Skip to main content
·de.abaco

Privacy notice

Privacy

Last updated: 2026-05-11

At deabaco we treat data the way we treat numbers: with discipline, transparency, and the minimum necessary. This page explains what we keep, why, with whom, and how to delete it if you want.

We do not sell data. Ever. We do not share personal information with advertisers, aggregators, or third parties who profile users. If this ever changed, we would notify you in advance and require your explicit consent.

1. What data we collect

When you browse the site without signing in: nothing identifiable. Vercel, our hosting provider, logs basic technical data (IP, user-agent, route) for security and debugging. These logs rotate automatically.

When you sign in with your email: we keep your email address for authentication. Your session is maintained via secure cookies (HttpOnly, Secure, SameSite).

When you use account-required features — Pulso/Cockpit checklist, module progress, ratings, AI assistant, personalized Path — we store only what those features need to work: your module progress, your check answers, your AI prompts, and optionally your CV if you upload it in Path.

We do NOT collect: address, phone, date of birth, gender, income, exact location, or any banking data. No third-party advertising tracker (Facebook Pixel, Google Ads, etc.) is installed.

2. Who we share data with

Three infrastructure providers process data on our behalf. Each meets its own security standards and signs standard DPAs (Data Processing Agreements):

Supabase — database and authentication. Stores your email, session, and progress data. US-based servers.

Anthropic — language model provider (Claude) used by the AI assistant and personalized path. When you query the AI, your prompt + a module content fragment is sent to their API. Anthropic does not use this data to train models unless you explicitly opt in — and we do not opt in.

Vercel — hosting and basic performance analytics (Web Vitals). Vercel sees page-load metrics, not personal content.

We share data with NO ONE else. Not advertisers, not brokers, not lead aggregators.

3. AI assistant — what happens with your prompts

When you ask the AI assistant a question inside a module, or use Path so it recommends a learning route, this happens: your prompt + a fragment of the module's content is sent to Anthropic's API, we receive the response in streaming, and it shows on your screen.

We keep a usage log per user (how many queries, in which module, date) to detect abuse and apply rate limiting. We do NOT store the prompt content or AI response except in temporary technical logs (≤30 days).

If you upload your CV in Path, the file is processed to extract text, that text is sent to Anthropic together with your question, and the file is discarded. We do NOT store the PDF in our database.

4. Cookies

We use only strictly necessary cookies: session authentication (Supabase) and the next-intl language cookie. No marketing or advertising tracking cookies.

Vercel uses anonymized, aggregated performance analytics cookies (Web Vitals). They do not identify individual users.

Full detail in our Cookie Policy.

5. Your rights

You have the right to: access your data, export it, correct it, and delete it entirely. To exercise any of these, write to the contact email at the bottom of the site. We respond within 14 business days.

Deletion: if you request account deletion, we erase your email, session, progress, Pulso checks, ratings, and AI usage logs within 7 days. Anonymized technical logs may remain up to 30 days.

You are a resident of Chile, US, EU, or other country: you have the rights your local jurisdiction grants you (Law 19.628 in Chile, GDPR in EU, CCPA in California). We respect them.

6. Security

Your session is authenticated via magic link sent to your email. We do not use passwords. Links expire and are single-use.

We apply Row Level Security in the database: each user can only view and modify their own data. Verifiable in our open code (SQL migrations).

Active security headers: HSTS, CSP, X-Frame-Options, Permissions-Policy. HTTPS-encrypted traffic on all connections.

If you discover a vulnerability, write to us before disclosing it publicly. We respond within 48h.

7. Changes to this policy

If we update this page materially (e.g. we add a new provider that processes personal data), we notify you via email to your registered account at least 14 days in advance.

Minor changes (clarifications, copy fixes) update the date in the header without notification.

8. Contact

For any question about data, deletion, or exercising rights, write to the site contact email (in the footer). We respond personally, not with a bot.

See also