Privacy Policy.
Effective Date: April 2026 | Version: v2026.1 | Governing Law: Spain / EU
1. Identity of the Data Controller
In compliance with GDPR Article 13 and LOPDGDD, the entity responsible for processing your personal data through this website is:
Trading Name: Autonomous Intelligence Growth
Contact Email: info@getaigrowth.com
Website: https://getaigrowth.com
DPO: Not applicable (processing does not meet the GDPR Article 37 threshold for mandatory appointment)
Full legal identity is published in our Compliance Hub, in compliance with LSSI-CE Article 10.
2. Scope of This Policy
This Privacy Policy covers personal data collected from visitors to getaigrowth.com through the following touchpoints:
- Contact and enquiry forms (Forminator)
- Appointment booking system (Cal.com)
- AI chatbot widget interactions on this domain
- Email communications initiated via this website
- Website session and technical data
Out of scope: Personal data processed by clients of Autonomous Intelligence Growth on their own websites. Clients operate as independent Data Controllers. That relationship is governed by a separate Data Processing Agreement (DPA) — see our Compliance Hub.
3. Personal Data Collected
The table below specifies every category of data collected, the legal basis under GDPR Article 6, the data source, and the applicable retention period.
| Category of Data | Purpose & Legal Basis | Source | Retention |
|---|---|---|---|
| Contact form data Name, email, message |
Responding to enquiries — pre-contractual steps (Art. 6(1)(b)); legitimate interest (Art. 6(1)(f)) | Directly from data subject via Forminator | 24 months from last contact, then deleted |
| Booking data Name, email, time slot |
Scheduling — performance of contract / pre-contractual steps (Art. 6(1)(b)) | Directly from data subject via Cal.com | Duration of engagement + 12 months |
| AI chatbot logs Message content, session ID |
Support provision — legitimate interest (Art. 6(1)(f)); consent where required | Directly from data subject during chat | 90 days, then purged |
| Technical / device data IP address, browser, cookies |
Website security and operation — legitimate interest (Art. 6(1)(f)); consent for non-essential cookies | Automatically via browser/server | Session cookies: on close. Analytics: see Cookie Policy |
| Email correspondence | Business communication — legitimate interest (Art. 6(1)(f)) | Directly from data subject | 3 years or duration of business relationship |
No special-category data (GDPR Article 9) is intentionally collected. Any such data submitted voluntarily will be deleted promptly upon identification.
4. AI Chatbot — Specific Disclosures
4.1 EU AI Act Transparency (Article 50)
In compliance with EU AI Act Article 50 (2026), users interacting with the AI chatbot on this domain are notified at the point of interaction — and via machine-readable metadata in the chat widget — that they are communicating with an automated system, not a human.
The chatbot on this website is an automated AI system, operated under the badge: “Powered by Autonomous Intelligence.”
It is not a human operator. Responses are generated by a large language model and are inherently non-deterministic. AI-generated responses do not constitute professional, legal, or financial advice.
4.2 Data Processed During Chatbot Interactions
- Content of your messages (text input)
- Session identifiers (non-persistent; for conversation continuity only)
- Timestamp and approximate geolocation (country-level, derived from IP)
- Device and browser type (for rendering)
Conversation content is processed by our AI infrastructure provider (ChatLab). Do not submit sensitive personal data, financial information, or special-category data through the chat interface.
4.3 Human Escalation (EU AI Act Art. 50)
You may request that your enquiry be referred to a human operator at any time by contacting info@getaigrowth.com. Human responses are provided during business hours.
5. Third-Party Integrations
5.1 Cal.com (Booking System)
Appointment bookings are processed via Cal.com. Your name, email, and selected time slot are transmitted to Cal.com’s servers. Cal.com acts as a Data Processor on our behalf for scheduling purposes and as an independent Data Controller for its own platform operations.
- Cal.com Privacy Policy: https://cal.com/privacy
- Transfer mechanism: Standard Contractual Clauses (SCCs) where applicable
5.2 Forminator (Contact Forms)
Contact forms are powered by Forminator (WPMU Dev). Submission data is stored in our WordPress database. No third-party marketing integrations (e.g., Mailchimp, HubSpot) are currently active. Each form carries a mandatory privacy notice and consent acknowledgement in compliance with GDPR Article 7.
5.3 Sub-processor Registry
| Sub-processor | Role | Data Processed | Privacy Reference |
|---|---|---|---|
| ChatLab | AI infrastructure provider — chatbot runtime & RAG knowledge base | Chatbot conversation content; session data | chatlab.com/privacy Verify URL before publishing |
| OpenAI via ChatLab |
Large language model — AI response generation | Anonymised query text; no persistent user profiles | openai.com/policies/privacy-policy |
| Cal.com | Booking and scheduling platform | Name, email, appointment data | cal.com/privacy |
| Web Host / WordPress | Website infrastructure; form data storage | Form submissions; server logs; session data | Hosting provider DPA — available on request |
6. International Data Transfers
Some sub-processors operate outside the European Economic Area (EEA). All such transfers are safeguarded through one or more of the following mechanisms:
- EU adequacy decision (GDPR Article 45)
- Standard Contractual Clauses approved by the European Commission (GDPR Article 46(2)(c))
OpenAI processes data primarily in the United States under Standard Contractual Clauses. Users who object to transatlantic transfers should contact us at info@getaigrowth.com to discuss alternatives.
7. Your Rights as a Data Subject
Under GDPR Articles 15–22 and LOPDGDD, you have the following enforceable rights:
To exercise any of these rights, submit a written request to info@getaigrowth.com. We will respond within 30 calendar days (GDPR Article 12). Identity verification may be required.
If unsatisfied with our response, you may lodge a complaint with the Agencia Española de Protección de Datos (AEPD) at www.aepd.es.
8. Security Measures
We implement technical and organisational security measures in accordance with GDPR Article 32, including:
- TLS/SSL encryption for all data in transit
- Access controls: administrator access granted solely for configuration purposes, revocable by the client at any time
- Confidentiality obligations binding on all personnel with data access
- Sub-processor vetting prior to engagement
- Data breach notification to AEPD within 72 hours (GDPR Art. 33) and to affected data subjects where required (GDPR Art. 34)
9. Cookies
This website uses cookies in accordance with LSSI-CE Article 22.2. Strictly necessary cookies operate without consent. All non-essential cookies require explicit prior consent via the cookie banner on first visit.
Full details on every cookie set by this website — including those from Cal.com and WordPress plugins — are published in our Cookie Policy.
10. Governing Law & Supervisory Authority
This policy is governed by Spanish law and applicable EU regulations including GDPR (EU 2016/679), EU AI Act (2024/1689), LSSI-CE (Law 34/2002), and LOPDGDD (LO 3/2018).
Disputes are subject to the exclusive jurisdiction of the courts of Las Palmas de Gran Canaria, Spain, unless otherwise agreed in a signed service contract.
Supervisory Authority: Agencia Española de Protección de Datos (AEPD)
C/ Jorge Juan, 6, 28001 Madrid, Spain
www.aepd.es | +34 901 100 099