Legal

Privacy

Mossen is a private beta service operated by Anthony van Wijngaarden in Marbella, Spain. This policy explains what data we collect, why, and how you can exercise your rights under GDPR.

What we process

As a business client: your name, email, phone, and billing details. As an end customer of a business using Mossen: the data that business enters (name, phone, email, service history, notes).

Why

To provide the service: store customers, send messages the business schedules, and give you analytics tools. We don't sell data to third parties. We don't send marketing to end customers without explicit consent (opt-in checkbox on the capture form).

If you received a cold email from me

If I emailed you at your business's public email address (salon, café, barbershop, clinic, restaurant, etc.), GDPR requires me to tell you the following:

  • What data I hold: the business name, public address, public phone, website, and the contact email shown on your site or Google Maps. Nothing more. I don't buy lists and I don't harvest personal emails.
  • Where I got it: Google Maps (public results) and the contact or legal page of your website.
  • Legal basis: legitimate interest (GDPR art. 6(1)(f)) — introducing a service that may be useful to your business. This is not bulk automation: each email is targeted at a specific business.
  • How to opt out: reply with STOP, BAJA, UNSUBSCRIBE or any clear phrase. The system marks you unsubscribed instantly and you never get another email. You can also write to anthonyvw2007@gmail.com.
  • How long I keep data: 12 months from last contact, or deleted immediately on opt-out.

Your rights

Access, rectification, erasure, portability and objection. Email anthony@mossenagency.com or anthonyvw2007@gmail.com. If you believe something has been mishandled, you can complain to the Spanish Data Protection Agency (www.aepd.es).

Providers

Supabase (Ireland, EU) for the product database. Meta for WhatsApp Business API. Resend for transactional email. Gmail (Google Ireland, EU) for sending and receiving outreach emails. Anthropic for AI assistance. All GDPR-compliant.

Last updated: May 2026.