BuddyBeam

Privacy Policy

Last updated: March 26, 2026

This privacy policy informs about the processing of personal data carried out by BUDDYBEAM, S.L. through the website buddybeam.app.

1. DATA CONTROLLER

FieldInformation
ControllerBUDDYBEAM, S.L.
Tax IDB21874862
AddressCarrer del Pare Palau, N.º 5, Izquierda, Entresuelo 3, 43001 – Tarragona, Spain
Emaildpo@buddybeam.app

2. DATA WE PROCESS

Data collected through the website

Contact form:

  • First and last name
  • Email address
  • Message or inquiry

Browsing data:

  • IP address
  • Browser and device type
  • Pages visited and time spent
  • Cookies (according to our cookie policy)

Data collected through the virtual assistant Sofia

Sofia is a virtual assistant based on artificial intelligence. It is not a real person. When you interact with Sofia, the following data is collected:

  • Session metadata: IP address, session start time, duration, and number of conversation turns.
  • Technical session identifier (fingerprint): a pseudonymized identifier generated from technical browser parameters (language, screen resolution, timezone) used exclusively for session management and abuse prevention. This identifier does not allow direct personal identification.
  • Conversation content: text transcriptions of the conversation are retained for 60 days for quality control and debugging purposes, after which they are automatically and irreversibly deleted.
  • Audio data: voice audio is processed in real time for speech-to-text conversion and is never stored. Only the resulting text transcription is retained.

3. PURPOSES OF PROCESSING

PurposeLegal basis
Respond to inquiries and information requestsConsent (Art. 6.1.a GDPR)
Send commercial communications about our servicesConsent (Art. 6.1.a GDPR)
Analyze website usage for improvementLegitimate interest (Art. 6.1.f GDPR)
Comply with legal obligationsLegal obligation (Art. 6.1.c GDPR)
Provide the Sofia virtual assistant serviceConsent (Art. 6.1.a GDPR)
Abuse prevention and session management (fingerprint)Legitimate interest (Art. 6.1.f GDPR)
Quality control and debugging of the Sofia serviceLegitimate interest (Art. 6.1.f GDPR)

4. DATA RETENTION

  • Commercial inquiries: up to 12 months from the last communication.
  • Browsing data: as indicated in the cookie policy.
  • Sofia session metadata (IP, time, duration, turns): 90 days from the session date.
  • Sofia conversation transcriptions: 60 days from the session date, after which they are automatically deleted.
  • Audio data: processed in real time and never stored.

5. DATA RECIPIENTS

Data is not transferred to third parties except:

  • Service providers acting as data processors (hosting, email, AI language model providers), with signed data processing agreements.
  • Legal obligation: when required by competent authorities.

All data is processed and stored on servers located in the European Union. AI language model processing is performed by third-party providers with data processing agreements in place that ensure GDPR compliance.

6. AUTOMATED DECISION-MAKING

Sofia generates responses using artificial intelligence language models. These responses are informational only and do not produce legal effects or similarly significant impacts on users. No automated decisions with legal or significant effects are made based on your interaction data (Art. 22 GDPR).

7. DATA SUBJECT RIGHTS

You may exercise the following rights:

  • Access: know what data we process about you.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request the deletion of your data.
  • Objection: object to the processing of your data.
  • Restriction: request that processing be limited.
  • Portability: receive your data in a structured format.
  • Withdraw consent: at any time.

How to exercise your rights:

Send a request to dpo@buddybeam.app indicating the right you wish to exercise and providing a copy of your identity document.

Complaint to the supervisory authority:

If you believe the processing does not comply with regulations, you may file a complaint with the Spanish Data Protection Agency (www.aepd.es).

8. SECURITY MEASURES

We have implemented technical and organizational measures to protect your data:

  • Encrypted connections via HTTPS/TLS protocol
  • Servers located in the European Union
  • Restricted access control
  • Staff confidentiality policies
  • Automatic deletion of conversation transcriptions after 60 days

9. MODIFICATIONS

BUDDYBEAM, S.L. reserves the right to modify this privacy policy to adapt it to legislative or jurisprudential developments, as well as industry practices. In such cases, changes will be announced on this page with reasonable advance notice before their implementation. We recommend reviewing this policy periodically.

10. CONTACT

For any data protection inquiries:

BUDDYBEAM, S.L.
Email: dpo@buddybeam.app
Address: Carrer del Pare Palau, N.º 5, Izquierda, Entresuelo 3, 43001 – Tarragona, Spain