Privacy Policy

Last updated: March 26, 2026

At Levante Platform, we respect your privacy and are committed to protecting your personal data. This Privacy Policy describes how we collect, use, share, and protect your information when you use our platform.

By using Levante Platform, you accept the practices described in this policy. We recommend that you read it carefully.

Our Commitment to Your Data

✓

Zero Data Retention

Your prompts and AI responses are never stored by upstream providers

✓

No Data Sales

We never sell your personal data to third parties

✓

EU Data Residency

AI requests processed exclusively within EU infrastructure

✓

No AI Training

Your data is never used to train or improve AI models

For full details on our Zero Data Retention practices, see our ZDR Policy.

1. Data Controller

Name: Saul Gomez Jimenez

Jurisdiction: Spain

Contact email: saulgmz@claiacademy.com

Saul Gomez Jimenez is the data controller responsible for the personal data collected through Levante Platform, in accordance with the General Data Protection Regulation (GDPR) of the European Union.

2. Data We Collect

We collect the following types of personal data:

Account Data

Email (required for registration)
Name (optional)

Technical Data

IP Address (stored in audit logs)
Session cookies (for authentication)

Usage Data

Tokens consumed via the APIs
AI models used
Associated usage spend

Billing Data

Transaction history (processed through Stripe)

Offer Request Data

When you submit our initial diagnosis offer form, we collect:

Full name (required)
LinkedIn profile URL (required)
Company name (required)
Job title (required)
Company website (optional)
Number of employees (required)
Industry sector (required)
Current AI usage description (required)
Main concerns (optional)
Goals (optional)

What we do NOT collect:The content of your AI requests — prompts, completions, conversation context, and attached files — is never stored by Levante or our upstream AI infrastructure providers when using private models. See our Zero Data Retention policy for details.

3. Legal Basis for Processing

We process your personal data based on the following legal bases under the GDPR:

Purpose	Legal Basis (Art. 6 GDPR)
Create and manage your account	Performance of contract
Process payments and billing	Performance of contract
Provide technical support	Performance of contract / Legitimate interest
Security and fraud prevention	Legitimate interest
Process offer requests and initial diagnosis	Consent
Analytics and service improvement	Consent
Marketing communications	Consent

4. How We Use Your Data

We use your personal data for the following purposes:

Service delivery:Create and manage your account, authenticate you, and provide you with access to the platform's features.
Billing: Process payments, generate invoices, and manage your balance.
Usage tracking: Record token and model consumption to calculate costs and display statistics.
Security: Detect and prevent fraudulent activities, abuse, or unauthorized access.
Service improvement: Analyze platform usage to improve the user experience (only with your consent).
Communications: Send you important notifications about your account, service updates, or marketing communications (with your consent).

5. Who We Share Your Data With

We share your personal data with the following third parties, solely for the purposes described:

Supabase

Database and authentication

We store your account and usage data in Supabase, which acts as a data processor.

Stripe

Payment processing

Stripe processes your payment transactions. We do not store card data; it is managed directly by Stripe in compliance with PCI DSS.

PostHog

Analytics (consent-based only)

We use PostHog to analyze platform usage and improve the experience. It is only activated if you consent to analytical cookies.

Google Analytics (via GTM)

Analytics (consent-based only)

We use Google Analytics through Google Tag Manager to understand how users interact with the platform. It is only activated if you consent to analytical cookies.

Resend

Email delivery

We use Resend to send you transactional emails (account confirmation, payment notifications, etc.).

Important: We do not sell your personal data to third parties. We never have and never will.

6. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA), primarily in the United States:

Supabase: Servers in USA
Stripe: Servers in USA
PostHog: Servers in USA/EU
Google: Global servers
Resend: Servers in USA

These transfers are carried out with appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, privacy certifications, or equivalent mechanisms that ensure an adequate level of protection for your personal data in compliance with the GDPR.

