Privacy Policy

Last updated: 11 April 2026

1. Overview

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations — in particular the EU General Data Protection Regulation (GDPR) — and this privacy policy.

This privacy policy explains what data we collect when you use our website, how we use it, and what rights you have regarding your data.

2. Data Controller

The data controller within the meaning of the GDPR is:

Hugo Nguyen / Craton AI Safety
C. Pedro Miguel Hernandez Camacho, 41
38760 Los Llanos
Santa Cruz de Tenerife
Spain
Email: hugo@palmai.es

3. Data We Collect

3a. Server Log Files

The hosting provider of this website automatically collects and stores information in server log files that your browser transmits to us. These are:

  • IP address (anonymized where possible)
  • Browser type and version
  • Operating system
  • Referrer URL (the previously visited page)
  • Requested page / hostname
  • Date and time of the server request

This data cannot be attributed to specific persons. It is not merged with other data sources. We reserve the right to subsequently review this data if we become aware of specific indications of illegal use.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in the stable and secure operation of this website.
Retention: Server logs are retained only as long as necessary for secure operation and are routinely deleted under the hosting retention policy.

3b. Self-Hosted Web Fonts

This website uses the Instrument Serif, JetBrains Mono, and Manrope typefaces via self-hosted font files bundled with the website build. Your browser does not contact Google servers when loading these fonts.

As a result, no visitor personal data is transmitted to Google for font delivery through ordinary use of this website.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in a uniform and professional presentation of our website.

3c. Contact via Email

If you contact us by email, we process your email address, name (if provided), and the content of your message in order to handle your inquiry.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in communication with prospective clients and partners).
Retention: Data is retained for the duration of the business relationship and subsequently as required by commercial and tax law (§257 HGB: 6 years; §147 AO: 10 years).

4. No Cookies, No Analytics, No Tracking

This website does not use cookies. We do not deploy analytics tools, tracking pixels, or any form of user profiling. We do not engage in automated decision-making or profiling as defined in Art. 22 GDPR.

5. Your Rights as a Data Subject

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR) — You may request confirmation of whether we process your personal data and, if so, obtain access to that data.
  • Right to rectification (Art. 16 GDPR) — You may request the correction of inaccurate personal data concerning you.
  • Right to erasure (Art. 17 GDPR) — You may request the deletion of your personal data, provided there is no legal obligation to retain it.
  • Right to restriction of processing (Art. 18 GDPR) — You may request the restriction of processing of your personal data under certain conditions.
  • Right to data portability (Art. 20 GDPR) — You may request to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to object (Art. 21 GDPR) — You may object to the processing of your personal data at any time where processing is based on Art. 6(1)(f) GDPR (legitimate interests). We will then no longer process your data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms.
  • Right to withdraw consent (Art. 7(3) GDPR) — If processing is based on your consent, you may withdraw that consent at any time. Note: We currently do not process any data on the basis of consent.

To exercise any of these rights, please contact us at hugo@palmai.es.

6. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). You may contact the supervisory authority in the EU member state of your habitual residence, your place of work, or the place of the alleged infringement.

The competent supervisory authority for our business is: Agencia Espanola de Proteccion de Datos (AEPD).
C. Jorge Juan, 6, 28001 Madrid, Spain.

7. Data Transfers to Third Countries

We do not transfer personal data to third countries through the ordinary delivery of this website.

8. Data Security

We use TLS/SSL encryption (HTTPS) for all data transmitted between your browser and our servers. We maintain appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

9. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable law. The current version is always available at this URL. We encourage you to review this page periodically.