Privacy Policy

Last updated: 12/12/2025

This Privacy Policy describes how AIPublix SLU, with registered office at Calle Montserrat Caballé 23, 35100 Las Palmas de Gran Canaria, Spain, VAT/NIF B23945611 (hereinafter the “Company”, “we”, or “AuthorEvo”), processes personal data of users (“Users”) who access and use the AuthorEvo software platform (the “Service”), provided as Software as a Service (SaaS).

This Privacy Policy is drafted pursuant to Regulation (EU) 2016/679 (“GDPR”), Spanish data protection laws, UK GDPR where applicable, and other relevant international data protection laws. It should be read together with the AuthorEvo Terms and Conditions of Use.

1. Data Controller

AIPublix SLU
Calle Montserrat Caballé 23, 35100 Las Palmas de Gran Canaria, Spain
VAT/NIF: B23945611
Privacy contact: privacy @ authorevo.com

The Company has not appointed a Data Protection Officer (DPO), as it does not believe the conditions set out in Article 37 GDPR are currently met.

2. Scope of application

This Privacy Policy applies to the processing of personal data carried out by the Company in connection with:

  • use of the AuthorEvo platform (web app, dashboard, APIs);
  • account registration, authentication and management;
  • content generation features (text, images, video), SEO, analytics and automations;
  • integrations with third-party services (e.g. CMS, analytics, social platforms);
  • customer support and communications;
  • marketing communications, newsletters and funnels;
  • navigation of the website and use of cookies and similar technologies.

3. Roles under data protection law

3.1 Processing as Data Controller

The Company acts as Data Controller for personal data relating to:

  • account creation and management;
  • billing, payments and tax compliance;
  • platform security and abuse prevention;
  • customer support and communications;
  • marketing and promotional activities.

3.2 Processing as Data Processor (Customer Data)

With regard to data, content and materials uploaded, generated or otherwise processed by Users through the Service (“Customer Data”), the Company generally acts as a Data Processor, while the Customer acts as the Data Controller.

In such cases, processing is carried out solely to provide the Service and in accordance with the Customer’s instructions, pursuant to Article 28 GDPR. A Data Processing Agreement (DPA) may apply for B2B Customers.

4. Categories of personal data processed

4.1 Account and identification data

  • name, surname, email address;
  • account credentials (stored in encrypted/hashed form);
  • roles, permissions and account settings.

4.2 Technical and usage data

  • IP address, browser and device information;
  • access logs, security logs;
  • usage data, events, diagnostics and performance metrics.

4.3 Billing and payment data

  • billing address and tax information;
  • invoices and transaction history;
  • payment data processed primarily by external payment providers (e.g. Stripe).

4.4 Customer Data and uploaded content

  • texts, prompts, articles, images, videos and files;
  • metadata associated with such content;
  • any personal data contained therein.

4.5 AI-generated content

  • text, image and video outputs;
  • editorial, SEO and analytical suggestions.

4.6 Communications and support

  • support tickets, emails, chat messages;
  • feedback and feature requests.

5. Purposes of processing and legal bases

5.1 Provision of the Service

Purpose: account management, access to features, content generation and platform operation.

Legal basis: performance of a contract (Art. 6(1)(b) GDPR).

5.2 Billing and legal compliance

Purpose: invoicing, accounting and tax obligations.

Legal basis: compliance with a legal obligation (Art. 6(1)(c) GDPR).

5.3 Security and abuse prevention

Purpose: ensure platform security, prevent fraud and misuse.

Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

5.4 Customer support and service communications

Purpose: respond to requests, provide assistance, send operational communications.

Legal basis: contract and/or legitimate interest.

5.5 Analytics and service improvement

Purpose: analyze usage, performance and improve the Service.

Legal basis: legitimate interest and, where required, consent (cookies).

5.6 Marketing, newsletters and funnels

Purpose: send newsletters, promotional and educational content, product updates and marketing funnels.

Legal basis: consent (Art. 6(1)(a) GDPR) and/or legitimate interest for B2B communications, where permitted.

Users may opt out at any time via unsubscribe links or by contacting us.

6. Use of AI providers

AuthorEvo uses third-party artificial intelligence providers to deliver certain features.

The Company does not use Customer Data to train its own proprietary AI models. However, prompts and content submitted by Users may be transmitted to external AI providers (e.g. OpenAI, Anthropic, Google) solely to generate the requested outputs.

Such providers may process data in accordance with their own privacy policies and terms.

Users are advised not to submit unnecessary personal data or special categories of data.

7. Third-party recipients and sub-processors

The Company may share personal data with the following categories of service providers:

  • Hosting and infrastructure: UpCloud (EU)
  • Email marketing: MailUp (EU)
  • Analytics: Google Analytics (Google LLC)
  • Payments: Stripe Payments Europe / Stripe Inc.
  • Customer support and feedback: Featurebase.app
  • AI providers: OpenAI, Anthropic (Claude), Google

8. International data transfers

Personal data may be transferred outside the European Economic Area. Where required, such transfers are safeguarded through:

  • Standard Contractual Clauses (SCCs);
  • adequacy decisions, where applicable;
  • appropriate technical and organizational measures.

9. Data retention

Personal data are retained for the duration of the contractual relationship and, upon account termination, for a maximum period of 30 days for backup or recovery purposes, unless longer retention is required by law.

10. Data subject rights

Data subjects may exercise their rights under GDPR (access, rectification, erasure, restriction, portability, objection and withdrawal of consent) by contacting: privacy @ authorevo.com.

Complaints may be lodged with the Spanish Data Protection Authority (Agencia Española de Protección de Datos – AEPD) or other competent authorities.

11. Children

The Service is intended for professional (B2B) use only and is not directed at minors. The Company does not knowingly process personal data of children.

12. Cookies and similar technologies

The Service uses cookies and similar technologies. Details are provided in the dedicated Cookie Policy and through the cookie consent banner.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Changes will be published on the website or platform and become effective on the date indicated above.

Appendix A – United Kingdom

For users located in the United Kingdom, processing is carried out in accordance with UK GDPR and the Data Protection Act 2018. International transfers may rely on the UK Addendum to the EU SCCs or other lawful mechanisms.

Appendix B – United States

California (CCPA / CPRA)

  • The Company does not sell personal information.
  • Users may request access, correction or deletion of their personal data.
  • No discrimination for exercising privacy rights.

Privacy requests for U.S. users can be submitted to: privacy @ authorevo.com.