Privacy Policy

Last Updated: 2025-11-24

This Privacy Policy describes how David Ospina ("I", "me", or "my") collects, uses, and protects your personal information when you use this website and my services. I am committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Data Controller

The data controller responsible for your personal information is:

David Ospina
Barcelona, Spain
Email: [email protected]

2. Information I Collect

2.1 Information You Provide

  • Contact Forms: Name, email address, company name, and message content when you contact me
  • Service Inquiries: Project details, business requirements, and communication preferences
  • Payment Information: Billing details for service contracts (processed through secure third-party payment processors)

2.2 Automatically Collected Information

  • Usage Data: IP address, browser type, device information, pages visited, time spent on pages
  • Analytics: Website performance metrics and user behavior patterns (if analytics are enabled)
  • Cookies: See the Cookies section below for details

3. How I Use Your Information

I use your personal information for the following purposes:

  • Service Delivery: To provide web development and AI agent services you request
  • Communication: To respond to your inquiries and provide customer support
  • Business Operations: To manage contracts, invoicing, and project delivery
  • Website Improvement: To analyze usage patterns and improve user experience
  • Legal Compliance: To comply with legal obligations and protect my rights
  • Marketing: To send relevant service updates (only with your consent)

5. Data Sharing and Disclosure

I do not sell your personal information. I may share your data with:

  • Service Providers: Hosting providers, email services, payment processors (under strict data protection agreements)
  • Legal Requirements: When required by law or to protect legal rights
  • Business Transfers: In the event of a business sale or merger (with notice to affected users)

Third-Party Services Used:

  • Hosting: Firebase/Google Cloud Platform
  • Email: Standard email providers
  • Analytics: (if enabled) Google Analytics or similar services

6. Cookies and Tracking Technologies

This website uses cookies and similar technologies:

6.1 Types of Cookies

  • Essential Cookies: Required for website functionality (e.g., theme preferences)
  • Analytics Cookies: To understand how visitors use the site (if enabled)
  • Preference Cookies: To remember your settings (e.g., language, dark mode)

6.2 Cookie Management

You can control cookies through your browser settings. Note that disabling essential cookies may affect website functionality.

7. Your Privacy Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Restriction: Limit how I use your data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

To exercise these rights, contact me at [email protected]. I will respond within 30 days.

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

  • Right to Know: Request information about personal data collected, used, and shared
  • Right to Delete: Request deletion of your personal data
  • Right to Opt-Out: Opt-out of the "sale" of personal information (I do not sell personal data)
  • Right to Non-Discrimination: Equal service regardless of privacy rights exercise

To exercise CCPA rights, email [email protected] with "CCPA Request" in the subject line.

9. Data Retention

I retain your personal data only as long as necessary:

  • Contact Inquiries: Up to 2 years after last contact
  • Service Contracts: Duration of contract + 7 years (for legal/tax purposes)
  • Analytics Data: Aggregated and anonymized after 26 months
  • Marketing Consent: Until consent is withdrawn

10. Data Security

I implement appropriate technical and organizational measures to protect your personal data, including:

  • HTTPS encryption for data transmission
  • Secure hosting infrastructure
  • Regular security updates and monitoring
  • Access controls and authentication
  • Data backup and recovery procedures

However, no method of transmission over the internet is 100% secure. I cannot guarantee absolute security.

11. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States. I ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for data transfers
  • Privacy Shield certification (where applicable)

12. Children's Privacy

This website and services are not directed to children under 16. I do not knowingly collect personal information from children. If you believe I have collected information from a child, please contact me immediately.

13. Changes to This Policy

I may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. For material changes, I will provide prominent notice or obtain consent where required by law.

14. Contact Information

For privacy-related questions, concerns, or to exercise your rights, contact:

David Ospina
Email: [email protected]
Barcelona, Spain

EU Representative: For GDPR matters, you may also contact your local data protection authority.