PRIVACY POLICY

LamparaLab
Last updated: March 2026

1. Introduction

This Privacy Policy explains how LamparaLab collects, uses, and protects personal data when you visit our website or communicate with us regarding our services.

LamparaLab provides revenue analytics and data interpretation services for businesses using marketing, CRM, product, and operational data sources.

This policy applies to personal data collected through the LamparaLab website and through direct communication with LamparaLab.

2. Data Controller

LamparaLab is operated by an independent professional based in Spain.

Data Controller:
Anna Orestova
Malaga, Spain
Contact: hello@lamparalab.com

3. Personal Data We Collect

Information you provide

When contacting LamparaLab or requesting a demo we may collect:

• first name
• last name
• email address
• company website
• message content (if provided)

Automatically collected information

When visiting the website we may collect limited technical information such as:

• IP address
• browser type
• device information
• referring pages
• interactions with the website
• cookies and analytics data

This information helps us understand how visitors use the website and improve the service.

LamparaLab does not intentionally collect sensitive personal data.

4. How We Use Personal Data

Personal data may be used to:

• respond to demo requests or inquiries
• communicate with potential clients
• operate and improve the LamparaLab website
• maintain service security and prevent abuse
• analyze website usage and performance

LamparaLab does not sell or rent personal data to third parties.

5. Legal Basis for Processing (GDPR)

Personal data is processed under the following legal bases:

Consent
When you voluntarily submit information through forms or accept cookies.

Legitimate Interest
To operate, secure, and improve the website and communicate with potential B2B clients.

Contract Performance (Art. 6(1)(b) GDPR)
Where processing is necessary for the performance of a contract with a client or in order to take steps at the request of a client prior to entering into a contract.

6. Role of LamparaLab

LamparaLab may act as either a Data Controller or Data Processor depending on the context.

Data Controller
For personal data collected through:

• the website
• demo requests
• communications with LamparaLab.

Data Processor
When LamparaLab processes business data provided by clients as part of analytics services.

In those cases:

• the client remains the Data Controller
• LamparaLab acts as a Data Processor
• data processing occurs solely to deliver the agreed services and in accordance with client instructions.

Processing of client data through the LamparaLab analytical platform, including data submitted via the chat interface, is governed by separate client agreements.

7. Use of Artificial Intelligence

LamparaLab may use artificial intelligence systems to assist with data analysis and interpretation.

AI systems are used strictly as analytical tools to support business insights.

LamparaLab may rely on third-party AI providers to process analytical queries and generate responses. Such providers operate under contractual data protection obligations, including Data Processing Addendums and Standard Contractual Clauses where applicable.

Client data processed through AI systems:

• is used solely for the purpose of delivering the LamparaLab service
• is not used by LamparaLab to train public AI models
• is processed under confidentiality and appropriate technical safeguards

Key sub-processors used by LamparaLab include:

• Amazon Web Services (AWS) — cloud infrastructure and data storage (EU region: eu-north-1)
• Anthropic — AI-powered data analysis and interpretation
• HubSpot — CRM and form submission processing (HubSpot Inc., USA)

A complete and up-to-date list of sub-processors is available upon request at hello@lamparalab.com.

AI-generated outputs are intended to support analysis and should not replace independent business judgment.

LamparaLab's use of third-party AI providers is subject to those providers' terms and policies, which may change. LamparaLab will notify clients of any material changes to sub-processor arrangements that may affect data processing.

8. Third-Party Service Providers

LamparaLab may rely on trusted third-party providers to operate the service, including providers of:

• cloud infrastructure
• artificial intelligence systems
• analytics platforms
• CRM and contact management
• communication or email services.

These providers process data only as necessary to support the operation of the service and are subject to contractual confidentiality and data protection obligations.

Where client analytics data is processed, LamparaLab primarily relies on infrastructure located within the European Union.

9. Cookies

The LamparaLab website uses cookies and similar technologies.

Cookies help to:

• analyze website traffic
• understand user interactions
• improve website functionality.

Non-essential cookies (such as analytics cookies from Google Analytics and HubSpot) are used only after user consent through a cookie banner.

Form submissions (such as demo requests) are sent to HubSpot CRM for the purpose of responding to your inquiry. This occurs independently of cookie consent, based on legitimate interest, as it processes only data you voluntarily provide.

Users may disable cookies through browser settings, although some website features may not function properly without them.

10. Data Retention

Personal data collected through the website is retained only for as long as necessary to:

• respond to inquiries
• provide services
• comply with legal obligations
• resolve disputes and enforce agreements.

Business data processed for clients is retained only for the duration required to provide the agreed services or as specified in contractual agreements with the client.

Indicative retention periods:

• Demo requests and contact form submissions: deleted within 12 months if no further engagement occurs
• Server logs: retained for up to 90 days
• Client data: retained for the duration of the service agreement plus 30 days, after which it is deleted unless otherwise agreed or required by law

11. Data Security

LamparaLab applies reasonable technical and organizational safeguards to protect personal data, including:

• restricted access controls
• secure infrastructure
• monitoring and logging
• encryption where appropriate.

While reasonable precautions are taken, no system can guarantee absolute security.

12. International Data Transfers

Some service providers used by LamparaLab may process data outside the European Economic Area.

Where such transfers occur, LamparaLab ensures appropriate safeguards are applied consistent with GDPR requirements, including contractual data protection measures.

13. Your Rights

Under applicable data protection laws you may have the right to:

• access your personal data
• correct inaccurate information
• request deletion
• restrict processing
• request data portability
• object to processing.

Requests may be submitted to: hello@lamparalab.com

14. Changes to This Policy

LamparaLab may update this Privacy Policy periodically.

Updated versions will be published on this page.

15. Contact

For privacy-related questions contact: hello@lamparalab.com