Privacy policy

1. Scope and legal framework

This privacy policy applies to personal data processed through senirop.com and related subdomains operated by Senirop SAS, a technology consulting company incorporated in Ecuador.

We process personal data in accordance with the Organic Law on Personal Data Protection (LOPDP), published in Official Registry Supplement No. 459 of May 26, 2021, its regulations, and applicable Ecuadorian legislation. Where international clients interact with our site, we also follow recognized privacy principles such as lawfulness, transparency, purpose limitation, and data minimization.

By using this website and, where applicable, submitting information through our forms, you acknowledge that you have read this policy. Where consent is required under the LOPDP, we will request it in a clear and specific manner.

2. Data controller

The data controller responsible for your personal data is Senirop SAS, with headquarters at Shyris y Suecia, Edif. Argentum, Oficina 1205, Quito, Pichincha · ZIP 170507, Ecuador, Ecuador.

• Email: info@senirop.com
• Web: Contact form

For privacy-related requests, you may contact us using the channels above. We may ask for information to verify your identity before responding.

3. Key definitions

• Personal data — any information that identifies or can reasonably identify a natural person.
• Data subject — the individual to whom the personal data relates.
• Processing — any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.
• Data processor — a third party that processes personal data on our behalf under our instructions.

4. Personal data we collect

The data we process depends on how you interact with the site. We collect only what is relevant for the purposes described in this policy.

Information you provide voluntarily

• Contact form — name, email address, optional company name, and message content.
• Direct correspondence — information you send us by email or through other channels linked from this site.
• AI assistant (if enabled) — the text of your messages and any information you choose to include in the conversation.

Information collected automatically

• Technical and usage data such as IP address, browser type, device characteristics, operating system, referring URL, pages viewed, and approximate access times.
• Cookies and similar technologies when you accept them or when strictly necessary for site operation (see Section 10).

Please do not submit confidential, sensitive, or special-category personal data through the contact form or AI assistant unless we have explicitly agreed to receive it under a separate engagement.

5. Legal bases for processing

Under the LOPDP, we process personal data when at least one of the following applies:

• Your consent — for example, when you submit the contact form or use optional analytics cookies.
• Pre-contractual or contractual necessity — to respond to your inquiry, evaluate a potential engagement, or perform services you have requested.
• Legitimate interest — to operate, secure, and improve the website, prevent abuse, and understand aggregate usage, balanced against your rights.
• Legal obligation — when retention or disclosure is required by applicable law or competent authority.

6. Purposes of processing

We use personal data for the following purposes:

• Responding to project inquiries and scheduling follow-up conversations.
• Operating the optional AI assistant to provide general information about our consulting services.
• Sending transactional or service-related communications related to your request.
• Measuring site performance and understanding how visitors use our content, when analytics tools are enabled.
• Maintaining security, detecting spam or automated abuse, and protecting our infrastructure.
• Complying with legal, regulatory, or judicial requirements.

We do not sell your personal data. We do not use contact form data for unrelated mass marketing without your separate consent.

7. Retention periods

We retain personal data only for as long as necessary for the purposes for which it was collected, unless a longer period is required or permitted by law.

• Contact inquiries — typically up to twenty-four (24) months after our last meaningful interaction, or for the duration of an active client relationship and any applicable statutory limitation period.
• AI assistant sessions — processed to deliver the response; we do not use the assistant to build long-term marketing profiles. Server-side logs may be kept for a limited period for security and troubleshooting.
• Analytics data — according to the retention settings configured in our analytics tools and hosting provider.
• Security logs — for a reasonable period consistent with industry practice and legal requirements.

When data is no longer needed, we delete or anonymize it using appropriate technical measures.

8. Recipients and data processors

We may share personal data with trusted service providers who act as data processors under contract and only on our documented instructions. These may include:

• Email delivery — Resend (or equivalent provider) to deliver contact form messages to our team.
• AI infrastructure — OpenAI or similar providers when you use the website assistant feature.
• Hosting and infrastructure — cloud and edge providers that operate the website and related logs.
• Analytics — Google Tag Manager and related tags when configured (for example, Google Analytics), subject to your cookie preferences where required.

We may also disclose information when required by law, court order, or governmental request, or when necessary to protect the rights, safety, and property of Senirop, our users, or third parties.

9. International transfers

Some of our processors may store or process data outside Ecuador, including in the United States or the European Economic Area. When we transfer personal data internationally, we implement appropriate safeguards consistent with the LOPDP and applicable regulations, such as contractual clauses, provider security commitments, and data minimization.

10. Security measures

We apply technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. These include access controls, encrypted transport (HTTPS), provider-level security practices, and limited internal access on a need-to-know basis.

No method of transmission or storage is completely secure. If we become aware of a personal data incident that may affect your rights, we will notify you and the relevant authority when required by the LOPDP.

11. Cookies and similar technologies

Our website may use cookies, local storage, and similar technologies to enable core functionality and, when configured, to measure traffic and campaign performance through Google Tag Manager.

• Strictly necessary cookies — required for basic site operation and security.
• Analytics cookies — help us understand how visitors interact with the site; these may be disabled through your browser settings or any consent mechanism we implement.

You can manage cookies through your browser preferences. Disabling certain cookies may affect site functionality.

12. Your rights under the LOPDP

As a data subject, you may exercise the following rights, subject to conditions and exceptions set out in Ecuadorian law:

• Access — know whether we process your data and obtain a copy.
• Rectification and update — correct inaccurate or incomplete data.
• Deletion — request erasure when processing is no longer justified.
• Opposition and suspension — object to or request restriction of certain processing.
• Portability — receive your data in a structured, commonly used format where applicable.
• Withdraw consent — where processing is based on consent, without affecting prior lawful processing.
• Automated decisions — not to be subject solely to automated processing that produces legal or similarly significant effects, except as permitted by law.

To exercise your rights, contact us at info@senirop.com. We will respond within the timeframes established by the LOPDP. You may also lodge a complaint with the Personal Data Protection Authority of Ecuador when applicable.

13. Children’s privacy

This website is directed at business professionals and is not intended for children under sixteen (16) years of age. We do not knowingly collect personal data from children. If you believe a minor has provided us with personal data, please contact us so we can take appropriate action.

14. Changes to this policy

We may update this privacy policy to reflect changes in our practices, technology, or legal requirements. The “Last updated” date at the top of this page indicates when the policy was last revised. Material changes will be posted on this page; where appropriate, we may provide additional notice.

Continued use of the site after an update constitutes acknowledgment of the revised policy, except where further consent is required by law.

15. Related documents

Use of this website is also governed by our Terms of use. Client engagements, statements of work, and commercial agreements, when applicable, prevail over this policy for contracted services.