Privacy Policy
Last updated: 2/16/2026
This Privacy Policy explains how Aliigo collects and processes personal data for the Website and the Service. Where Aliigo processes personal data on behalf of a business customer as a processor, the Data Processing Addendum (DPA) applies.
1. Data controller
Controller: Emilio Castellanos (Aliigo) Tax ID (NIF): 55448913F Address: C/ de Dalt, 37 · Bajo derecha, Ciutat Vella · 46003 València (Spain) Contact: legal@aliigo.com
2. Data we collect
Depending on how you use the Website or Service, we may collect: - Account data: name, email, password hash (not your raw password), business name, and optional phone/website - Billing data: subscription status and payment metadata (payments are handled by our payment processor) - Service data: configuration content you provide (business info/knowledge), conversation history, and leads captured through the widget (when enabled) - Technical data: log data and device/browser information (e.g., IP address, timestamps, user agent) for security and reliability - Analytics/marketing data (only when enabled via consent where required)
3. Purposes and legal bases
We process data for: A) Providing the Service and operating your account (contract) B) Billing, payments, fraud prevention, and account administration (contract / legitimate interests) C) Security, abuse prevention, debugging, and service improvement (legitimate interests) D) Customer support and service communications (contract / legitimate interests) E) Analytics and measurement (consent where required) F) Marketing (consent where required) We do not sell personal data.
4. Sharing and recipients
We share data with vendors (processors) only as needed to provide the Service, including: - Hosting and infrastructure: Vercel - Security/CDN: Cloudflare - Database and authentication: Supabase - Transactional email: Resend - Payments and billing: Stripe - AI processing to generate responses: OpenAI - Microsoft Clarity — session analytics and heatmaps We may also use analytics and advertising tools (e.g., Google Analytics 4 via Google Tag Manager; Meta Pixel). Depending on configuration, these providers may act as processors or independent controllers. For transparency and updates, see our “Subprocessors & Third‑Party Services” page.
5. International transfers
Some vendors may process data outside the European Economic Area (EEA), including in the United States. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) and other measures provided by those vendors.
6. Data retention
We retain personal data for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. If you close your account, we will delete or anonymize data within a reasonable period, unless we are legally required to retain it.
7. Security
We use reasonable technical and organizational measures designed to protect personal data, including access controls, encryption in transit, and operational monitoring. No method of transmission or storage is 100% secure.
8. Your rights
Depending on your location, you may have rights to access, rectify, erase, restrict, object, and port your personal data. To exercise rights, contact legal@aliigo.com. If you are in Spain, you may also lodge a complaint with the Spanish Data Protection Authority (AEPD).
9. Service data and business customers
If you use Aliigo as a business customer, you may upload business information and receive visitor conversations/leads. In that context, you are typically the data controller for your visitor data, and Aliigo acts as a processor. Our Data Processing Addendum (DPA) describes these obligations.
10. Cookies and tracking
We use cookies and similar technologies. In the EEA/UK, analytics and marketing cookies are enabled only with your consent. See our Cookie Policy for details.