GDPR Compliant Last updated: May 4, 2026

Privacy policy

Information on the processing of your personal data under Regulation (EU) 2016/679 (GDPR).

Download PDF

1. Data controller

The data controller is Oleksandr Petryshchenko, operating under the trade name Olek AI Studio, based in Canals, Valencia, Spain.

For any privacy inquiry: rgpd@olekai.studio.

2. Data we collect

We collect only the data necessary to provide the service:

  • Name, surname, email, phone, company, and sector provided through the contact form, WhatsApp, email, or meetings.
  • Project information shared by the client during development (briefs, credentials, content, files).
  • Tax and bank data necessary for billing, only for contracted clients.
  • Browser technical data (IP address, language, pages visited, time spent), processed in anonymized form.

3. Purpose and legal basis

  • Handle inquiries and provide contracted services (art. 6.1.b GDPR).
  • Send commercial communications, with prior express consent (art. 6.1.a GDPR).
  • Comply with legal obligations in tax and accounting matters (art. 6.1.c GDPR).
  • Improve the site through aggregated and anonymized analytics (art. 6.1.f GDPR).

We do not sell personal data nor transfer it to third parties for commercial purposes.

4. Retention periods

  • Inquiries not converted into contract: 24 months from last contact.
  • Client data: during the contractual relationship and 6 years thereafter, in accordance with tax and commercial obligations.
  • Server technical logs: 12 months.
  • Communication subscribers: until consent is withdrawn.

5. Disclosure to third parties

Data may be processed by the following processors, all subject to GDPR safeguards through standard contractual clauses:

  • Hostinger International Ltd. (site hosting, EU).
  • Supabase Inc. (database storage, USA, with SCCs).
  • AI providers: Anthropic, OpenAI, Google, Groq, Perplexity, which only process data shared during service delivery.
  • WasenderAPI, for WhatsApp Business integration.

6. Rights of the data subject

The data subject has the right to request access, rectification, erasure, restriction, objection, and portability of their data, as well as to withdraw consent at any time.

To exercise these rights, the data subject must send a request to rgpd@olekai.studio, accompanied by a document proving identity. A response will be issued within a maximum of 30 calendar days.

If a satisfactory response is not obtained, the data subject may file a complaint with the Spanish Data Protection Agency (aepd.es).

7. Security

We apply appropriate technical and organizational measures: encryption in transit (HTTPS/TLS 1.3), encryption at rest, role-based access control, and two-factor authentication. In the event of a personal data breach, notification to the data subject and the supervisory authority will be made within a maximum of 72 hours, in accordance with art. 33 GDPR.

8. Minors

The services are directed to individuals over 16 years of age. Data from minors is not knowingly collected. The detection of a minor's data without parental consent will result in its immediate deletion.

9. Modifications

This policy may be updated to reflect legal, technical, or service changes. Substantial changes will be notified by email to clients and subscribers, as well as through a prominent notice on the site.

Contact

To exercise your rights or for any privacy inquiry, write to rgpd@olekai.studio.