Skip to main content
OposilabOposilabBack to home

Privacy Policy

Last updated: 16 de abril de 2026

At Oposilab we take the protection of your personal data very seriously. This policy explains what information we collect, how we use it, and what your rights are.

1. Data controller

The data controller is Oposilab (prados.developer@gmail.com). You can contact us at any time to exercise your rights or resolve any questions.

2. Data we collect

We collect the data you provide when registering (name, email) and usage data generated when interacting with the platform (test progress, AI tutor conversation history, study statistics). We also collect technical data such as IP address, browser type, and device.

3. Purpose of processing

We use your data to: provide access to the platform, personalize your study experience, generate progress statistics, manage your subscription and payments, send service-related communications, and improve our products.

4. Legal basis

Processing is based on: performance of the service contract (platform use), your consent (marketing communications), and our legitimate interest (service improvement and security).

5. Data retention

We retain your data as long as your account remains active. If you delete your account, we will erase your personal data within a maximum of 30 days, unless there is a legal obligation to retain it.

6. Data sharing

We do not sell your data. We share information with providers strictly necessary for the operation of the service: Supabase (database and authentication), OpenAI (AI tutor and content generation), Stripe (payment processing), and Vercel (hosting).

7. Your rights

You have the right to access, rectify, delete, and port your data, as well as to object to or limit its processing. You can exercise these rights by writing to prados.developer@gmail.com. You also have the right to file a complaint with the Spanish Data Protection Agency (AEPD).

8. Security

We implement technical and organizational measures to protect your data: encryption in transit (HTTPS/TLS), secure passwordless authentication (magic link), Row Level Security in the database, and role-based access control.