Privacy policy
Data controller
| Field | Value |
|---|---|
| Company | BIAI Technology Project S.L. |
| Tax ID | B75473223 |
| Address | Avenida del Conocimiento 41, Office 303, 18016 Granada, Spain |
| [email protected] |
Data processed and purposes
| Data | Purpose | Legal basis |
|---|---|---|
| Name, email, company, role, message | Handling contact, demo or POC requests | Consent (art. 6.1.a GDPR) |
| Email, first and last name | Account creation, API key delivery and transactional confirmation emails | Pre-contractual performance (art. 6.1.b GDPR) |
| Billing data (legal name, Tax ID, address) | Issuing invoices and meeting accounting obligations | Legal obligation (art. 6.1.c GDPR) |
| Aggregated browsing data (only with cookie consent) | Evaluating site usage to optimise it | Consent (art. 6.1.a GDPR) |
Data processors
Providers that process data under contract (article 28 GDPR):
- Vercel Inc. · public website hosting (EU servers, Frankfurt). Adherent to the EU-U.S. Data Privacy Framework.
- Stripe Payments Europe Ltd. · card payment processing and receipts. Card data is never stored on our systems.
- Resend / SES EU · transactional email delivery (email confirmation, payment receipts). EU servers.
- Microsoft 365 · corporate inbound email (EU servers; EU-U.S. DPF).
- Google LLC · Google Analytics 4 (only if you accept analytics cookies; IP anonymisation; EU-U.S. DPF).
- GPU Solutions · operator of the compute cluster (NVIDIA HGX B200) on Spanish soil. Prompts and inference data are processed exclusively within this environment.
Retention periods
- Contact form: up to 2 years from the last contact, or for the duration of the contractual relationship plus the subsequent legal periods.
- Active accounts and billing: during the life of the account and, after closure, the legally required periods (6 accounting years · Spanish LGT 58/2003).
- Inference logs (prompts/responses): zero retention by default. Anonymised technical traces kept up to 30 days for debugging.
- Browsing data (GA4): 14 months from the last visit.
- Technical logs: 30 days, except for security incidents (up to 1 year).
Recipients
We do not share data with third parties, except as required by law or with the processors listed above. No automated decisions with legal effects or profiling are carried out.
User rights
You can exercise your rights of access, rectification, erasure, objection, portability and restriction of processing by writing to [email protected] with the subject "GDPR rights" and a copy of an identity document attached.
You may also lodge a complaint before the Spanish Data Protection Agency (AEPD) if you believe the processing does not comply with applicable law: www.aepd.es.
Security
We apply technical and organisational measures aligned with the Spanish National Security Framework (ENS Medium Category, RD 311/2022) and ISO/IEC 27001:2022. See the security policy for details.
Changes to this policy
This policy is reviewed periodically. Material changes are reflected in the last updated date and, where appropriate, communicated by email or via a prominent notice on the site.