SES PeregrinoSES Peregrino

Terms and Conditions of Use — SES Peregrino

Last updated: March 22, 2026

Article 1. Purpose and Scope

1.1. These Terms and Conditions govern access to and use of the SES Peregrino mobile application, developed and operated by Wise Pilgrim SL, based in Galicia, Spain.

1.2. SES Peregrino helps accommodation providers in Spain comply with guest registration obligations under Royal Decree 933/2021 and the SES.HOSPEDAJES system of the Ministry of Interior.

1.3. The Application enables:

  1. Scanning traveler identity documents or QR codes to capture registration data.
  2. Generating XML files required by SES.HOSPEDAJES.
  3. Preparing and facilitating the submission of guest registrations to the Ministry of Interior. The accommodation provider remains solely responsible for the timely and accurate submission of all required data to government systems.
  4. Storing encrypted guest registration data on Wise Pilgrim's cloud infrastructure for the retention period required by law (see Article 5).
  5. Publishing accommodation listings — including property name, address, contact details, services, and pricing — in Wise Pilgrim's applications and guides (see Article 7).

1.4. By using the Application, you accept these Terms in full.

1.5. The Application is provided free of charge. Wise Pilgrim reserves the right to introduce paid features in the future with at least 60 days' notice. Core compliance functionality will remain free.

Article 2. Eligibility

2.1. The Application is intended for owners or legal representatives of accommodation establishments in Spain required to register guests under Royal Decree 933/2021.

2.2. You must: (a) be at least 18 years old; (b) have legal capacity to enter into agreements; (c) be the registered owner or authorized legal representative of a Spanish accommodation establishment; and (d) hold valid, current SES.HOSPEDAJES credentials.

2.3. You represent and warrant that all eligibility information provided is accurate. Wise Pilgrim reserves the right to verify eligibility at any time and to suspend accounts where eligibility cannot be confirmed.

2.4. If your SES.HOSPEDAJES credentials expire or become invalid, submission functions may be restricted. You are responsible for maintaining valid credentials with the Ministry of Interior. Wise Pilgrim is not liable for penalties resulting from expired or invalid credentials.

Article 3. Account and Security

3.1. Use of the Application requires creating an account with accurate, up-to-date information.

3.2. You are responsible for keeping your account credentials confidential.

3.3. SES.HOSPEDAJES credentials are stored in your device's secure keychain (iOS Keychain or Android Keystore) and are never transmitted to Wise Pilgrim servers.

3.4. Zero-Knowledge Encryption. All guest personal data is encrypted on your device using AES-256-GCM encryption with a key derived from your password via PBKDF2-SHA256. Encrypted data is stored on Wise Pilgrim's cloud infrastructure, but Wise Pilgrim does not possess, store, or have access to your encryption key. This means Wise Pilgrim cannot view, access, or decrypt your guest data under any circumstances.

3.5. Recovery Code. Upon account creation, you will receive a unique recovery code. This code is your only means of regaining access to your encrypted data if you forget your password. You must store this recovery code securely in a location separate from your device (for example, a printed copy in a safe or a separate password manager).

3.6. PERMANENT DATA LOSS WARNING. If you lose both your password and your recovery code, your encrypted guest data is permanently and irreversibly unrecoverable. Wise Pilgrim cannot recover, restore, or decrypt this data under any circumstances. This is an inherent consequence of the zero-knowledge encryption architecture, which ensures that no one — including Wise Pilgrim, law enforcement, or any third party — can access your guest data without your key. By using the Application, you acknowledge and accept this risk.

3.7. Device Security. You are responsible for the physical security of any device used to access the Application. Wise Pilgrim recommends: (a) enabling a strong device passcode or biometric lock; (b) enabling remote wipe capability; (c) keeping your device operating system updated. If your device is lost or stolen, you should change your account password immediately and, if you believe guest data may have been compromised, follow the breach notification procedures required by GDPR and Royal Decree 933/2021.

3.8. Password Changes and Re-Encryption. Because of the zero-knowledge encryption architecture, changing your password requires re-encrypting all stored guest data. When you initiate a password change, the Application will: (a) create a temporary backup copy of your encrypted data on Wise Pilgrim's servers; (b) download your encrypted records to your device in batches; (c) decrypt each batch using your old password-derived key; (d) re-encrypt each batch using your new password-derived key; and (e) upload the re-encrypted batch to Wise Pilgrim's servers before processing the next batch. Records are processed in batches to minimise the volume of data held in decrypted form on your device at any given time. This process may take significant time depending on the volume of stored guest data.

