Skip to content
Puzzle Tech & Sec
ES EN
Let's talk
Legal information

Privacy & legal notice

Operational text. If you need additional detail for your vendor due-diligence, write to [email protected].

Last updated: April 2026

1. Data controller

  • Legal name: PUZZLE TECH & SEC S.R.L.
  • Tax ID (CIF): B75473967
  • Address: Madrid, Spain.
  • Contact email: [email protected]
  • Data protection contact: same email for any data-treatment query.

2. What we collect and why

We only collect what you voluntarily submit through our forms:

  • Contact form: name, work email, free-form message. Used to reply and book a call.
  • ROI calculator: email + slider inputs. Used to send your personalized report.
  • Diagnosis quiz: email + answers. Used to send the recommended plan.
  • Compose AI: the text you submit for the live demo + optional email if you request the extended plan. Text is processed via Anthropic's API (never used to train models) and is not stored permanently unless you request the email follow-up.
  • Newsletter: email only.

We do not use tracking or profiling cookies. Site analytics run through Cloudflare Web Analytics — 100% cookieless and aggregate. That's why there is no cookie banner — none required under GDPR / Spanish LSSI.

3. Legal basis

Processing is based on your explicit consent (when you submit a form) and on legitimate interest in providing the requested service and maintaining related commercial communication (GDPR art. 6.1.a and 6.1.f).

4. Who processes your data on our behalf

To run the site we use the following sub-processors. All have a signed DPA and demonstrable GDPR compliance:

  • Vercel Inc. — site hosting. EU/US (SCC transfer).
  • Microsoft Corp. — transactional email via Microsoft Graph (Office 365 mailbox). EU/US.
  • Holded Tech, S.L. — CRM that stores your lead. Spain.
  • Anthropic, PBC — LLM provider for the "Tell us your case" demo (no retraining). US (SCC transfer).
  • Cloudflare Inc. — anti-bot protection via Turnstile (cookieless). EU/US (SCC).
  • Cloudflare Web Analytics — aggregate site analytics (cookieless, no individual tracking). EU/US.

5. Retention

  • Leads & messages in CRM: 3 years from last contact, unless you request deletion sooner.
  • Newsletter subscribers: until you unsubscribe (one-click in every email).
  • Server logs (IP, timestamp): 30 days, only for abuse detection and debugging.
  • Compose AI conversations not explicitly saved: not stored.

6. Your rights

At any time you can exercise the rights of access, rectification, deletion, objection, restriction and portability by writing to [email protected]. We respond within 30 days (typically 24-48h).

If you believe we are mishandling your data you can file a complaint with the Spanish Data Protection Agency (aepd.es).

7. Legal notice (Spanish LSSI-CE)

  • Owner: PUZZLE TECH & SEC S.R.L.
  • Tax ID (CIF): B75473967
  • Activity: technology consulting in strategy, processes and applied AI.
  • Email: [email protected].
  • Headquarters: Madrid, Spain.

Site content (text, graphics, code) is copyrighted. Published playbooks may be shared and used internally inside companies as long as attribution to Puzzle Tech & Sec is preserved.

8. Changes to this policy

When we update this page, the new date will appear at the top. Substantive changes (new sub-processors, new purposes) will be announced via newsletter.