ConducIA Logo

GDPR Compliance

Last updated: December 2025 | Next review: March 2026

Your Data Protection Rights

Under the General Data Protection Regulation (GDPR) and the Spanish Organic Law on the Protection of Personal Data (LOPDGDD), you have specific rights regarding your personal data. ConducIA is committed to facilitating the exercise of these rights.

100% GDPR Compliant: We implement all necessary measures to ensure full compliance with European and Spanish data protection regulations.

Quick Actions

You can exercise your rights by sending an email to soporte@conducia.com with the corresponding subject:

  • Request my data (Right of access):
    soporte@conducia.com - Subject: "GDPR Request - Access to my data"
  • Delete my data (Right to erasure):
    soporte@conducia.com - Subject: "GDPR Request - Delete my data"
  • Correct my data (Right to rectification):
    soporte@conducia.com - Subject: "GDPR Request - Correct my data"
  • Download my data (Right to portability):
    soporte@conducia.com - Subject: "GDPR Request - Download my data"

Your Rights under GDPR

1. Right of Access

You can request a copy of all personal data we hold about you, including:

  • Profile information (name, email, academic progress)
  • Platform activity and usage records
  • Gamification data (points, streaks, achievements)
  • Support communication history

Response time: 30 calendar days from request.

2. Right to Rectification

You can correct inaccurate or incomplete data, such as:

  • Contact information (email, name)
  • Incorrect profile data
  • Billing information

Response time: 30 calendar days. Some corrections may be applied immediately.

3. Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data when:

  • Data is no longer necessary for the original purposes
  • You withdraw consent and there's no other legal basis
  • You object to processing and there are no overriding legitimate interests
  • Data has been unlawfully processed

Important: Some data may be retained due to legal obligations (billing, accounting) for the time required by law.

4. Right to Data Portability

You can receive your data in a structured, commonly used format (JSON/CSV) including:

  • Profile data and academic progress
  • Activity history and results
  • Settings and preferences

Format: Structured JSON compatible with other educational platforms.

5. Right to Object and Restrict

You can object to processing of your data for:

  • Direct marketing and promotional communications
  • Usage analysis based on legitimate interest
  • Automated processing to improve services

You can also request to restrict processing while we resolve a dispute about data accuracy or lawfulness.

6. Right not to be Subject to Automated Decision-Making

ConducIA uses AI to generate questions, but important decisions always include human oversight:

  • Automated processes are limited to educational content generation and do not affect user evaluations or access
  • Educational content generation is manually reviewed
  • You can request human review of any process

How to Exercise Your Rights

Simple and Free Process

1. Send your request

Email: soporte@conducia.com with subject "GDPR Request"

2. Include necessary information

  • Your full name and registered email
  • Type of right you want to exercise
  • Specific description of your request

3. Confirmation and response

You'll receive a complete response within 30 calendar days from your request

Need help? If you have questions about exercising your rights, contact our support team who will guide you through the process.

How We Protect Your Data

Technical Measures

  • SSL/TLS encryption in all communications
  • Database protected with RLS (Row Level Security)
  • Input data validation
  • Automatic backups

Organizational Measures

  • Role-based access control
  • Incident response procedures
  • Data protection training
  • Regular policy reviews

How Long We Keep Your Data

During Contractual Relationship

  • Profile and progress data: While you have an active account
  • Usage data: Last 2 years of activity
  • Communications: While relevant to service

After Service

  • Inactive account: 1 year from last access
  • Tax data: 7 years (legal obligation)
  • Consent withdrawn: Immediate deletion (except legal obligations)

Note: You can request deletion of your data at any time, except for data we must retain due to legal obligations.

International Transfers

Some of our service providers are located outside the European Economic Area (EEA). In these cases, we implement the following safeguards:

  • Standard Contractual Clauses: Approved by the European Commission
  • Certifications: SOC 2, PCI DSS from providers
  • Technical Measures: End-to-end encryption

Main Providers

  • Supabase: Database - EEA
  • Stripe: Payments - EEA/USA
  • Resend: Email - USA

Complaints and Contact

Not satisfied with our response?

If you believe your data processing doesn't comply with regulations, you can:

1. Contact ConducIA

Try to resolve the issue directly with us:

  • Email: soporte@conducia.com
  • Subject: "GDPR Complaint"

2. Spanish Data Protection Agency (AEPD)

You can file a complaint with the supervisory authority:

Updates to this Page

This page is updated periodically to reflect changes in regulations and our practices. Important modifications will be communicated at least 30 days in advance.

Last update: November 2025

Next review: January 2026