3.9. Re-Encryption Safeguards. During the re-encryption process described in Article 3.8: (a) you must not close the Application, switch to another application, or lose network connectivity — an interruption may result in data corruption or loss; (b) a temporary backup copy of your data (encrypted with your old key) is retained on Wise Pilgrim's servers to allow restoration if the process fails; (c) upon completion, you will be asked to confirm in the Application that the password change was successful; (d) Wise Pilgrim will then separately verify and confirm with you that the re-encryption completed successfully before deleting the temporary backup copy. The backup copy is not deleted automatically — it is retained until Wise Pilgrim has confirmed successful completion with you and manually initiates deletion. This manual confirmation process may be replaced with an automated process in the future if the protocol demonstrates consistent reliability at scale, and any such change will be communicated in accordance with Article 11. Wise Pilgrim is not liable for data loss or corruption resulting from an interrupted re-encryption process where the interruption was caused by your actions, device failure, or loss of network connectivity, but will use commercially reasonable efforts to restore data from the backup copy where possible.

Article 4. User Obligations

4.1. You agree to: (a) provide accurate data; (b) use the Application lawfully and in compliance with Royal Decree 933/2021; (c) maintain valid SES.HOSPEDAJES credentials; (d) verify guest data before submission; and (e) safeguard your encryption key and recovery code.

4.2. You are solely responsible for the accuracy of guest information you enter into the Application. Wise Pilgrim acts as a technology provider and does not verify the substantive accuracy of guest data (for example, whether an identity document number is valid or a name is correctly spelled).

4.3. Wise Pilgrim is responsible for ensuring that the Application accurately encodes your data into the XML format required by SES.HOSPEDAJES without modification or loss of information. If a defect in the Application causes data to be incorrectly encoded, Wise Pilgrim will use commercially reasonable efforts to correct the defect promptly.

4.4. You are the Data Controller for all guest personal data processed through the Application. This means you bear legal responsibility under GDPR and LOPDGDD for: the lawfulness of data collection, providing guests with privacy information (Articles 13 and/or 14 GDPR as applicable), responding to data subject rights requests, reporting data breaches to the AEPD within 72 hours, and maintaining compliance with Royal Decree 933/2021 retention requirements.

Article 5. Data Protection and Wise Pilgrim's Role

5.1. Data processing is governed by Regulation (EU) 2016/679 (GDPR) and Spain's Organic Law 3/2018 (LOPDGDD).

5.2. Guest Personal Data. The accommodation provider is the Data Controller for all guest personal data. Guest data is encrypted on your device before being transmitted to and stored on Wise Pilgrim's cloud infrastructure. Because of the zero-knowledge encryption architecture, Wise Pilgrim cannot access, read, or process this data in decrypted form. Wise Pilgrim's role with respect to encrypted guest data is limited to providing secure storage infrastructure. Wise Pilgrim does not determine the purposes or means of processing guest personal data and does not qualify as a Data Processor for this data within the meaning of GDPR Article 4(8).

5.3. Operational and Property Data. Wise Pilgrim acts as Data Processor for operational metadata associated with your account, including: submission timestamps, submission status (success/failure), API responses, and technical logs. This processing is governed by the Data Processing Agreement (DPA), which forms part of these Terms.

5.4. Property Listing Data. Property information you provide — including property name, address, contact details, services offered, and pricing — is provided by you with the express understanding and consent that Wise Pilgrim will publish this information in its applications, guidebooks, websites, and related media. This data is not treated as confidential. The legal basis for this processing is your consent and contract performance (GDPR Article 6.1(a) and (b)).

5.5. All data — encrypted guest data, operational metadata, and property listing data — is hosted by Supabase Inc. on Amazon Web Services servers located in the EU (AWS region eu-west-1, Ireland). Supabase Inc. is a US-headquartered company; Wise Pilgrim has Standard Contractual Clauses (SCCs) in place with Supabase to ensure GDPR-compliant data transfers. Details of sub-processors and transfer safeguards are available in the DPA and Privacy Policy.

5.6. Wise Pilgrim maintains a Data Protection Impact Assessment (DPIA) in accordance with GDPR Article 35, evaluating risks associated with identity document processing, minors' data, zero-knowledge encrypted storage, and legal data retention. The DPIA is reviewed and updated periodically. A summary is available upon request by contacting privacy@wisepilgrim.com.