AI Request Processing — EU Only

All private model API requests are processed exclusively within European Union infrastructure (Dublin, Frankfurt, and Paris), ensuring full compliance with GDPR Article 44 regarding international data transfers. The content of your prompts and completions never leaves the EU during processing. For more details, see our Zero Data Retention policy.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

Right of Access

You can request a copy of the personal data we hold about you.

Right to Rectification

You can request the correction of inaccurate or incomplete data.

Right to Erasure

You can request the deletion of your personal data under certain circumstances.

Right to Data Portability

You can request to receive your data in a structured and commonly used format.

Right to Object

You can object to the processing of your data based on legitimate interest.

Right to Restrict Processing

You can request that we limit the use of your data in certain situations.

Right to Withdraw Consent

Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

8. How to Exercise Your Rights

To exercise any of your rights, you can contact us at:

Email: saulgmz@claiacademy.com

We will respond to your request within a maximum of 30 days. In complex cases, this period may be extended by an additional 60 days, with prior notification.

If you believe we have not adequately addressed your rights, you have the right to file a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.

9. Cookies

We use cookies and similar technologies to:

Essential cookies: Necessary for the platform to function (session authentication with Supabase).
Analytical cookies: To understand how you use the platform (PostHog and Google Analytics loaded via GTM). Only activated with your consent.

For more information about the cookies we use and how to manage them, please refer to our Cookie Policy.

10. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected:

Data Type	Retention Period
Account data	As long as your account remains active
Usage data	As long as your account remains active
Billing data	6 years (legal tax obligation)
Audit logs (IP)	12 months (security)
Offer request data	12 months or until the initiative concludes
AI request content (prompts, completions)	Zero retention — never stored

After your account is deleted, we will delete or anonymize your personal data, except for data we are required to retain due to legal obligations.

11. Minors

Levante Platform is intended for users aged 14 years and older. We do not knowingly collect data from individuals under this age. If you are a parent or guardian and believe that a child under 14 has provided us with personal data, please contact us at saulgmz@claiacademy.com so we can delete it.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or for legal reasons. When we do:

We will update the "last updated" date.
If the changes are significant, we will notify you by email or through a prominent notice on the platform.
We recommend reviewing this policy periodically to stay informed.

13. Contact

If you have questions, comments, or concerns about this Privacy Policy or about how we handle your personal data, you can contact us at:

Saul Gomez Jimenez

Email: saulgmz@claiacademy.com

Jurisdiction: Spain

Privacy Policy

Last updated: March 26, 2026

By using Levante Platform, you accept the practices described in this policy. We recommend that you read it carefully.

Our Commitment to Your Data

✓

Zero Data Retention

Your prompts and AI responses are never stored by upstream providers

✓

No Data Sales

We never sell your personal data to third parties

✓

EU Data Residency

AI requests processed exclusively within EU infrastructure

✓

No AI Training

Your data is never used to train or improve AI models

For full details on our Zero Data Retention practices, see our ZDR Policy.

1. Data Controller

Name: Saul Gomez Jimenez

Jurisdiction: Spain

Contact email: saulgmz@claiacademy.com

Saul Gomez Jimenez is the data controller responsible for the personal data collected through Levante Platform, in accordance with the General Data Protection Regulation (GDPR) of the European Union.

2. Data We Collect

We collect the following types of personal data:

Account Data

Email (required for registration)
Name (optional)

Technical Data

IP Address (stored in audit logs)
Session cookies (for authentication)

Usage Data

Tokens consumed via the APIs
AI models used
Associated usage spend

Billing Data

Transaction history (processed through Stripe)

Offer Request Data

When you submit our initial diagnosis offer form, we collect:

Full name (required)
LinkedIn profile URL (required)
Company name (required)
Job title (required)
Company website (optional)
Number of employees (required)
Industry sector (required)
Current AI usage description (required)
Main concerns (optional)
Goals (optional)

