Privacy Policy

The data controller responsible for your personal data is Solaia, a company currently in the process of incorporation.

Company Details:

• Trade name: Solaia (also "Solaia AI")
• Operating location: Barcelona, Catalonia, Spain
• Registration: US (Delaware) company planned but not yet registered
• CIF/NIF: [To be completed upon incorporation]
• Registered address: [To be completed upon incorporation]
• Contact email: admin@solaia.io
• Website: https://solaia.io

Founders: Killian Teiki Besana, Edgar Palacios

For any questions regarding this Privacy Policy or to exercise your data protection rights, please contact us at admin@solaia.io.

We collect the following categories of personal data:

2.1 Discovery Call Booking Data

When you book a discovery call through our scheduling system:

• Name
• Email address
• Company name (optional)
• Phone number (optional)
• Meeting notes or specific requirements (optional)

2.2 Website Analytics Data

We use Vercel Web Analytics and Vercel Speed Insights, which collect:

• Anonymized page views and user sessions
• Website performance metrics
• General geographic location (country/region level)

These analytics are privacy-friendly and do not use cookies or track users across websites.

2.3 Functional Data Storage

• Language preference (stored in your browser's localStorage to remember your preferred language)

2.4 Contact and Communication Data

When you contact us via email:

• Name and email address
• Content of your messages
• Any information you choose to provide

2.5 Business Contact Data for Marketing

For our B2B outbound marketing activities, we process:

• Professional contact details (name, business email, company, job title)
• Publicly available professional information
• Communication preferences and interaction history

We process your personal data based on the following legal grounds:

3.1 Consent (Article 6(1)(a) GDPR)

• Discovery call booking: You provide explicit consent when submitting the booking form
• Newsletter subscriptions (if applicable): You provide explicit consent when subscribing

3.2 Legitimate Interest (Article 6(1)(f) GDPR)

• Website analytics: To improve our website performance and user experience
• B2B outbound marketing: To promote our services to relevant business contacts
• Security and fraud prevention: To protect our systems and users

For B2B marketing, we have conducted a legitimate interest assessment and determined that our commercial interest in promoting our services to relevant business contacts does not override your fundamental rights and freedoms.

3.3 Contract Performance (Article 6(1)(b) GDPR)

• Responding to your inquiries and providing requested information
• Delivering services you have requested

3.4 Legal Obligation (Article 6(1)(c) GDPR)

• Compliance with applicable laws and regulations
• Responding to lawful requests from authorities

We may share your personal data with the following categories of recipients:

4.1 Service Providers (Data Processors)

• Vercel Inc. (USA): Website hosting, analytics, and performance monitoring
• Scheduling service providers: For managing discovery call bookings
• Email service providers: For communication and marketing (when applicable)

All processors are bound by data processing agreements that ensure they process your data only as instructed and maintain appropriate security measures.

4.2 Legal Disclosures

We may disclose your personal data if required by law, court order, or governmental request, or to protect our rights, property, or safety.

Some of our service providers may process your data outside the European Economic Area (EEA), particularly:

Vercel Inc. (United States)

Vercel processes hosting and analytics data in the United States. This transfer is protected by:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Appropriate technical and organizational security measures

We ensure that any international transfers comply with applicable data protection laws and provide adequate protection for your personal data.

We retain your personal data for the following periods:

Discovery Call Data: 3 years from last contact or until you request deletion

Analytics Data: Anonymized data retained indefinitely for statistical purposes

Contact Inquiries: 3 years from last communication

Marketing Data: Until you opt out or 5 years from last interaction, whichever comes first

Legal Compliance: As required by applicable law

Data is automatically deleted after the retention period expires, unless longer retention is required by law.

Under the GDPR and Spanish data protection law, you have the following rights:

Right of Access: Request information about what personal data we hold about you

Right of Rectification: Request correction of inaccurate personal data

Right of Erasure ('Right to be Forgotten'): Request deletion of your personal data

Right to Object: Object to processing based on legitimate interest, including marketing

Right to Data Portability: Receive your data in a structured, machine-readable format

Right to Restrict Processing: Request limitation of how we use your data

Right to Withdraw Consent: Withdraw consent where processing is based on consent

How to Exercise Your Rights:

Email us at admin@solaia.io with your request. We will respond within one month.

Right to Complain:

If you believe we have not handled your personal data properly, you can file a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es or your local supervisory authority.

We may contact business professionals with information about our services based on our legitimate business interest in promoting our solutions to relevant companies in the real estate sector.

Legal Basis: Legitimate interest (Article 6(1)(f) GDPR)

Balancing Test: We have assessed that our commercial interest in reaching relevant business contacts does not override your rights, given that:

• We target only professional contacts in relevant industries
• Communications are business-related and informative
• We provide easy opt-out mechanisms
• We respect existing communication preferences

Your Right to Object

You can object to receiving marketing communications at any time by:

• Replying "STOP" or "UNSUBSCRIBE" to any marketing email
• Emailing admin@solaia.io with your opt-out request
• Using unsubscribe links provided in our communications

We will honor opt-out requests within 72 hours and will not contact you again for marketing purposes.

Our Approach to Cookies:

Our website itself does not set any advertising or tracking cookies. We use:

No Cookies for Analytics: Vercel Analytics is cookieless and privacy-friendly

localStorage Only: To remember your language preference (essential functionality)

Third-Party Booking System:

When you open our discovery call booking form, it loads an iframe from our scheduling service provider. This third-party system may set functional cookies necessary for the booking process to work properly. These cookies are only set when you actively interact with the booking system.

Cookie Control:

You can control cookies through your browser settings. Blocking functional cookies may prevent the booking system from working correctly.

For detailed information about cookies, visit www.allaboutcookies.org.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption in transit and at rest
• Access controls and authentication
• Regular security assessments
• Staff training on data protection
• Secure hosting infrastructure

While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but will notify you of any data breaches as required by law.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will:

• Post the updated policy on our website
• Update the "Last Updated" date
• Notify you of significant changes via email (where we have your consent)

We encourage you to review this Privacy Policy periodically.

This section provides additional information for residents of Spain:

Spanish Supervisory Authority:

Agencia Española de Protección de Datos (AEPD)

C/ Jorge Juan, 6, 28001 Madrid

Phone: 912 663 517

Website: www.aepd.es

Applicable Laws:

• EU General Data Protection Regulation (EU) 2016/679
• Ley Orgánica 3/2018, de Protección de Datos Personales y garantía de los derechos digitales (LOPDGDD)

This Privacy Policy complies with Spanish data protection requirements including the right to digital disconnection and specific protections for online rights.