Last updated: February 2026

1. Introduction

Cotizable ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our service.

2. Data Controller

Cotizable is the data controller for the personal data processed through our platform. For privacy inquiries, contact us at soporte@cotizable.com.

3. Data We Collect

3.1 Account Information

• Name and business name
• Email address
• Phone number
• Business address
• Payment information (processed by Stripe)

3.2 Service Usage Data

• WhatsApp conversations (to provide automated responses)
• Calendar availability
• Proposals and invoices created
• Customer interaction history

3.3 Customer Data

When you use Cotizable, you may input data about your customers, including:
- Names and contact information
- Service requests and preferences
- Photos and descriptions of work needed
- Payment records

3.4 Technical Data

• IP address
• Browser type and version
• Device information
• Usage patterns and analytics

4. How We Use Your Data

We process your data to:
- Provide and improve our Service
- Process payments and subscriptions
- Send automated WhatsApp responses on your behalf
- Schedule appointments in your calendar
- Generate proposals and track their status
- Send service-related communications
- Comply with legal obligations

5. Legal Basis for Processing

We process data based on:
- Contract performance: To provide the services you subscribed to
- Legitimate interests: To improve our services and prevent fraud
- Legal obligation: To comply with applicable laws
- Consent: Where required, such as for marketing communications

6. Data Sharing

We share data with:
- Stripe: For payment processing
- Google: For calendar integration
- WhatsApp/Meta: For messaging services
- Cloud providers: For secure data storage
- Legal authorities: When required by law

We do not sell your personal data to third parties.

7. International Transfers

Your data may be transferred to and processed in countries outside the European Economic Area. We ensure appropriate safeguards are in place, including Standard Contractual Clauses.

8. Data Retention

We retain your data according to Spanish and European legal requirements:
- Account data: For the duration of your account plus 4 years (tax prescription period per art. 66 LGT)
- Transaction records and invoices: 6 years (art. 30 Spanish Commercial Code)
- Conversation history: 2 years after the last interaction (GDPR data minimization principle)
- Analytics data: 26 months (CNIL/AEPD recommendation)

9. Your Rights (GDPR)

Under GDPR, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Limit how we process your data
- Portability: Receive your data in a structured format
- Object: Object to certain processing activities
- Withdraw consent: Where processing is based on consent

To exercise these rights, contact soporte@cotizable.com.

10. Data Security

We implement industry-standard security measures:
- Encryption in transit (TLS) and at rest
- Regular security audits
- Access controls and authentication
- Secure data centers
- Employee training on data protection

11. Cookies

We use essential cookies to ensure the proper functioning of our Service. For more details, see our cookie notice on the website.

12. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect data from children.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notification.

14. Contact Us

For privacy-related questions or to exercise your rights:
- Email: soporte@cotizable.com
- Address: Calle Francisco Pizarro number 2 (Talavera la real), Badajoz/Spain

15. Supervisory Authority

You have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) or your local supervisory authority.