Privacy Policy
Last updated: June 3, 2026. This policy describes how Microbians Consultancy collects, uses, and protects your personal data.
1. Who we are
Microbians Consultancy ("we", "us", "our") is a software consultancy headquartered in Spain, operating within the European Union. We are committed to protecting your privacy in full compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679.
For data protection matters, please contact us.
2. What data we collect
We collect only the data you voluntarily provide to us:
- Contact form: name, email address, subject, message content, and project type.
- Analytics: anonymized page views and usage patterns via Google Analytics 4 and Microsoft Clarity (only with your consent).
- Cookies: essential technical cookies required for site operation, plus optional analytics cookies (see our Cookie Policy).
3. Legal basis for processing (GDPR Article 6)
We process your personal data under the following legal bases:
- Consent (Article 6(1)(a)): for analytics cookies and optional marketing communications.
- Contractual necessity (Article 6(1)(b)): to respond to your inquiries and provide our consultancy services.
- Legitimate interest (Article 6(1)(f)): to operate and improve our website, prevent fraud, and ensure network security.
4. How we use your data
Your data is used only for the following purposes:
- To respond to your inquiries and provide information about our services.
- To improve our website through anonymized analytics.
- To comply with legal obligations.
We do not sell, rent, or share your personal data with third parties for their own marketing purposes.
5. Data retention
Contact form submissions are retained for a maximum of 24 months after the last communication. Analytics data is retained for 14 months in accordance with Google's retention policy. You may request earlier deletion at any time.
6. Your rights under GDPR
As a data subject in the EU/EEA, you have the following rights:
- Right of access (Article 15): request a copy of the personal data we hold about you.
- Right to rectification (Article 16): correct inaccurate or incomplete data.
- Right to erasure (Article 17): request deletion of your data ("right to be forgotten").
- Right to restriction (Article 18): limit how we process your data.
- Right to data portability (Article 20): receive your data in a machine-readable format.
- Right to object (Article 21): object to processing based on legitimate interest, including analytics.
- Right to withdraw consent: withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.
To exercise any of these rights, contact us. We will respond within 30 days as required by GDPR.
7. Age restriction — under 18
Our services are intended for individuals who are at least 18 years of age. In accordance with GDPR Article 8 and the Spanish Organic Law 3/2018 on Data Protection and Digital Rights (LOPDGDD), we do not knowingly collect or solicit personal data from anyone under the age of 18 in the European Union.
If we become aware that a user under 18 has submitted personal data through our contact form without verifiable parental consent, we will promptly delete that information and cease all processing. If you believe a minor has provided us with personal data, please contact us immediately.
8. Data security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes HTTPS encryption, secure API endpoints, and restricted access to personal data on a need-to-know basis.
9. Third-party processors
We use the following third-party services that may process your data:
- Cloudflare — CDN, DNS, and D1 database hosting (EU / US). Data Processing Agreement in place.
- Google Analytics 4 — anonymized website analytics (with consent).
- Microsoft Clarity — anonymized session recording and heatmaps (with consent).
- PostHog — product analytics (with consent, EU-hosted where possible).
All processors are contractually bound to comply with GDPR and process data only on our documented instructions.
10. International data transfers
Where your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) adopted by the European Commission or an adequacy decision under GDPR Article 45.
11. Complaints
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority. In Spain, this is the Spanish Data Protection Agency (AEPD) at www.aepd.es.
12. Changes to this policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.
Have questions about privacy?
We're happy to answer any questions about how we handle your data.
Contact us