Privacy Policy

1) What data we collect

A) Data you provide

When you contact us via our website form, email, WhatsApp, or a booking link, we may collect:

• Name
• Email address
• Company name (if provided)
• Project details and message content
• Scheduling details (e.g., preferred time)
• Any other information you choose to share

B) Data collected automatically (website usage)

When you browse our website, we may collect limited technical data such as:

• IP address (or an abbreviated form, depending on configuration)
• Device and browser type
• Pages viewed and interactions (e.g., button clicks)
• Approximate location (inferred from IP)

This data is typically collected through analytics and standard server logs.

2) How we use your data

We use your data to:

• Respond to inquiries and communicate with you
• Evaluate your request and provide information or estimates
• Schedule and manage calls/meetings
• Maintain basic records of communications
• Improve our website, performance, and user experience (analytics)
• Protect our website against spam, abuse, and security incidents

3) Legal bases for processing (GDPR)

If you are located in the EU/EEA/UK, we process personal data under one or more of the following legal bases:

• Legitimate interests: to respond to business inquiries, communicate with prospects, improve our website, and prevent abuse.
• Consent: where required for non-essential cookies/analytics (for example, via a cookie banner if implemented).
• Contract / pre-contractual steps: to take steps at your request before entering into a contract (e.g., preparing a quote).

4) How long we keep your data (retention)

We keep personal data only as long as necessary for the purposes described above:

• Inquiries/leads: typically up to 12 months after the last interaction.
• Client work: longer retention may apply where needed for contracts, invoices, tax, or legal compliance.

You can request deletion at any time (see Section 10).

5) Where your data is stored

At this time:

• Lead and inquiry communications are stored in Gmail (our inbox).
• Website hosting and logs are handled through our hosting provider.

6) Service providers (processors) we use

We use trusted providers to operate the website and communications. These providers may process personal data on our behalf as "processors", or in some cases as independent "controllers" for their own services.

Common providers used by this website and workflow include:

• Vercel (hosting and deployment): serves the website and may process technical logs necessary for performance and security.
• Resend (email delivery): used to send form submissions to our inbox.
• Google (Gmail): used to receive and store lead communications.
• Google Analytics 4 (GA4): used to understand website usage and improve the site.
• Calendly: used for scheduling calls/meetings when you book a call.
• WhatsApp: used when you contact us via WhatsApp; your messages are processed under WhatsApp's own policies.

7) Cookies and analytics

We may use cookies or similar technologies for:

• Basic website functionality (essential)
• Analytics to understand traffic and improve the website (non-essential in many jurisdictions)

Google Analytics (GA4): We use GA4 to measure website usage (e.g., page views, interactions). Depending on your configuration and location, GA4 may rely on cookies or other identifiers.

Your choices

• You can restrict cookies in your browser settings.
• If we implement a cookie banner, you will be able to accept or reject non-essential analytics cookies (where required by law).

8) Marketing communications

We do not sell personal data. If you contact us, we may respond to your request. If we ever send marketing emails, you will be able to opt out at any time.

9) Sharing of personal data

We may share personal data:

• With our service providers listed above, strictly to operate the website and communications
• If required by law, legal process, or to protect rights and safety
• In connection with a business transition (e.g., reorganization), where permitted by law

We do not sell your personal data.

10) Your rights

Depending on your location, you may have rights to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Object to or restrict processing
• Request data portability (where applicable)
• Withdraw consent (where processing is based on consent)

To exercise your rights, contact: ironlithtech@gmail.com

We may need to verify your identity before responding.

11) International data transfers

Some providers listed above may process data outside Spain and/or the European Economic Area (EEA). Where applicable, providers may rely on legal safeguards such as Standard Contractual Clauses or other approved transfer mechanisms.

12) Children's privacy

Our services are not directed to children, and we do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us and we will take appropriate steps.

13) Security

We take reasonable measures to protect personal data, including secure hosting, access controls, and safe handling of form submissions. However, no method of transmission or storage is 100% secure.

14) "Do Not Sell or Share" (US/California notice)

We do not sell personal information. We also do not share personal information for cross-context behavioral advertising in the sense used by certain US state privacy laws. If laws in your jurisdiction grant additional rights, you can contact us at ironlithtech@gmail.com.

15) Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be posted on this page and will include the updated date.