SIGMAAI
Legal / Data Protection

Data Protection Policy

This Data Protection Policy explains how Sigma AI processes and protects your personal data in compliance with the GDPR and Spanish data protection legislation.

Identification of the data controller

Owner: SIGMA. AI, SLU.

Registered office: Avenida de Burgos 114, Madrid, Spain, Postal Code: 28050, Madrid.

SIGMA. AI, SLU (hereinafter, “the Controller“) is the controller of the personal data obtained from users through the use of this website, in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR“) and in Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (hereinafter “LOPDGDD”).

To ensure the proper management of the processing of your personal data, please contact us via our anonymous contact form.

For what purpose and on what basis do we process personal data?

Purpose of processingAdditional informationLegitimating basis
Contact formThrough the contact form available on our website, you provide us with information such as your name, contact details and any other information you choose to share. Once we have received your communication, we will be able to contact you to resolve your question or concern.The legitimate interest of the Data Controller in responding to requests for information received through its consultation channels.
Marketing ActivitiesWe will process the data provided through the contact form in order to send you our marketing communications and provide you with the information about our products and services that you request.The consent of the data subject.
CookiesWe use cookies to differentiate you from other users, learn more about your preferences and offer you a more personalized browsing experience. For more information, please see Section 6 of this Privacy Policy.The consent of the data subject.

To whom will your data be communicated?

The Data Controller may communicate your personal data to the Public Bodies and Administrations, only when necessary for compliance with the applicable legal obligations.

You may also communicate your data to subsidiaries and related companies of our Group, for internal administrative purposes.

In addition, the Controller collaborates with certain third-party service providers who process your personal data on our behalf, such as:

  • Service providers to provide, run, and support our IT infrastructure (such as identity management, hosting, data analytics, backup, security, and cloud storage services).

The controller follows strict criteria for selecting service providers to comply with its data protection obligations and forms the corresponding Data Processing Agreement with them in accordance with Article 28 of the GDPR.

Subprocessors

We engage the following subprocessors to process personal data on our behalf. Each subprocessor is contractually bound by a Data Processing Agreement (DPA) that includes the obligations required under Article 28 of the GDPR.

SubprocessorFunctionLocation / Hosting
Cloudflare, Inc.CDN, DNS, DDoS protection, edge hosting, SSL/TLS terminationUnited States (EU data residency options enabled where available)
Supabase, Inc.Managed PostgreSQL database, authentication service, object storageUnited States (EU data residency options enabled where available)

We perform annual security and compliance reviews of all subprocessors. If we add or replace a subprocessor, we will update this list and provide at least 30 days' notice on this page before the change takes effect.

Are there international transfers?

SIGMA AI, SLU belongs to the SIGMA Group, whose holding company is an American company headquartered in Miami, USA. In this regard, the recipients of your personal data may be located, in some particular cases, outside the European Union. In such cases, we require them to comply with the applicable data protection requirements. Therefore, we only transfer your personal data to a third country or international organisation if they offer appropriate safeguards.

You can learn more about the measures implemented by SIGMA. AI, SLU by contacting our DPO via our anonymous contact form.

How long will we keep your personal data?

The period of storage of your personal data will be that which is strictly necessary to comply with the purpose for which they were provided or collected. In this regard, the criteria that the Data Controller uses to set the storage periods of your personal data have been determined in accordance with the requirements established in the applicable legislation, regulations and normative guidelines.

In this regard, the Data Controller guarantees that it will not process the personal data unless it is necessary for the formulation, exercise or defence of claims or when this is required to provide them to the Public Administration, Judges and Courts during the limitation period of their legal rights or obligations. Your personal data will subsequently be deleted.

Similarly, in the event that the processing of personal data is supported by legitimate interest or consent given by you, we will process the personal data until you object to the processing (unless compelling legitimate interests prevail on the part of the Controller) or withdraw your consent.

