Privacy policy

This policy explains how I handle the personal data collected by ebecerra.es ("the site") and the rights you have over it. It's meant to be short, readable in five minutes, and to hide nothing in the fine print.

1. Who is the data controller

Data controller: Enrique Becerra García, Spanish Tax ID (NIF) 52894473Q, registered at Calle Antonio Cumella 13, 28030 Madrid, Spain. For anything regarding your data, write to legal@ebecerra.es

2. What data I collect and why

I only process strictly necessary data:

• Contact form: name, email and your message. Used solely to reply to you.
• Booking system (optional): if you book a session through the site, I collect name, email, phone and the appointment date/time. Used to manage your booking, send a confirmation and, if enabled, a reminder before the appointment.
• Blog comments and likes: if you comment on a post, I store the display name you provide, your email (not published) and the comment text. Likes are anonymous: only the vote is counted, never tied to you.
• Virtual assistant (chatbot): see section 9.
• Anonymous usage metrics: Vercel Analytics and Vercel Speed Insights measure visits and performance without identifying cookies, personal profiles or sharing with third parties for advertising.
• Advertising measurement (Meta Pixel): the site loads the Meta Pixel for advertising analytics and remarketing. See section 10.

I don't collect sensitive data. I don't do automated marketing or newsletters. I don't sell your data to anyone.

3. Legal basis

• Your consent when submitting the form, commenting on the blog, starting a chatbot conversation or loading the Meta Pixel (art. 6.1.a GDPR).
• Performance of a contract if you book a session or hire a service (art. 6.1.b GDPR).
• My legitimate interest in keeping the site fast, available and abuse-free through anonymous metrics (art. 6.1.f GDPR).
• Legal obligation if hiring leads to an invoice — fiscal data is kept for the time required by accounting and tax law (art. 6.1.c GDPR).

4. How long I keep your data

• Form messages: until the query is resolved and up to 1 year afterwards.
• Bookings: during the appointment and up to 1 year after, in case you need to reference it. If the booking results in an invoice, fiscal data is kept for 6 years by accounting law.
• Blog comments: as long as the post is published or until you ask for removal.
• Chatbot conversations: 90 days (see section 9).
• Vercel metrics: aggregated and anonymous, per the provider's retention.
• Meta Pixel: the data and cookies it sets are retained by Meta according to its own policies. See section 10 to refuse or withdraw consent.

5. Who I share your data with

Only with the technical providers strictly required for the site to work, all with GDPR-equivalent safeguards:

• Vercel Inc. (USA) — site hosting and anonymous metrics. Member of the EU-US Data Privacy Framework.
• Resend Inc. (USA) — delivery of email generated by the contact form and booking notifications. Member of the EU-US Data Privacy Framework.
• Sanity.io (Norway/EU) — site CMS. Does not store personal data of yours.
• Supabase (EU, Frankfurt) — database for blog comments, bookings and chatbot conversations.
• Groq Inc. (USA) — processes chatbot conversations under EU Standard Contractual Clauses (SCCs).
• Meta Platforms Ireland Ltd. (Ireland) — provider of the Meta Pixel for advertising on Facebook and Instagram; this may involve transfers to the USA. See section 10.

Apart from the Meta Pixel described in section 10, I don't transfer data to any third party for commercial or advertising purposes.

6. Cookies

The site uses the bare minimum:

• NEXT_LOCALE (technical): remembers your preferred language. Exempt from consent.
• Vercel Analytics and Speed Insights: do not use identifying cookies. Measurement is anonymous.
• Meta cookies (e.g. _fbp): advertising cookies set by the Meta Pixel. They require your consent. See section 10 for how to refuse or remove them.

The site does use Meta (Facebook/Instagram) advertising cookies — see section 10 for what they do and how to refuse them.

7. Your rights

At any time you can:

• Access the data I hold about you.
• Rectify it if it's incorrect.
• Erase it.
• Restrict or object to processing.
• Request its portability.
• Withdraw your consent at any time.

To exercise any of these rights, write to legal@ebecerra.es. I'll respond within 30 days.

If you believe your rights have not been properly handled, you can file a complaint with the Spanish Data Protection Agency: aepd.es

8. Minors

This site is not directed at minors under 14. If you are under 14, ask your parent or legal guardian to submit the form or handle the booking for you. I do not knowingly process data from minors below that age; if I detect any, I delete it.

9. Virtual assistant (chatbot) and stored conversations

This site includes an AI-based virtual assistant. When you interact with it, conversations are stored in my own database for service improvement (refining answers, spotting common questions and fixing errors).

Stored data: the text of each turn (your question and the assistant's reply), an anonymous session identifier generated by your browser, the AI model used and a timestamp. No IPs, tracking cookies or personal identifiers beyond what you voluntarily type in the conversation.

Legal basis: legitimate interest in improving the service (art. 6.1.f GDPR). Retention: 90 days, after which records are automatically deleted. If you don't want your conversation stored, don't use the chatbot — the rest of the site is fully accessible without it.

AI processing: conversations are sent to Groq Inc. (language model provider) to generate the response. Groq handles data under its own privacy policy. The response is then stored in my Supabase database (hosted in the EU, Frankfurt).

10. Meta Pixel (Facebook and Instagram advertising)

This site uses the Meta Pixel (pixel ID 966739746131279), a measurement tool from Meta loaded on every page. It lets me see how my Facebook and Instagram ads perform, build advertising audiences and show relevant ads to people who have already visited the site (retargeting/remarketing).

What it collects:

• Cookies set by Meta (for example _fbp), your IP address, your browser/device (user agent), the pages you view and actions you take, such as a PageView on each page and a Lead event when you successfully send the contact form.
• Automatic advanced matching: if this feature is enabled, when you submit the contact form some of the data you type — such as your email and name — is sent to Meta in hashed (encrypted) form to match the conversion to your Facebook/Instagram account. Meta receives a hash, not the data in clear text.

Purpose: advertising measurement, retargeting/remarketing and the creation of advertising audiences.

Recipient and international transfer: Meta Platforms Ireland Ltd. (Ireland), which may transfer data to the United States. Meta relies on the EU-US Data Privacy Framework and the EU Standard Contractual Clauses (SCCs) as safeguards.

Legal basis: your consent (art. 6.1.a GDPR).

How to object or withdraw your consent: you can block or delete cookies from your browser settings (in private/incognito mode no permanent cookies are kept), and adjust your ad preferences from your Meta account at facebook.com/ads/preferences. You can also use your browser's tracking-protection or an ad blocker. Refusing has no effect on the rest of the site, which works perfectly without the pixel.

11. Automated decisions

The chatbot provides information and orients you about services, but does not make decisions with legal effects or that significantly affect you. Any hiring, quote or agreement is closed with human involvement from me.

12. Source of the data

All personal data I process comes directly from you: from the contact form, the booking system, your blog comments or chatbot conversations. I don't buy lists, source data from third parties or enrich your data with external sources.

13. Changes to this policy

If I update this policy, I'll change the date at the top and, if the change is material, also flag it on the homepage.