Article 6. Availability and Limitations

6.1. Wise Pilgrim will use commercially reasonable efforts to maintain Application availability. Wise Pilgrim does not guarantee uninterrupted or error-free service.

6.2. Wise Pilgrim does not operate or control the SES.HOSPEDAJES system and is not responsible for: (a) SES system outages or performance issues; (b) SES validation errors or rejection of submissions; (c) changes to SES policies, formats, or requirements; or (d) delays in Ministry of Interior processing.

6.3. Force Majeure. Neither party is liable for failure to perform due to events beyond reasonable control, including natural disasters, war, pandemic, government action, cyber attacks on critical infrastructure, or sustained power or telecommunications failure. If a force majeure event prevents Wise Pilgrim from providing the Application for more than 30 consecutive days, you may terminate your account without penalty.

6.4. Planned Maintenance. Wise Pilgrim will provide reasonable advance notice of scheduled maintenance that may affect availability, where practicable.

6.5. The Application provides tools to assist with regulatory compliance. It does not guarantee that: (a) SES.HOSPEDAJES will accept your submissions; (b) the Ministry of Interior will process registrations; or (c) use of the Application will prevent administrative penalties. Compliance with Royal Decree 933/2021 is your responsibility.

Article 7. Property Listing and Publication

7.1. Providing property listing data for publication is entirely optional. You may use all core compliance features of the Application (guest registration, data capture, SES.HOSPEDAJES submission, and encrypted data storage) without providing any listing data. If you choose to provide listing data, the terms below apply.

7.2. By providing property information (name, address, contact details, services, and pricing) through the Application, you grant Wise Pilgrim a worldwide, royalty-free license to use, display, reproduce, and distribute this information in Wise Pilgrim's applications, guidebooks, websites, and related publications for the duration of your active account and for twelve (12) months following account termination or withdrawal of consent, to allow for removal from publications in progress. Property listing information included in print editions published before your termination or withdrawal of consent may remain in those editions, but Wise Pilgrim will not include the listing in new print editions published after the removal date.

7.3. You represent and warrant that: (a) you have the authority to list the property; (b) all listing information is accurate, current, and lawful; and (c) the property complies with all applicable local licensing, zoning, and tourism registration requirements.

7.4. You may update or request removal of your property listing at any time by contacting support@wisepilgrim.com or through the Application settings. Removal will be processed within 30 days, though previously published print editions issued before the removal request may continue to display the listing. Wise Pilgrim will not include the listing in new print editions published after the removal date.

7.5. Wise Pilgrim may remove or decline to publish any listing that it reasonably believes is inaccurate, misleading, or in violation of applicable law.

Article 8. Intellectual Property

8.1. The Application, including all software, designs, and functionality, is the property of Wise Pilgrim SL. You receive a limited, non-exclusive, non-transferable, revocable license to use the Application for its intended purpose in compliance with these Terms.

8.2. You agree not to: (a) copy, modify, or create derivative works of the Application; (b) reverse-engineer, decompile, or attempt to discover source code; (c) circumvent, bypass, or disable any security or encryption mechanism; or (d) use the Application for any purpose other than accommodation guest registration and property listing.

Article 9. Limitation of Liability

9.1. Disclaimer of Certain Liabilities. Wise Pilgrim is not liable for: (a) errors, inaccuracies, or omissions in data you enter; (b) SES.HOSPEDAJES system outages, rejections, or processing delays; (c) administrative fines or penalties imposed due to your errors, omissions, or non-compliance; (d) data loss resulting from loss of your encryption key and recovery code (see Article 3.6); (e) failure or interruption of third-party services (Supabase, AWS, SES.HOSPEDAJES).

9.2. Maximum Liability. Except for liabilities that cannot be limited under applicable law (see Article 9.3), Wise Pilgrim's total aggregate liability arising from or related to these Terms and your use of the Application shall not exceed the greater of (a) the total fees paid by you to Wise Pilgrim in the twelve (12) months preceding the claim, or (b) one thousand euros (€1,000).

9.3. Non-Waivable Liability. The liability cap in Article 9.2 does not apply to:

  1. Wise Pilgrim's liability under GDPR Articles 82-83 for violations of its data protection obligations as described in these Terms, the Privacy Policy, and the DPA.
  2. Liability arising from Wise Pilgrim's gross negligence (negligencia grave) or willful misconduct (dolo).
  3. Liability for death or personal injury caused by Wise Pilgrim's negligence, to the extent such liability cannot be excluded under Spanish law.
  4. Liability arising from Wise Pilgrim's fraud or fraudulent misrepresentation.

