Skip to content
Gradion
Review a specific workflow

Privacy Policy

Last updated: April 2026

Data controller

Controller: Ivor Padilla and Gabriel Naranjo Lituma, self-employed professionals operating under the Gradion trading name, with professional address in Madrid, Spain. Contact email: hello@gradion.io. Gradion is not required to appoint a Data Protection Officer under Article 37 GDPR and Article 34 LOPDGDD; for any question about the processing of your data or the exercise of your rights, please write to the email above with "Data protection" in the subject line.

What data we collect

We collect personal data in three categories:

  • Contact information. Name, email address, company name and message content when you contact us through our website, email or subscribe to our newsletter.
  • Website usage. IP address, browser type, pages visited and interaction data collected through analytics tools to understand how visitors use our site.
  • Communication data. Messages, call records and correspondence related to our services.

Legal basis

We process your personal data under the following legal grounds, in accordance with the RGPD (Reglamento General de Protección de Datos) and the LOPDGDD (Ley Orgánica de Protección de Datos y Garantía de los Derechos Digitales):

  • Consent. When you subscribe to our newsletter or accept non-essential cookies.
  • Legitimate interest. To respond to enquiries, improve our website and analyse usage patterns.
  • Contract performance. To deliver the services described in our engagement agreements.
  • Legal obligation. To comply with applicable tax, accounting and regulatory requirements under Spanish law.

Your rights

Under the RGPD you have the following rights over your personal data:

  • Access. Request a copy of the personal data we hold about you.
  • Rectification. Request correction of inaccurate or incomplete data.
  • Erasure. Request deletion of your personal data when it is no longer necessary for the purposes collected.
  • Portability. Receive your data in a structured, commonly used format and transfer it to another controller.
  • Object. Object to processing based on legitimate interest at any time.
  • Restriction. Request that we limit processing of your data in certain circumstances.

Data security

We apply technical and organisational measures proportionate to the risk to protect your personal data against unauthorised access, alteration, disclosure or destruction. We host services in European Union regions whenever technically possible, with encryption in transit (TLS), per-client isolated environments during pilots, role-based access control following the principle of least privilege, and activity logging. Some of our providers are subsidiaries of US-headquartered groups; in those cases international transfers are covered by the mechanisms in Chapter V of the GDPR (adequacy decisions, European Commission Standard Contractual Clauses, and supplementary measures). No system is infallible, which is why we work with a culture of continuous improvement and incident response.

Cookies

Our website uses cookies to ensure basic functionality and to understand how visitors interact with our pages. For full details on the cookies we use, how to manage your preferences and your rights under Spanish cookie regulations, see our Cookie Policy

Data retention

We keep commercial contact data for the duration of the conversation and for up to 24 months after the last exchange, unless you ask us to delete it sooner. Web server technical logs are kept for a maximum of 30 days, unless they need to be extended to investigate a security incident. Data linked to the contractual relationship with clients is kept for the duration of the contract and, after it ends, for the legal periods that apply (in particular tax and commercial retention periods). Data processed under a legal obligation is kept for the period required by the applicable law and is then blocked until any possible liabilities are time-barred.

Contact and complaints

For any questions about this policy or to exercise your rights, contact us at hello@gradion.io. You also have the right to lodge a complaint with the Agencia Española de Protección de Datos (AEPD) at www.aepd.es.

Policy updates

We may update this privacy policy to reflect changes in our practices or applicable legislation. Significant changes will be communicated via our website. We encourage you to review this page periodically.