Home

GDPR • CCPA • LFPDPPP

Privacy Notice

Complete transparency about how we handle your data

Last updated: 05-06-2026

⚠️ Age Restriction

This service is intended for businesses and professionals over 18. We do not knowingly collect data from minors. If you are under 18, do not use our services.

1. Data Controller Identity and DPO Contact

WEB SPACE MX (the “Controller”), with tax domicile in Mexico City, Mexico, is responsible for processing your personal data under:

  • Mexico’s Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP)
  • EU General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)

Official contact to exercise rights:
📧 Email: [email protected]
📞 Phone: [PENDING CONFIGURATION]
🏢 Address: [PENDING FULL ADDRESS]

2. Personal Data Collected and Legal Basis

We collect the following categories of data under these legal bases:

Identification and Contact Data

Name, role, corporate email

Legal basis: Contract performance / Legitimate interest (GDPR Art. 6.1.b / 6.1.f)

Technical and Browsing Data

IP address, user-agent, server logs, technical cookies

Legal basis: Legitimate interest (security and fraud prevention - GDPR Art. 6.1.f)

AI Tool Input Data

Analysis URLs, code snippets (NOT stored permanently)

Legal basis: Contract performance (GDPR Art. 6.1.b)

Payment Data (coming soon)

Processed by Stripe - we do not store full bank card details

Legal basis: Contract performance (GDPR Art. 6.1.b)

3. Purposes of Processing

Primary purposes (necessary for the service):

  • Provide security audits, performance analysis, and DNS configuration services.
  • User authentication and account management.
  • Payment processing and invoicing (when applicable).
  • Fraud prevention and system security (rate limiting, bot detection).

Secondary purposes (optional - require explicit consent):

  • Technical newsletters on cybersecurity (opt-in required).
  • Aggregated usage analytics to improve the service.

You may withdraw consent at any time without affecting the primary service.

4. Data Retention Period

We retain personal data for the following periods:

  • Account data: While your account is active + 1 year after cancellation (tax compliance).
  • Server logs: Up to 90 days (security and debugging).
  • AI analysis data: 0 days (real-time processing, no permanent storage).
  • Support communications: 3 years (Mexico legal obligations).

After these periods, data is securely deleted or irreversibly anonymized.

5. International Data Transfers

Some providers are located outside Mexico/EU. All transfers comply with:

  • Google LLC (USA): Certified under the EU-U.S. Data Privacy Framework and Standard Contractual Clauses.
  • Stripe Inc. (USA): PCI-DSS Level 1, EU Standard Contractual Clauses.

We ensure all third parties provide a level of protection equivalent to GDPR requirements (Art. 44-50).

6. Cookies and Tracking Technologies

We use the following technologies:

Strictly Necessary Cookies

User session, CSRF token, language preferences

No consent required (GDPR Art. 6.1.f)

Google reCAPTCHA v3

Bot prevention and automated attack defense

Processing based on legitimate interest (security)

You can configure your browser to reject cookies, but this may affect site functionality.

7. AI Usage (Google Gemini)

⚠️ DO NOT SUBMIT SENSITIVE DATA

Code snippets and URLs submitted to our AI tools are processed by Google Gemini API. NEVER submit:

  • Real credentials (passwords, API keys, access tokens)
  • Personal data of third parties
  • Confidential business information

Data is NOT stored on our servers after analysis. See Google’s AI privacy terms: Gemini API Terms.

8. Your Data Rights

You have the right to:

🔍 Access

Know what data we have and how we use it.

✏️ Rectification

Correct inaccurate or incomplete data.

🗑️ Erasure ("Right to be Forgotten")

Delete your data when no longer needed.

⛔ Objection

Object to processing based on legitimate interest.

📦 Portability (GDPR Art. 20)

Receive your data in a structured format (JSON/CSV).

🚫 Restriction

Restrict processing while we verify your request.

❌ Withdraw Consent

Withdraw consent without affecting prior processing.

🇺🇸 Opt-Out of "Sale" (CCPA)

We do not sell data, but you may exercise this right.

How to exercise your rights:
Send your request to [email protected] with:

  • Full name and registered email.
  • Right you wish to exercise (Access, Rectification, Erasure, etc.).
  • Clear description of your request.

We respond within 20 business days (LFPDPPP) / 30 calendar days (GDPR) / 45 days (CCPA).

9. Data Security

We implement technical and organizational security measures:

  • TLS 1.3 encryption for data in transit.
  • Zero Trust architecture with role-based access control (RBAC).
  • Audit logging of access to personal data.
  • Rate limiting (10 requests/hour) to prevent DDoS attacks.
  • Strict Content Security Policy (CSP).

In case of a data breach, we will notify affected users and authorities per GDPR Art. 33-34 (72 hours).

10. Updates

We reserve the right to update this privacy notice. Material changes will be notified 30 days in advance via email or a prominent notice on the website.

Last updated: 05/06/2026

11. Supervisory Authorities

If you believe your rights were not properly addressed, you may file a complaint with:

  • 🇲🇽 Mexico: INAI - home.inai.org.mx
  • 🇪🇺 Europe: Your local Data Protection Authority (e.g., Spain: AEPD, Germany: BfDI)
  • 🇺🇸 California: California Attorney General - Privacy Enforcement - oag.ca.gov/privacy

This site implements Zero Trust security measures, SSL/TLS 1.3 encryption, and periodic compliance audits.

