Privacy policy

1. Data controller

The data controller and service owner is resenia.es. For any privacy or data protection matter, users may contact admin@resenia.es. No data protection officer has been appointed at this time.

2. Personal data processed

We process the data needed to provide the service: username, email address, encrypted password, verification status, assigned plan, language and response profile preferences, business context entered by the user, comments or messages supplied to generate replies, generated or edited replies, activity, usefulness feedback, usage counters, technical security records and, if integrations are enabled, encrypted authorization tokens and external identifiers.

3. Purposes

Data is processed to create and manage accounts, authenticate users, verify email, reset passwords, generate AI-assisted replies, store activity, allow response editing and reuse, apply usage limits, prevent abuse, maintain security, provide support, administer the product and, when integrations are available and authorized by the user, connect external services such as Google Business Profile or Trustpilot.

4. Legal basis

The main legal basis is performance of the terms of use requested by the user. We may also process data based on legitimate interest in maintaining security, preventing fraud, debugging errors, improving the service and measuring usage proportionately. External integrations, when available, are based on the users authorization, which may be withdrawn by disconnecting the integration. Where a legal obligation applies, we will process the data required to comply with it.

5. Use of artificial intelligence

Texts provided by the user and the context needed to generate a response may be sent to the configured AI provider solely to generate the requested draft. The user should avoid entering special-category data or unnecessary third-party information. Generated replies are assisted drafts and must be reviewed before use.

6. Recipients, processors and subprocessors

To operate the service we may use technology providers for hosting, database, email delivery, artificial intelligence, security, observability, contextual or display advertising and third-party APIs connected by the user. These providers will process data only as necessary to provide their services and according to their applicable terms and agreements.

7. International transfers

Some providers may process data outside the European Economic Area. Where this occurs, processing will be sought to rely on safeguards recognized by applicable law, such as adequacy decisions, standard contractual clauses or other valid mechanisms.

8. Retention

Data will be retained while the account is active and as long as needed to provide the service. Activity and settings may be retained until the user deletes them or closes the account. Verification and password reset tokens expire and are deleted according to their purpose. After account closure, limited data may be retained for the periods necessary to address legal responsibilities, security or claims.

9. User rights

Users may request access, rectification, erasure, objection, restriction and portability where applicable, and may withdraw consent without affecting processing carried out before withdrawal. To exercise rights, contact admin@resenia.es and identify the account and the right requested.

10. Complaints

If a user considers that processing does not comply with applicable law, they may first contact admin@resenia.es. They may also lodge a complaint with the competent supervisory authority; in Spain, the Agencia Española de Protección de Datos at www.aepd.es.

11. Security

resenIA applies technical and organizational measures proportionate to risk, including authentication, session control, password hashing, rate limiting, integration token encryption, input validation, separate environment profiles and technical event records needed for security and operation.

12. Minors

The service is aimed at professionals, freelancers and companies. It is not directed at minors. If an account created by a minor without a valid legal basis is detected, it may be suspended or deleted.

13. Changes to this policy

This policy may be updated to reflect legal, technical or service changes. Where changes are material, users will be informed through reasonable means within the application or by email.