Nücode AI
    Back to Home

    Privacy Policy

    Last updated: May 17, 2026

    1. Data Controller

    The controller of the personal data collected through this website (nucodeai.com) is:

    • Owner: [TO BE CONFIRMED: full legal name of the self-employed owner], operating under the trade name Nücode AI.
    • Tax ID (NIF): [TO BE CONFIRMED]
    • Business address: [TO BE CONFIRMED]
    • Contact email: hola@nucodeai.com

    For any data protection matter or to exercise your rights, please use the email address above.

    2. Data We Collect

    We only process the data you provide and the minimum technical data needed to keep the service secure, depending on the activity:

    • Consultation form: name, agency name, email, phone (optional), areas of interest, and any additional notes you choose to include.
    • Resource download: first name, last name, work email, and agency or company name.
    • Newsletter subscription: email and preferred language (with double opt-in confirmation).
    • Technical data: IP address and user agent (browser), processed transiently to prevent abuse and rate-limit submissions (anti-spam).

    We do not request or process special categories of data. Please do not include sensitive information in free-text fields.

    3. Purposes and Legal Basis

    • Handling your consultation and business contact. Legal basis: pre-contractual measures at your request and your consent (Art. 6(1)(b) and 6(1)(a) GDPR).
    • Sending the requested resource and related communications. Legal basis: your consent (Art. 6(1)(a) GDPR), collected via a specific checkbox and double opt-in.
    • Managing the newsletter subscription. Legal basis: your consent, confirmed via a code sent to your email (double opt-in).
    • Keeping the site secure and preventing abuse. Legal basis: legitimate interest (Art. 6(1)(f) GDPR) in the security of our systems.
    • Analytics and marketing (Google Analytics via Google Tag Manager). Legal basis: your consent given in the cookie banner. It is not activated without it.

    4. Retention Periods

    • Consultation and business lead data: for the duration of the relationship and, afterwards, a maximum of 24 months from the last contact, unless a legal retention obligation applies.
    • Newsletter subscription: until you withdraw consent or unsubscribe.
    • Technical security data (IP, rate limiting): short-lived, deleted once their anti-abuse purpose is fulfilled.

    5. Recipients and Processors

    We do not sell your data. To deliver the service we rely on providers acting as processors, bound by contract under Art. 28 GDPR:

    • Supabase — database hosting, authentication and storage (USA).
    • Attio — CRM for contact and lead management (USA).
    • Resend — transactional email delivery, e.g. the confirmation code (USA).
    • Lovable — website development and deployment platform.
    • Google — web fonts (Google Fonts) for site rendering; and, only if you consent, analytics/marketing tools.

    We may also disclose data to public authorities where a legal obligation exists.

    6. International Transfers

    Some of our processors are located in the United States. Such transfers rely on the Standard Contractual Clauses approved by the European Commission and, where applicable, on the provider's certification under the EU-U.S. Data Privacy Framework, together with additional measures where necessary.

    7. Cookies and Tracking Technologies

    Non-essential technologies are only activated after your consent, managed through the cookie banner. You can review the details and change your decision at any time in our Cookie Policy.

    8. Your Rights

    You may exercise the following rights at any time by writing to hola@nucodeai.com:

    • Access to your personal data.
    • Rectification of inaccurate data.
    • Erasure of your data.
    • Restriction of processing.
    • Objection to processing.
    • Data portability.
    • Withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

    If you believe the processing does not comply with the regulations, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD), www.aepd.es, as the supervisory authority.

    9. Security

    We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction.

    10. Minors

    This site is aimed at professionals. It is not intended for minors and we do not knowingly collect data from minors.

    11. Changes to This Policy

    We may update this policy. Any changes will be posted on this page with the corresponding update date.