for its own purposes. This occurs in the following situations:

When you visit our public website (www.pluria.co), we collect your data for analytics, website functionality, or our own direct marketing purposes.

When we collect and process Personal Data from representatives of our prospective or existing Clients and Partners for the purposes of managing our business relationships and for sales and marketing outreach.

When we process the Personal Data of candidates applying for employment opportunities directly with Pluria.

When we generate and use anonymized or aggregated data for our own business intelligence, analytics, and service improvement.

In all scenarios, Pluria is committed to protecting your Personal Data and ensuring your rights are respected in accordance with this Privacy Policy and all applicable regulations.

Delegation of Data Processing Tasks

In all cases, we reserve the right to delegate certain processing tasks to a third party, always requiring them to implement suitable policies and procedures for the protection and confidentiality of Personal Data in accordance with applicable regulations.

20. Cookies and Other Web Technologies

Pluria uses cookies and similar tracking technologies across its Website, Application, and Platform to enhance functionality, improve User experience, and support analytics and marketing initiatives.

What Are Cookies and What Do We Collect?

Cookies are small text files stored on your device that collect data about your interactions with our digital services. The information we collect through cookies may include, but is not limited to, your login credentials, time zone, browser settings, and browsing behavior.

Why We Use Cookies

We use cookies for a variety of purposes, including:

Enhancing your browsing experience and ensuring smoother navigation;

Collecting anonymized, aggregated statistics about usage of our Website, Application, and Platform;

Analyzing navigation patterns and search behavior to improve our services and promotional efforts;

Displaying personalized content, promotions, banners, and advertisements tailored to your interests;

Ensuring the security and integrity of our systems;

Customizing content and presentation based on User preferences and activity;

Supporting the delivery and optimization of third-party advertisements where applicable.

Managing Your Cookie Preferences

By default, your browser may be set to accept cookies. You can change your cookie settings at any time by:

Adjusting the preferences in your browser settings to block or delete cookies;

Using the cookie banner that appears upon your first visit to our Website or Platform, where you can manage or withdraw your consent at any time by clicking the button in the bottom left corner of the page.

Please note that disabling or blocking certain types of cookies may impact the functionality of our services—for example, it may prevent you from logging in or using some features of the Pluria Platform.

We use non-essential cookies (including analytics, personalization, and advertising cookies) only after obtaining your explicit consent. When you first access our Website or App, a cookie banner will appear, allowing you to accept, reject, or customize your cookie preferences. You may update these preferences at any time through the cookie banner or by adjusting your browser settings.

Use of Analytics Tools

We use analytics technologies to better understand how Users interact with our Website and Platform. These tools collect anonymous data to help us analyze usage patterns, improve functionality, and optimize User experience. The information generated by these cookies may be transmitted to and stored by third-party analytics providers.

IP-Based Approximate Geolocation and Cookies

Pluria’s IP-based approximate geolocation functionality for suggesting a default city does not rely on cookies or similar tracking technologies. Such functionality is implemented solely through the IP address automatically transmitted when the User connects to the Pluria Application and through a locally hosted geolocation database. If Pluria implements this or similar functionalities through cookies, local storage, SDK identifiers, device identifiers, tracking pixels, device fingerprinting, or similar technologies, Pluria will update this section and its consent-management tools as required by applicable law.

21. GeoLite Data Attribution

This product includes GeoLite Data created by MaxMind, available from https://www.maxmind.com

22. Contact and Updates

If you have any questions or concerns regarding the processing of your Personal Data, you may contact our Data Privacy Officer at [email protected].

We may update this Privacy Policy periodically to reflect changes in our practices or applicable legal requirements. The most current version of the Privacy Policy will always be available on our website at www.pluria.co and in the respective app stores. If material changes are made that affect the way we process your Personal Data, we will notify you accordingly. Continued use of the Website, App, or Platform after such updates constitutes acceptance of the revised terms.

You may also request a copy of the current Privacy Policy by contacting us at [email protected].