Skip to main content
OposilabOposilabBack to home

Privacy Policy

Last updated: 16 de abril de 2026

At Oposilab we take the protection of your personal data very seriously. This policy explains what information we collect, how we use it, and what your rights are.

1. Data controller

The data controller is Oposilab (prados.developer@gmail.com). You can contact us at any time to exercise your rights or resolve any questions.

2. Data we collect

We collect the data you provide when registering (name, email) and usage data generated when interacting with the platform (test progress, AI tutor conversation history, study statistics). We also collect technical data such as IP address, browser type, and device.

3. Purpose of processing

We use your data to: provide access to the platform, personalize your study experience, generate progress statistics, manage your subscription and payments, send service-related communications, and improve our products.

4. Legal basis

Processing is based on: performance of the service contract (platform use), your consent (marketing communications), and our legitimate interest (service improvement and security).

5. Data retention

We retain your data as long as your account remains active. If you delete your account, we will erase your personal data within a maximum of 30 days, unless there is a legal obligation to retain it.

6. Data sharing

We do not sell your data. We share information with providers strictly necessary for the operation of the service: Supabase (database and authentication), OpenAI (AI tutor and content generation), Stripe (payment processing), Vercel (hosting), Resend (transactional emails), Sentry (error monitoring), Upstash (usage limit infrastructure), and PostHog (product analytics, hosted in the European Union).

7. Your rights

You have the right to access, rectify, delete, and port your data, as well as to object to or limit its processing. You can exercise these rights by writing to prados.developer@gmail.com. You also have the right to file a complaint with the Spanish Data Protection Agency (AEPD).

8. Security

We implement technical and organizational measures to protect your data: encryption in transit (HTTPS/TLS), secure passwordless authentication (magic link), Row Level Security in the database, and role-based access control.

9. Product analytics

To improve the service we analyze how the platform is used in a pseudonymized way (for example, completing a test or reaching a plan limit). We use PostHog hosted in the European Union: events are recorded from our servers, without analytics cookies or trackers in your browser, and identify you only through an internal identifier, never including your name or email. If you arrive at Oposilab from a campaign, we may record the source (UTM parameters in the web address). The legal basis is our legitimate interest in improving the service (art. 6.1.f GDPR). You can object to this processing by writing to prados.developer@gmail.com.