Retention schedule

  • Contact form submissions — automatically erased 730 days (2 years) after submission via a scheduled purge job.
  • Authentication and access logs — retained 12 months for security monitoring and incident response.
  • Audit log of administrative actions — retained 24 months for compliance and forensics.
  • Published content and associated files — retained while published; orphan storage assets are removed automatically when the parent record is deleted.

You may at any time exercise your right of access or erasure ("right to be forgotten") by contacting us — see "What are your data protection rights?" below.

What are your data protection rights?

You may contact SIGMA. AI, SLU at any time, being able to exercise your rights:

  • Right of access: You can ask us for access to and copies of your personal data;
  • Right to rectification: You can ask us to amend your data if you believe it is inaccurate and ask us to add further information if you believe it is incomplete;
  • Right to erasure: You can ask us to delete your personal data if it is no longer necessary for the purposes identified above, if your data has been unlawfully processed or for compliance with applicable law;
  • Right to restriction: You can ask us to restrict processing if you contest the accuracy of your personal data, if it is unlawful and you object to its erasure, if you need it for the establishment, exercise or defence of legal claims or if you have exercised your right to object;
  • Right to object: You can object to the processing of your personal data so that we stop processing it;
  • As well as the right to the portability of their data and not to be subject to automated decisions, and to withdraw their consent at any time, without this affecting the lawfulness of the processing based on consent prior to its withdrawal, by means of a request addressed to SIGMA. AI, SLU with registered office at Avenida de Burgos 114, Madrid, Spain, or via our anonymous contact form.

Where there is reasonable doubt as to the identity of the natural person making the request, additional information necessary to confirm the identity of the data subject may be requested.

Likewise, you are informed that you may revoke the consents granted whenever you wish, by contacting SIGMA. AI, SLU at the postal address or email indicated above.

Finally, if you wish to have more information about your rights in terms of data protection or need to file a complaint, you can contact the Spanish Data Protection Agency, with address at Calle Jorge Juan, 6, 28001, Madrid, in order to safeguard your rights ( www.aepd.es).

Use of cookies

Our website uses cookies to differentiate you from other users, which helps us to provide you with an optimal browsing experience and to improve our site. Some areas of the site also use cookies to learn more about you and provide you with a more personalized experience. We process this personal data to:

  • To ensure that the content on our site is presented in the most effective manner for you and your device.
  • Administer our site and perform internal operations, such as troubleshooting, data analysis, testing, research, statistics, and surveys.
  • Allow you to participate in interactive features of our service, if you choose.
  • Keeping our site safe and secure.
  • Measure and understand the effectiveness of the advertising we serve to you and others, and provide you with relevant advertising.
  • Make suggestions and recommendations to you and other users about goods or services that may be of interest.

You can find all the details in our Cookie Policy.

Modification of the privacy and data protection policy

SIGMA. AI, SLU reserves the right to modify this privacy and data protection policy to adapt it to the regulations in force at all times and to the instructions or recommendations given by the supervisory authorities, so we recommend reading it before each access and browsing of the website.

Keep your personal data up to date

We strive to maintain the accuracy and integrity of the personal data we hold. It is essential that you inform us of any updates to your contact details or other personal data to ensure that we have the most up-to-date information about you. Please contact us for any updates via our anonymous contact form.

Opt-out of brand and logo usage

At Sigma AI, we respect our clients' right to control how their brand, name, logo, and trademarks are used for marketing or promotional purposes. If you are a client and do not wish for your brand, company name, logo, or any identifying marks to appear on our website, case studies, presentations, press releases, or any other promotional materials, you may opt out at any time.

To opt out, please send a written request via our anonymous contact form with the subject line "Opt-out — Brand and Logo Usage". Please include your company name and a brief confirmation that you do not consent to the use of your brand or logo as a client reference. We will process your request within 10 business days and confirm once your preferences have been updated.

This opt-out does not affect any contractual obligations between your company and Sigma AI, nor does it limit our ability to provide the services agreed upon. It solely restricts the use of your brand and logo for public-facing marketing, promotional, or communications purposes.

Last updated

Last updated on April 10, 2025.