.replace(/^\-{3,}$/gm, '
') // Párrafos .replace(/\n\n/g, '
') .replace(/\n/g, '
'); // Restaurar bloques de código codeBlocks.forEach((code, index) => { const html = `
${code.replace(//g, '>')}
`; md = md.replace(`___CODE_BLOCK_${index}___`, html); }); return md; };
Saltar al Contenido Principal
Sitio Público Iniciar Sesión Registrarse
Home

GDPR • CCPA • LFPDPPP

Privacy Notice

Complete transparency about how we handle your data

Last updated: 05-06-2026

⚠️ Age Restriction

This service is intended for businesses and professionals over 18. We do not knowingly collect data from minors. If you are under 18, do not use our services.

1. Data Controller Identity and DPO Contact

WEB SPACE MX (the “Controller”), with tax domicile in Mexico City, Mexico, is responsible for processing your personal data under:

  • Mexico’s Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP)
  • EU General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)

Official contact to exercise rights:
📧 Email: [email protected]
📞 Phone: [PENDING CONFIGURATION]
🏢 Address: [PENDING FULL ADDRESS]

2. Personal Data Collected and Legal Basis

We collect the following categories of data under these legal bases:

Identification and Contact Data

Name, role, corporate email

Legal basis: Contract performance / Legitimate interest (GDPR Art. 6.1.b / 6.1.f)

Technical and Browsing Data

IP address, user-agent, server logs, technical cookies

Legal basis: Legitimate interest (security and fraud prevention - GDPR Art. 6.1.f)

AI Tool Input Data

Analysis URLs, code snippets (NOT stored permanently)

Legal basis: Contract performance (GDPR Art. 6.1.b)

Payment Data (coming soon)

Processed by Stripe - we do not store full bank card details

Legal basis: Contract performance (GDPR Art. 6.1.b)

3. Purposes of Processing

Primary purposes (necessary for the service):

  • Provide security audits, performance analysis, and DNS configuration services.
  • User authentication and account management.
  • Payment processing and invoicing (when applicable).
  • Fraud prevention and system security (rate limiting, bot detection).

Secondary purposes (optional - require explicit consent):

  • Technical newsletters on cybersecurity (opt-in required).
  • Aggregated usage analytics to improve the service.

You may withdraw consent at any time without affecting the primary service.

4. Data Retention Period

We retain personal data for the following periods:

  • Account data: While your account is active + 1 year after cancellation (tax compliance).
  • Server logs: Up to 90 days (security and debugging).
  • AI analysis data: 0 days (real-time processing, no permanent storage).
  • Support communications: 3 years (Mexico legal obligations).

After these periods, data is securely deleted or irreversibly anonymized.

5. International Data Transfers

Some providers are located outside Mexico/EU. All transfers comply with:

  • Google LLC (USA): Certified under the EU-U.S. Data Privacy Framework and Standard Contractual Clauses.
  • Stripe Inc. (USA): PCI-DSS Level 1, EU Standard Contractual Clauses.

We ensure all third parties provide a level of protection equivalent to GDPR requirements (Art. 44-50).

6. Cookies and Tracking Technologies

We use the following technologies:

Strictly Necessary Cookies

User session, CSRF token, language preferences

No consent required (GDPR Art. 6.1.f)

Google reCAPTCHA v3

Bot prevention and automated attack defense

Processing based on legitimate interest (security)

You can configure your browser to reject cookies, but this may affect site functionality.

7. AI Usage (Google Gemini)

⚠️ DO NOT SUBMIT SENSITIVE DATA

Code snippets and URLs submitted to our AI tools are processed by Google Gemini API. NEVER submit:

  • Real credentials (passwords, API keys, access tokens)
  • Personal data of third parties
  • Confidential business information

Data is NOT stored on our servers after analysis. See Google’s AI privacy terms: Gemini API Terms.

8. Your Data Rights

You have the right to:

🔍 Access

Know what data we have and how we use it.

✏️ Rectification

Correct inaccurate or incomplete data.

🗑️ Erasure ("Right to be Forgotten")

Delete your data when no longer needed.

⛔ Objection

Object to processing based on legitimate interest.

📦 Portability (GDPR Art. 20)

Receive your data in a structured format (JSON/CSV).

🚫 Restriction

Restrict processing while we verify your request.

❌ Withdraw Consent

Withdraw consent without affecting prior processing.

🇺🇸 Opt-Out of "Sale" (CCPA)

We do not sell data, but you may exercise this right.

How to exercise your rights:
Send your request to [email protected] with:

  • Full name and registered email.
  • Right you wish to exercise (Access, Rectification, Erasure, etc.).
  • Clear description of your request.

We respond within 20 business days (LFPDPPP) / 30 calendar days (GDPR) / 45 days (CCPA).

9. Data Security

We implement technical and organizational security measures:

  • TLS 1.3 encryption for data in transit.
  • Zero Trust architecture with role-based access control (RBAC).
  • Audit logging of access to personal data.
  • Rate limiting (10 requests/hour) to prevent DDoS attacks.
  • Strict Content Security Policy (CSP).

In case of a data breach, we will notify affected users and authorities per GDPR Art. 33-34 (72 hours).

10. Updates

We reserve the right to update this privacy notice. Material changes will be notified 30 days in advance via email or a prominent notice on the website.

Last updated: 05/06/2026

11. Supervisory Authorities

If you believe your rights were not properly addressed, you may file a complaint with:

  • 🇲🇽 Mexico: INAI - home.inai.org.mx
  • 🇪🇺 Europe: Your local Data Protection Authority (e.g., Spain: AEPD, Germany: BfDI)
  • 🇺🇸 California: California Attorney General - Privacy Enforcement - oag.ca.gov/privacy

This site implements Zero Trust security measures, SSL/TLS 1.3 encryption, and periodic compliance audits.

B