Privacy Policy
RGPD · LOPD-GDD · Last updated: March 2026
1. Data Controller
Controller: [COMPANY_NAME]
Tax ID (NIF/CIF): [NIF_CIF]
Address: [FULL_ADDRESS]
Privacy Email: [PRIVACY_EMAIL]
2. Data We Collect
We collect the following categories of personal data through our website:
| Data Category | Source | Purpose | Legal Basis |
|---|---|---|---|
| Name, email, company | Lead capture forms | Manage consultation requests | Consent (Art. 6.1.a RGPD) |
| Newsletter subscription | Send commercial communications | Consent (Art. 6.1.a RGPD) | |
| Conversation data | Chat widget (Molty) | Provide AI-assisted support | Legitimate interest (Art. 6.1.f RGPD) |
| Name, email, role | OAuth authentication | User account management | Contract performance (Art. 6.1.b RGPD) |
| IP address, browser data | Automatic collection | Security and analytics | Legitimate interest (Art. 6.1.f RGPD) |
3. Data Retention
Personal data will be retained for the period necessary to fulfil the purposes for which it was collected. Specifically:
- Lead data: 24 months from the last interaction, or until consent is withdrawn.
- Newsletter subscribers: Until unsubscription is requested.
- Chat conversations: 12 months from the date of the conversation.
- User accounts: Duration of the contractual relationship plus the legally required retention period.
4. Data Recipients
Your personal data may be shared with the following categories of recipients:
| Recipient | Purpose | Safeguards |
|---|---|---|
| Manus (hosting & auth) | Website hosting and authentication | Standard Contractual Clauses (SCCs) |
| LLM Provider (AI chat) | AI-powered chat responses | Data Processing Agreement |
| AWS (S3 storage) | File and asset storage | EU-US Data Privacy Framework |
Data will not be transferred to third parties except as required by law or with your explicit consent.
5. Your Rights (ARCO-POL)
Under the RGPD and LOPD-GDD, you have the following rights regarding your personal data:
Access
Obtain confirmation of whether your data is being processed and access a copy.
Rectification
Request correction of inaccurate or incomplete personal data.
Erasure
Request deletion of your personal data ('right to be forgotten').
Restriction
Request limitation of processing under certain circumstances.
Portability
Receive your data in a structured, machine-readable format.
Objection
Object to processing based on legitimate interest or direct marketing.
To exercise any of these rights, send an email to [PRIVACY_EMAIL] with the subject line "Data Rights Request" and a copy of your ID. We will respond within 30 days.
You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.
6. Security Measures
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include SSL/TLS encryption, secure authentication protocols, access controls, and regular security audits.
7. Protection of Minors
In accordance with Article 7 of the LOPD-GDD, the processing of personal data of minors under 14 years of age requires the consent of their parents or legal guardians. ClawPilot does not knowingly collect personal data from minors under 14. If we discover that we have received data from a minor without parental consent, we will proceed to delete it immediately.
8. Changes to This Policy
We reserve the right to update this Privacy Policy at any time. Any changes will be published on this page with the updated date. We recommend reviewing this policy periodically.
© 2026 ClawPilot by RUNXT. All rights reserved.