Privacy policy.

Last updated: April 2026

How we collect, use, and protect your personal data under the General Data Protection Regulation (GDPR) and applicable Spanish law (LOPDGDD).

§ Privacy policy

Data controller.

Raúl Yuste Sepúlveda ("FlowProp"), with address in Tarragona, Spain, and contact email [email protected], is the controller for the personal data you provide through this website.

What data we collect.

We collect the following categories of personal data:

  • Identification data: name, surname, company.
  • Contact data: email, phone.
  • Professional data: position, industry, processes you wish to automate.
  • Browsing data: IP address, browser, device, pages visited (anonymized via Plausible Analytics).

Purposes of processing.

  • Respond to your inquiry: when you submit the diagnostic form or write to us by email, we process your data to respond and, if you wish, schedule the free assessment.
  • Manage commercial relationship: if we end up working together, we process your data to send proposals, invoices, and project communications.
  • Audience analysis: we use anonymous data to understand how the website is used and improve it.

Legal basis.

  • Your consent when you submit the diagnostic form or contact us.
  • Performance of a contract when we have a project together.
  • Legitimate interest for anonymous audience analysis.

Data retention.

We will keep your data for the time necessary to fulfill the purposes for which it was collected and to determine possible liabilities arising therefrom. Specifically:

  • Form leads: 24 months from the last interaction.
  • Active clients: for the duration of the contractual relationship and the legal periods applicable thereafter (accounting/tax obligations: 6 years).
  • Browsing data (Plausible): 13 months, anonymized.

Recipients.

Your data may be shared with the following service providers, all under a Data Processing Agreement (DPA):

  • Netlify (form hosting, US/EU servers, GDPR-certified).
  • Plausible Analytics (privacy-friendly analytics, EU servers).
  • Holded (billing, EU servers) — only if we end up invoicing you.
  • Email providers (Gmail, ProtonMail) — for direct contact.

We do not sell your data. We do not transfer it to third parties for commercial purposes.

Your rights.

You can exercise the following rights at any time by writing to [email protected]:

  • Access: obtain a copy of the personal data we have about you.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure ("right to be forgotten"): request deletion when there is no legitimate reason to retain it.
  • Restriction of processing: ask us to limit the use of your data.
  • Portability: receive your data in a structured format.
  • Objection: object to processing based on legitimate interest.

You also have the right to file a complaint with the Spanish Data Protection Agency (aepd.es) if you believe your rights have been violated.

Security.

We apply reasonable technical and organizational measures to protect your data: HTTPS encryption, restricted access, encrypted backups, audit logs. In the unlikely event of a security breach, we will notify you within 72 hours pursuant to GDPR.

Modifications.

We may update this Privacy Policy. The latest version will always be available on this URL. Significant changes will be communicated via the email you provided us.