Privacy Policy

The data controller for personal data collected through Plancton.ai sites and services (plancton.ai, app.plancton.ai, api.plancton.ai) is the legal entity Plancton.ai. Where Plancton acts on behalf of another company or group, the legal representative must be specified.

Plancton may obtain personal data through various means:

• Registration data: name, email, address, phone, billing data.
• Usage data: IP addresses, device IDs, browser type, cookies.
• Data you input: messages, files and links sent through our platforms.
• Generated data: results produced by our AI models, derived metadata.
• Third-party data: processed only if legally permitted or consented (e.g. payment providers, social networks).

Plancton applies the minimization principle, collecting only strictly necessary data.

Personal data is processed for the following purposes:

• Service provision: account management, platform functionality (chatbots, dashboards), technical support.
• Administrative & financial: billing, payment processing, subscription management.
• Customer support: responding to inquiries, sending service notifications.
• Marketing: sending newsletters/promotions (only with consent).
• Analysis & improvement: anonymous statistics to optimize performance.
• Legal compliance: meeting fiscal, accounting and security obligations.

• Contract performance: to provide services.
• Consent: for marketing, non-essential cookies, AI training.
• Legal obligation: when required by law to retain/communicate info.
• Legitimate interest: to improve service, security and fraud prevention.

Plancton uses AI algorithms (OpenAI, Gemini, Agents SDK) hosted on AWS and protected by Cloudflare.

Transparency: we use third-party providers. Google APIs are used for auth and email; WhatsApp/Meta APIs for messaging.

Model training: if user data is used for training, it will be anonymized. You may opt out.

Automated decisions: if automated decisions have legal effects, we will inform you of the logic. You have the right to manual review.

Data may be shared with trusted service providers acting as processors:

• AWS & Cloudflare (infrastructure)
• Stripe (payments)
• OpenAI, Gemini, Agents SDK (AI)
• Google (auth, Gmail API)
• WhatsApp/Meta (messaging)

If data is transferred outside the EEA/safe countries, Plancton adopts appropriate guarantees (e.g. standard contractual clauses).

• Account/Billing: retained during the contractual relationship and legal statutory periods.
• Marketing: until consent is revoked.
• Logs: max 12 months for security/legal compliance.

Users can exercise their access, rectification, suppression, limitation, portability and opposition rights by contacting us. You may withdraw consent at any time and have the right to file a complaint with the competent authority (INAI in Mexico, AEPD in Spain).

The platform is for users 18+. Registration of under-13s is prohibited.

We apply encryption, access controls and backups. However, no system is 100% secure; users should take reasonable precautions.

We use proprietary and third-party cookies. You can accept or reject non-essential cookies via our banner or browser settings.

Use of Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Limited Use commitment:

• No AI training with this data.
• No sharing for advertising.
• No selling data.
• Use strictly limited to user-facing features (e.g. calendar sync).

Use of Meta (Facebook/Instagram) APIs complies with the Meta Platform Terms.

Data usage:

• Specific purpose: management and automation of conversations only.
• No transfer: no selling/transferring to ad networks.
• No surveillance: not used for tracking.
• Deletion: we honor data deletion requests.

Plancton reserves the right to update this policy. Significant changes will be communicated. Continued use implies acceptance.

For privacy inquiries or to exercise your rights: Email: hola@plancton.ai