subastAI

Privacy Policy – subastAI

Summary: This privacy policy explains how subastAI collects and uses your personal data to provide auction alert services. We collect only essential data needed for account management, service delivery, and security. We do not share your data with third parties for marketing purposes. Your data is stored securely in the EU and you have full rights to access, correct, or delete your information.

This Privacy Policy explains how subastAI (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you use the website https://subastai.app (the “Platform”). We are committed to protecting your privacy and handling your data responsibly, in compliance with applicable laws including the EU GDPR (Regulation 2016/679) and Spanish LOPDGDD (Organic Law 3/2018).

We do not share your personal data with third parties for marketing, advertising, or any commercial purposes. We only use your data to provide and improve our services.

1. Data Controller

subastAI
Tax ID: tax-id-2548929774208656548-spain-portugal
Registered Address: registered-R Camoes 699, 4000-142 Porto, Portugal-españa
Email: support-support@subastai.app-contact

2. Personal Data We Collect

We collect only the personal data necessary to provide our auction alert services:

2.1. Account and Registration Data

  • Email address
  • Password (hashed)
  • Name (optional)
  • Language preference

2.2. Usage Data

  • IP address (for security and session management)
  • Browser type/device information
  • Timestamp of actions (login, alert creation)

2.3. Service Data

  • Auction alert preferences (search criteria, favorites)
  • Uploaded content (e.g., documents for analysis – see AI Training section below)

2.4. Payment Data (if applicable)

  • Processed via secure third-party providers (e.g., Stripe); we do not store full card details.

We collect no data for tracking, profiling, or advertising.

3. How We Use Your Data

We use your personal data for these purposes only:

  • Service Provision: Manage accounts, send auction alerts, process subscription payments.
  • Security: Prevent fraud, maintain sessions.
  • Communication: Respond to support requests, send service updates.
  • Improvement: Analyze usage patterns (anonymized) to enhance Platform functionality.
  • Analytics: We use on-premise analytics software to analyze anonymous website usage patterns and improve user experience. All analytics data is processed locally on our servers and is not shared with any third parties.

Legal Basis (GDPR):

  • Contract performance (alerts, account management, subscriptions)
  • Legitimate interest (security, support)
  • Consent (where explicitly given, e.g., marketing emails if added later)

4. AI Training and Uploaded Content

Users may upload documents (e.g., auction notices, property details) for analysis or processing.

  • Non-Personal Data: Publicly available or non-personal content from uploads may be used to train and improve our AI models (e.g., better understanding auction formats, extracting relevant data). This helps enhance alert accuracy for all users.
  • Personal Data Exclusion: Any identifiable personal information (names, emails, IDs) is never used for AI training. It is processed only for your specific request and then securely stored/deleted.
  • Uploaded files are retained only as long as needed for your service and then deleted unless required for legal/account purposes.

5. Data Storage and Security

  • Duration: Account data retained while active + 30 days post-deletion request. Backups up to 90 days for recovery.
  • Security Measures: Encryption (at rest/transit), access controls, regular audits, HTTPS. We use our own mail server for all email communications.
  • Location: Data stored in secure EU-based servers.

6. Third-Party Processors

We use trusted processors under strict contracts (DPA compliant):

ProcessorPurposeData SharedLocation
Google CloudHosting/InfrastructureTechnical logs (anonymized)EU
Stripe/PayPalPaymentsPayment detailsEU/US
Google Maps/OAuthMaps/LoginTechnical session dataGlobal (EU safeguards)

No data sales or marketing sharing.

7. Your Rights

Under GDPR/LOPDGDD, you have rights regarding your data:

  • Access: Request copy of your data.
  • Rectification: Correct inaccurate data.
  • Erasure: Delete your data (subject to legal retention).
  • Restriction: Limit processing.
  • Portability: Receive data in structured format.
  • Objection: Oppose processing (e.g., legitimate interest).
  • Withdraw Consent: Where applicable.

How to Exercise: Email support-support@subastai.app-contact with verification. Response within 1 month.

8. Cookies and Similar Technologies

See our separate Cookie Policy for details on session, preference, and functional technologies. No tracking cookies.

9. International Transfers

Data primarily stored in EU. For US processors (e.g., Google), we use Standard Contractual Clauses (SCCs) or adequacy decisions.

10. Children’s Data

Platform intended for users 18+. No knowing collection from minors. Content relates to public auctions and subscriptions only.

11. Changes to This Policy

Updates published here with “Last updated” date. Continued use constitutes acceptance. Significant changes notified by email.

12. Complaints

Contact us first at support-support@subastai.app-contact. For EU matters, contact Spanish AEPD (www.aepd.es) or your local DPA.

Last updated: 15th December 2025

Related Policies

Terms and Conditions Cookie Policy