1. Data controller
The controller of your personal data is Jaime Martorell Núñez (VAT ID 43151009L), based at Calle Llibertat 2, 07013 Palma de Mallorca, Illes Balears, Spain, owner of the trade name «signfloow». Contact email: hola@signfloow.ai.
2. Data we collect
We collect the following categories of personal data:
- Registration data: name, surname, email address and password (stored encrypted).
- Profile data: company name, phone number and country.
- Usage data: projects created, platform interactions, configuration preferences.
- Technical data: IP address, browser type, operating system and access data automatically generated through cookies and similar technologies.
- Communications: messages sent through the AI assistant or contact forms.
3. Purposes and legal basis
| Purpose | Legal basis |
|---|---|
| Manage registration and access to the platform | Contract performance (art. 6.1.b GDPR) |
| Provide the contracted AI services | Contract performance (art. 6.1.b GDPR) |
| Send commercial communications about the service | Legitimate interest / consent (art. 6.1.a GDPR) |
| Analyse platform usage to improve it | Legitimate interest (art. 6.1.f GDPR) |
| Comply with legal and tax obligations | Legal obligation (art. 6.1.c GDPR) |
4. Recipients of the data
Your data may be communicated to the following processors, with whom we maintain GDPR-compliant data protection agreements:
- Amazon Web Services EMEA SARL — platform and database hosting (region eu-west-3, Paris).
- OpenAI, L.L.C. — processing of AI assistant queries (data is processed without model training under API terms).
- Anthropic PBC — processing of AI assistant queries (alternative to OpenAI; no use for training).
- Stripe Payments Europe Ltd. — payment processing (only if you contract a paid plan).
We do not sell or assign your data to third parties for their own commercial purposes.
5. International transfers
Some of our providers are located outside the European Economic Area (EEA). In such cases we ensure that appropriate safeguards exist (Standard Contractual Clauses issued by the European Commission, adequacy decisions, etc.) in accordance with Chapter V of the GDPR.
6. Data retention
We retain your data while your account is active or as necessary to provide the services. Once you request deletion or applicable legal periods expire, data will be deleted or anonymised.
7. Your rights
Under the GDPR and LOPDGDD, you have the right to:
- Access your personal data.
- Rectify inaccurate data.
- Erase your data («right to be forgotten»).
- Restrict processing.
- Port your data in a structured format.
- Object to processing based on legitimate interest.
- Withdraw consent at any time, without affecting the lawfulness of prior processing.
To exercise any of these rights, contact hola@signfloow.ai. You also have the right to file a complaint with the Spanish Data Protection Agency (aepd.es).
8. Security
We apply appropriate technical and organisational measures to protect your data against unauthorised access, loss or destruction, including encryption in transit (TLS) and at rest, access controls and regular audits.
9. Changes to this policy
We may update this policy to reflect changes in our services or applicable law. We will notify you of any material changes by email or via a prominent notice on the platform.