Privacy policy
Last updated: 11 de junio de 2026
Note: in the event of any discrepancy between versions, the Spanish version prevails.
At <brand/> we take your privacy seriously. This policy explains what data we process, for what purpose, and what rights you have, in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD).
1. Data controller
- Controller: <owner/>, with registered address at <address/>
- Contact: privacidad@tarracoapplab.com
2. What data we process
- Account data: name, email address, and password (stored encrypted). If you sign in with an external provider, the basic data from your profile.
- Usage content: the queries (prompts) you send, the responses generated, and the conversations you save, along with technical metadata (date, models used).
- Technical data: IP address, session identifiers, and logs needed for security and operation.
3. Purposes and legal basis
- Providing the service (creating your account, processing your queries, generating the consensus, and saving your history) — performance of the contract.
- Security and abuse prevention (rate limiting, logs) — legitimate interest.
- Analytics and marketing communications — consent (which you can withdraw at any time).
- Applicable legal obligations — legal obligation.
4. Important: your queries are processed with third-party AI
To generate the responses, the queries you write are sent to the artificial intelligence providers listed in section 5. For this reason, do not enter sensitive personal data, secrets, credentials, or confidential third-party information in your queries. You are responsible for the content you send.
5. Recipients and data processors
To provide the service we rely on the following providers (data processors), with whom the safeguards required by the GDPR are in place:
| Provider | Function | Location / safeguard |
|---|---|---|
| Supabase Inc. | Authentication and database (account, conversations) | EU infrastructure (Frankfurt); SCC |
| Netlify Inc. | Website and function hosting | USA; SCC |
| OpenAI | AI models (GPT) to generate responses | USA / Ireland; SCC |
| Anthropic PBC | AI models (Claude) | USA; SCC |
| Google LLC | AI models (Gemini) and, with your consent, analytics | USA; SCC |
| OpenRouter y Groq | Routing and additional AI models (includes free options) | USA; SCC |
| Brevo SAS | Sending account emails (confirmation, recovery) | France (EU) |
| Microsoft Clarity | Usage analytics (only with your consent) | USA; SCC |
| Intuition Machines, Inc. (hCaptcha) | Anti-spam protection for the contact form (only if configured) | USA; SCC |
6. International transfers
Some providers are located outside the European Economic Area (mainly the USA). These transfers are covered by the Standard Contractual Clauses (SCC) approved by the European Commission and by supplementary measures. You can request information about these safeguards by writing to <email/>.
7. Retention
We keep your data for as long as your account is active. If you close your account, we delete or anonymize it, except for any data we must retain to comply with legal obligations or to address potential liabilities.
8. Your rights
You can exercise your rights of access, rectification, erasure, objection, restriction, and portability by writing to <email/>. You can also withdraw your consent at any time and file a complaint with the Spanish Data Protection Agency (<aepd/>) if you believe we have not handled your request properly.
9. Security
We apply appropriate technical and organizational measures: encryption in transit, row-level access control (RLS), secure secrets management, rate limiting, and logging of security events.
10. Changes to this policy
We may update this policy to reflect legal or service changes. We will always publish the version in force on this page.