9.4. Exclusion of Consequential Damages. To the maximum extent permitted by law, Wise Pilgrim shall not be liable for indirect, incidental, special, consequential, or punitive damages, including loss of profits, loss of data, loss of business, or regulatory fines imposed on you, regardless of whether Wise Pilgrim was advised of the possibility of such damages. This exclusion does not apply to damages arising from Wise Pilgrim's violation of GDPR or Spanish data protection law.

9.5. Indemnification by You. You agree to defend, indemnify, and hold harmless Wise Pilgrim from any third-party claim, demand, or judgment (including reasonable legal fees) arising from: (a) your breach of these Terms or applicable law; (b) your use of the Application in a manner not authorized by these Terms; (c) inaccurate or unlawful data you submit; (d) your failure to comply with GDPR, LOPDGDD, or Royal Decree 933/2021 in your capacity as Data Controller; or (e) property listing information you provide that infringes third-party rights. This indemnification does not apply to the extent that Wise Pilgrim's own actions caused or contributed to the claim.

Article 10. Termination

10.1. You may terminate your account and stop using the Application at any time through the Application settings or by contacting support@wisepilgrim.com.

10.2. Wise Pilgrim may suspend or terminate your account immediately if: (a) you breach any material provision of these Terms; (b) you are subject to government prohibition from operating an accommodation; (c) required by law or court order; or (d) your account poses a security risk to the Application or other users.

10.3. Wise Pilgrim may terminate your account with 30 days' written notice if: (a) you breach a non-material provision and fail to cure within 15 days of notice; or (b) your account has been inactive for more than 12 consecutive months.

10.4. Effect of Termination on Data. (a) Encrypted guest data stored on Wise Pilgrim's servers will be retained for the remainder of the 3-year retention period required by Royal Decree 933/2021, then automatically deleted. You may request earlier deletion, but you acknowledge this may affect your compliance obligations. (b) Operational metadata will be deleted within 30 days of termination. (c) Property listing data will be removed from digital publications within 30 days; previously published print materials may continue to display the listing.

10.5. Survival. Articles 5 (Data Protection), 7 (Publication License), 8 (Intellectual Property), 9 (Liability), 12 (Governing Law), 13 (Contact), and 14 (General Provisions) survive termination.

Article 11. Modifications

11.1. Wise Pilgrim may modify these Terms at any time.

11.2. Material changes — including modifications to liability limitations, data processing practices, or core functionality — will be communicated with at least 30 days' notice via email and in-app notification.

11.3. If you do not accept a material change, you may terminate your account within the 30-day notice period. Continued use of the Application after the effective date constitutes acceptance of the modified Terms.

Article 12. Governing Law and Dispute Resolution

12.1. These Terms are governed by Spanish law. Disputes shall be resolved in the courts of Santiago de Compostela, without prejudice to any mandatory consumer jurisdiction rules that may apply.

12.2. For data protection disputes, either party may file a complaint with Spain's Data Protection Authority (Agencia Española de Protección de Datos, AEPD, www.aepd.es). Regulatory proceedings are independent of any private dispute resolution.

12.3. Before initiating court proceedings (other than applications for injunctive relief or complaints to the AEPD), the parties shall attempt to resolve disputes through good-faith negotiation for a period of thirty (30) days from the date of written notice of the dispute.

Article 13. Contact

Wise Pilgrim SL
Galicia, Spain
General inquiries: info@wisepilgrim.com
Privacy and data protection: privacy@wisepilgrim.com
Security issues: security@wisepilgrim.com

Article 14. General Provisions

14.1. Severability. If any provision of these Terms is found by a court of competent jurisdiction to be invalid, illegal, or unenforceable, that provision shall be modified to the minimum extent necessary to make it enforceable, or if modification is not possible, severed. All remaining provisions shall continue in full force and effect.

14.2. Entire Agreement. These Terms, together with the Privacy Policy and Data Processing Agreement, constitute the entire agreement between you and Wise Pilgrim regarding the Application and supersede all prior agreements, representations, and understandings.

14.3. No Waiver. Wise Pilgrim's failure to enforce any provision of these Terms shall not constitute a waiver of that provision or any other provision.