3. Legal Basis for Processing

We process your personal data based on the following legal bases under the GDPR:

Purpose	Legal Basis (Art. 6 GDPR)
Create and manage your account	Performance of contract
Process payments and billing	Performance of contract
Provide technical support	Performance of contract / Legitimate interest
Security and fraud prevention	Legitimate interest
Process offer requests and initial diagnosis	Consent
Analytics and service improvement	Consent
Marketing communications	Consent

4. How We Use Your Data

We use your personal data for the following purposes:

Service delivery:Create and manage your account, authenticate you, and provide you with access to the platform's features.
Billing: Process payments, generate invoices, and manage your balance.
Usage tracking: Record token and model consumption to calculate costs and display statistics.
Security: Detect and prevent fraudulent activities, abuse, or unauthorized access.
Service improvement: Analyze platform usage to improve the user experience (only with your consent).
Communications: Send you important notifications about your account, service updates, or marketing communications (with your consent).

5. Who We Share Your Data With

We share your personal data with the following third parties, solely for the purposes described:

Supabase

Database and authentication

We store your account and usage data in Supabase, which acts as a data processor.

Stripe

Payment processing

Stripe processes your payment transactions. We do not store card data; it is managed directly by Stripe in compliance with PCI DSS.

PostHog

Analytics (consent-based only)

We use PostHog to analyze platform usage and improve the experience. It is only activated if you consent to analytical cookies.

Google Analytics (via GTM)

Analytics (consent-based only)

We use Google Analytics through Google Tag Manager to understand how users interact with the platform. It is only activated if you consent to analytical cookies.

Resend

Email delivery

We use Resend to send you transactional emails (account confirmation, payment notifications, etc.).

Important: We do not sell your personal data to third parties. We never have and never will.

6. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA), primarily in the United States:

Supabase: Servers in USA
Stripe: Servers in USA
PostHog: Servers in USA/EU
Google: Global servers
Resend: Servers in USA

AI Request Processing — EU Only

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

Right of Access

You can request a copy of the personal data we hold about you.

Right to Rectification

You can request the correction of inaccurate or incomplete data.

Right to Erasure

You can request the deletion of your personal data under certain circumstances.

Right to Data Portability

You can request to receive your data in a structured and commonly used format.

Right to Object

You can object to the processing of your data based on legitimate interest.

Right to Restrict Processing

You can request that we limit the use of your data in certain situations.

Right to Withdraw Consent

Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

8. How to Exercise Your Rights

To exercise any of your rights, you can contact us at:

Email: saulgmz@claiacademy.com

We will respond to your request within a maximum of 30 days. In complex cases, this period may be extended by an additional 60 days, with prior notification.

If you believe we have not adequately addressed your rights, you have the right to file a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.

9. Cookies

We use cookies and similar technologies to:

Essential cookies: Necessary for the platform to function (session authentication with Supabase).
Analytical cookies: To understand how you use the platform (PostHog and Google Analytics loaded via GTM). Only activated with your consent.

For more information about the cookies we use and how to manage them, please refer to our Cookie Policy.

10. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected:

Data Type	Retention Period
Account data	As long as your account remains active
Usage data	As long as your account remains active
Billing data	6 years (legal tax obligation)
Audit logs (IP)	12 months (security)
Offer request data	12 months or until the initiative concludes
AI request content (prompts, completions)	Zero retention — never stored

After your account is deleted, we will delete or anonymize your personal data, except for data we are required to retain due to legal obligations.

11. Minors

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or for legal reasons. When we do:

We will update the "last updated" date.
If the changes are significant, we will notify you by email or through a prominent notice on the platform.
We recommend reviewing this policy periodically to stay informed.

13. Contact

If you have questions, comments, or concerns about this Privacy Policy or about how we handle your personal data, you can contact us at:

Saul Gomez Jimenez

Email: saulgmz@claiacademy.com

Jurisdiction: Spain