Privacy policy
Last updated: 11 de junio de 2026
Note: in case of any discrepancy between versions, the Spanish version prevails.
At <brand/> we take your privacy seriously. This policy explains what data we process, for what purpose and what rights you have, in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD).
1. Data controller
- Controller: <owner/>, registered at <address/>
- Contact: privacy@tarracoapplab.com
2. What data we process
- Account data: name, email address and password (stored encrypted). If you sign in with a third-party provider, the basic data from your profile.
- Usage content: the queries (prompts) you send, the generated responses and the conversations you save, together with technical metadata (date, models used).
- Technical data: IP address, session identifiers and logs necessary for security and operation.
3. Purposes and legal basis
- Providing the service (creating your account, processing your queries, generating the consensus and saving your history) — performance of a contract.
- Security and abuse prevention (rate limiting, logs) — legitimate interest.
- Analytics and commercial communications — consent (which you can withdraw at any time).
- Legal obligations as applicable — legal obligation.
4. Important: your queries are processed by third-party AI
To generate responses, the queries you write are sent to the artificial intelligence providers listed in section 5. Therefore, do not include sensitive personal data, secrets, credentials or confidential third-party information in your queries. You are responsible for the content you send.
5. Recipients and data processors
To deliver the service we rely on the following providers (data processors), with whom the guarantees required by the GDPR are in place:
| Provider | Function | Location / safeguard |
|---|---|---|
| Supabase Inc. | Authentication and database (account, conversations) | EU infrastructure (Frankfurt); SCCs |
| Netlify Inc. | Site hosting and functions | USA; SCCs |
| OpenAI | AI models (GPT) for generating responses | USA / Ireland; SCCs |
| Anthropic PBC | AI models (Claude) | USA; SCCs |
| Google LLC | AI models (Gemini) and, with your consent, analytics | USA; SCCs |
| OpenRouter y Groq | Routing and additional AI models (includes free options) | USA; SCCs |
| Brevo SAS | Account email delivery (confirmation, recovery) | France (EU) |
| Microsoft Clarity | Usage analytics (only with your consent) | USA; SCCs |
6. International transfers
Some providers are located outside the European Economic Area (mainly the USA). These transfers are covered by the Standard Contractual Clauses (SCCs) approved by the European Commission and by supplementary measures. You can request information about these safeguards by writing to <email/>.
7. Retention
We retain your data for as long as your account is active. If you close your account, we delete or anonymise it, except for data we must retain to comply with legal obligations or address potential liabilities.
8. Your rights
You can exercise your rights of access, rectification, erasure, objection, restriction and portability by writing to <email/>. You may also withdraw your consent at any time and lodge a complaint with the Spanish Data Protection Agency (<aepd/>) if you consider that your request has not been addressed.
9. Security
We apply appropriate technical and organisational measures: encryption in transit, row-level access control (RLS), secure secrets management, rate limiting and security event logging.
10. Changes to this policy
We may update this policy to reflect legal or service changes. The current version will always be published on this page.