Privacy Policy

Last updated: 2026-01-19

1) Who we are

Controller: Ironlith Tech (operated from Spain)
Contact: hello@ironlith.com (or ironlithtech@gmail.com)

If you contact us or use our site, we process your personal data as described below.

2) What data we collect

We may collect:

  • Contact details you provide: name, email, company, message, budget/timeline (if you include them).
  • Technical data: IP address (approximate), device/browser, pages visited, and basic usage events.
  • Communications: messages you send us by email, form, or WhatsApp.

3) Why we use your data (purposes)

We use your data to:

  • Respond to inquiries and provide quotes or project discussions.
  • Provide the services you request and manage our relationship.
  • Improve the website and understand traffic/performance (analytics).
  • Prevent abuse/spam and keep the site secure.

4) Legal bases (GDPR/EEA/UK)

Where GDPR applies, we rely on:

  • Your consent (e.g., when you submit a contact form).
  • Pre-contractual steps / contract necessity (to discuss or deliver services you request).
  • Legitimate interests (site security, fraud prevention, basic service improvement).

5) How long we keep data (retention)

  • Leads/inquiries: typically up to 12 months after last contact, unless you become a client or ask us to delete it sooner.
  • Client/project communications: retained as needed for the contract and legal/accounting obligations.
  • Analytics data: retained according to our analytics settings (typically 14 months or less).

6) Who we share data with (processors)

We use trusted service providers to run the site and communications, including:

  • Vercel (hosting and deployment).
  • Resend (transactional email delivery).
  • Google (Gmail/Workspace) for receiving and managing lead emails.
  • Google Analytics 4 (GA4) for website analytics (we do not intentionally send "PII" like email/phone into analytics).
  • WhatsApp (if you choose to contact us through WhatsApp).
  • Calendly (if you book a call).

These providers may process data on our behalf under their terms and data processing agreements.

7) International transfers

Because some providers operate globally (including the US), your data may be processed outside your country. When GDPR applies, we rely on appropriate safeguards (for example contractual protections used by providers).

8) Cookies and analytics

We use essential site functionality and may use analytics cookies/technologies to measure traffic and improve the site. Analytics is used in a way intended to avoid collecting directly identifying information.

You can limit cookies via your browser settings. If we implement a cookie banner/consent tool, you'll be able to manage preferences there.

9) Your rights

Depending on where you live, you may have rights to:

  • Access your data
  • Correct your data
  • Delete your data
  • Object to or restrict processing
  • Data portability (where applicable)

To exercise rights, email: hello@ironlith.com.

Spain/EU: You can also complain to the Spanish Data Protection Authority (AEPD) if you believe your rights are violated.

10) California privacy notice (if applicable)

If you are a California resident and the CCPA/CPRA applies to our business, you may have rights to know, delete, and correct certain personal information, and to opt out of certain "sales/sharing" of personal information (as defined by law). We do not sell personal information in the conventional sense.

11) Security

We use reasonable administrative and technical measures to protect your data (access controls, least privilege, secure hosting, and secure email practices). No method of transmission/storage is 100% secure.

12) Children

Our services are not intended for children. Please do not submit personal data if you are under the age required by your local law to consent.

13) Changes

We may update this policy from time to time. The latest version will be posted on this page with an updated date.