Legal

Privacy Policy

Last updated: Apr 29, 2026

This policy explains what personal data Interiu AI S.L. ("Interiu", "we", "us") collects from visitors and prospective clients, why we collect it, how we use it, and the rights you have under the EU General Data Protection Regulation (GDPR) and Spanish data protection law (LOPDGDD).

Data controller
Interiu AI S.L. — Calle Maquinaria, 4, 3, 1, 07011 Palma de Mallorca, Spain.
Privacy contact
legal@interiu.com
Supervisory authority
Agencia Española de Protección de Datos (AEPD) — aepd.es

1. What we collect

Information you provide

When you contact us through a form, by email, or in scheduled meetings, we receive what you give us — typically your name, work email, company, role, country, and the contents of your message. If you describe a use case, that description becomes part of your record. Providing this information is voluntary; if you choose not to share it, we may not be able to evaluate your request or reply.

Information collected automatically

Our hosting infrastructure logs technical data needed to deliver and protect the site: IP address, browser and device fingerprint, referrer, request timestamps, and pages visited. Logs are kept short-term for security and operational purposes.

Cookies and similar technologies

We use a small number of cookies. Some are strictly necessary for the site to function; others are loaded only after you give consent. Full detail lives on our Cookie Policy.

2. How we use your data

We process personal data for clearly defined purposes. Each is paired with a legal basis under GDPR Article 6.

Responding to your inquiry

When you submit our contact form or email us, your message is delivered to our team and a confirmation email is automatically sent back to you through our transactional email provider, Brevo. We then reply, schedule meetings, and exchange the information needed to evaluate working together.

Legal basis: performance of a contract or steps taken at your request prior to entering into one (Art. 6(1)(b)).

Operational follow-up and relationship management

If we have already been in touch, we may follow up about your inquiry, share relevant updates about our work, or invite you to a conversation. You can opt out at any time.

Legal basis: our legitimate interest in maintaining a B2B working relationship (Art. 6(1)(f)), balanced against your privacy interests.

Marketing communications

If you sign up for a newsletter or other promotional contact, we send those messages through Brevo and you can unsubscribe with one click in any message.

Legal basis: your consent (Art. 6(1)(a)), which you can withdraw at any time.

Site analytics and advertising measurement

If enabled, we use Google Tag Manager together with Google Analytics, and the Meta Pixel, to understand how visitors arrive at and use our site, and to measure the effectiveness of campaigns we run. These tools may set cookies and share limited identifiers with Google and Meta. We load them only after you accept analytics or marketing cookies in our consent banner.

Legal basis: your consent (Art. 6(1)(a)).

Security, legal compliance, and our records

We process technical logs to detect abuse, and we keep records as required by Spanish accounting, tax, and commercial law.

Legal basis: our legitimate interest in operating the site safely (Art. 6(1)(f)) and compliance with legal obligations (Art. 6(1)(c)).

3. Who we share data with

We do not sell personal data. We share it only with carefully selected service providers ("processors") who help us operate the business, and only to the extent necessary for that work.

Email — Brevo

Sendinblue SAS (trading as Brevo), based in France (EU). We use Brevo to send transactional confirmations when you contact us, and — only with your consent — marketing emails. Brevo processes your name, email, the metadata of messages we send, and basic engagement signals (delivery, open, click).

Hosting and infrastructure

The website is hosted on EU infrastructure. Server logs and any uploaded content sit with our hosting provider under a data processing agreement.

Analytics and advertising — when enabled

If you accept analytics or marketing cookies, anonymized usage data is shared with Google (Google Analytics, Google Ads via Google Tag Manager) and Meta Platforms (Meta Pixel). These transfers may involve the United States; in that case they rely on Standard Contractual Clauses and the EU-US Data Privacy Framework where the recipient is certified.

Professional advisors and authorities

We may disclose data to our legal, accounting, or audit advisors, and to public authorities where required by law.

4. International transfers

We prefer EU-based providers and process personal data within the European Economic Area whenever possible. When a transfer outside the EEA is necessary, we rely on a recognized safeguard — most commonly the European Commission's Standard Contractual Clauses, supplemented by additional measures where required.

5. How long we keep data

We keep personal data only as long as we need it for the purpose we collected it for, plus the period required by law.

  • Inquiry messages — for as long as needed to evaluate, follow up on, or pursue a working relationship arising from the conversation. B2B sales cycles can run for years; we keep the record while it is still relevant. You can ask us to delete it at any time under your right to erasure (Art. 17 GDPR) and we will action that request unless we have an overriding legal obligation to retain.
  • Client records — for the duration of the contract, plus retention periods required by Spanish commercial and tax law (typically 6 years).
  • Marketing contacts — until you unsubscribe or ask us to remove you.
  • Server and security logs — short-term, typically 30–90 days.

6. Your rights

Under GDPR you have the right to:

  • Access the personal data we hold about you;
  • Have it corrected or completed;
  • Have it deleted, where applicable;
  • Restrict or object to specific processing;
  • Receive your data in a portable format;
  • Withdraw consent at any time, without affecting prior lawful processing;
  • Lodge a complaint with the AEPD or another EU supervisory authority.

No automated decision-making. We do not subject you to decisions based solely on automated processing — including profiling — that produce legal effects concerning you or significantly affect you (Art. 22 GDPR). Any work that materially affects an engagement is reviewed by people.

To exercise any of these rights, write to legal@interiu.com. We will respond within one month.

7. Security

We apply industry-standard technical and organizational measures to protect personal data: encryption in transit, access control, principle of least privilege, vendor due diligence, and incident response procedures. No system is perfectly secure; if a breach affects you, we will notify you and the AEPD as required by law.

8. Changes to this policy

We may update this policy as our services or the law evolve. The "Last updated" date at the top reflects the latest version. Material changes will be highlighted on this page or, where appropriate, communicated to you directly.

If anything here is unclear, please write to legal@interiu.com. We read every message and respond personally.