Skip to main content

Privacy Policy

Last updated: 24 June 2026

This English version is an informative translation. The legally binding version is the Spanish one.

In plain terms: we only process the data you give us when you request a quote, a Web Rescue, the ROI report or when you join a waiting list, plus minimal technical data so the site works and stays secure. We don't sell your data, we don't use it for advertising, and the site analytics use no cookies. Below is what we process, why, for how long and what you can ask of us.

1. Data controller

  • Controller: NotFound (trade name)
  • Contact email: contacto@notfound404.es
  • Website: https://notfound404.es

No Data Protection Officer (DPO) has been appointed: it is not mandatory given the volume and type of processing. For any question about your data, write to the contact address.

2. What data we process, what for, and on what legal basis

We process different data depending on what you do on the site. These are all the cases:

2.1 Quote calculator (/presupuesto page)

  • What we collect: name and email (required); phone and company name (optional); the message and calculator answers (project type, pack, urgency, etc.) describing what you need.
  • Purpose: to prepare and send you a quote and to respond to your request.
  • Legal basis: taking steps at your request prior to entering into a contract (art. 6.1.b GDPR). You also tick a box accepting this policy.

2.2 48h Web Rescue (/rescate page)

  • What we collect: name, email, the URL of the site you want reviewed and, optionally, a description of the problem.
  • Purpose: to study your case and prepare the Rescue proposal.
  • Legal basis: pre-contractual steps at your request (art. 6.1.b GDPR).

2.3 ROI simulator (/roi page)

  • What we collect: name and email, and the business figures you enter (monthly visits, average client value, conversion and sector). The business figures are stored linked to a unique identifier so we can generate your report.
  • Purpose: to email you the personalised ROI report via a private link.
  • Legal basis: your consent when you request the report (art. 6.1.a GDPR).

2.4 "Applied AI" waiting list

  • What we collect: only your email.
  • Purpose: to notify you when the AI service becomes available. This data is not stored in our database: it is sent to us by email.
  • Legal basis: your consent (art. 6.1.a GDPR).

2.5 Technical request data (abuse prevention)

  • What we collect: when you submit any form, the internal notification we receive includes your IP address, browser (User-Agent) and the referring page.
  • Purpose: to prevent automated mass submissions (spam/bots) and to investigate abuse. The IP is also used momentarily to limit the number of submissions per user.
  • Legal basis: our legitimate interest in protecting the service against abuse (art. 6.1.f GDPR).

2.6 Website analytics (Umami)

  • What we collect: aggregated usage statistics (pages visited, time on page), without cookies and without data that identifies you.
  • Purpose: to understand what content is useful and improve the site.
  • Legal basis: your consent. Analytics only loads if you accept it in the cookie banner.

2.7 Error monitoring (Sentry)

  • What we collect: technical data about errors occurring on the site. The tool is configured not to collect your IP or personal data automatically.
  • Purpose: to detect and fix bugs to keep the service stable.
  • Legal basis: our legitimate interest in the correct operation of the site (art. 6.1.f GDPR).

2.8 Site operation and security

  • What we collect: the access logs generated by our hosting provider and the service that limits request frequency may process your IP temporarily.
  • Purpose: to serve the site and protect it against attacks and overload.
  • Legal basis: legitimate interest in security (art. 6.1.f GDPR).

2.9 Administration panel (internal use)

The panel used to manage the site is for the owner's internal use and uses its own technical cookies to keep the session. It does not affect your browsing as a visitor.

3. How long do we keep your data?

  • Requests and leads (quote, rescue, ROI): until you request erasure and, at most, 3 years from the last contact, in order to handle and evidence the relationship.
  • AI waiting-list email: until the service launches or you ask to unsubscribe.
  • Analytics data (Umami): in aggregate, according to the service's own retention periods.
  • Technical logs: for the retention period of our hosting and security providers; we do not store your IP in our database.

4. Who accesses your data? Data processors

We do not sell or transfer your data. To provide the service we rely on providers acting as data processors, each with its own contract and safeguards:

  • Supabase — database where leads are stored (hosted in the USA).
  • Resend — sending of notification and reply emails (USA).
  • Vercel — hosting and delivery of the site (USA).
  • Sentry — error monitoring (USA).
  • Umami Cloud — cookieless web analytics (European Union).
  • Upstash — request rate limiting (European Union, Frankfurt).

We do not use your data for third-party advertising, nor do we build profiles for commercial purposes.

5. International transfers

Some of our providers are in the United States. Those transfers rely on the Standard Contractual Clauses approved by the European Commission and, where the provider is certified, on the EU-US Data Privacy Framework, together with applicable additional security measures.

6. What are your rights?

You may exercise at any time your rights of:

  • Access to your data.
  • Rectification of inaccurate data.
  • Erasure ("right to be forgotten").
  • Restriction of processing.
  • Objection to processing.
  • Portability of your data.

To exercise them, write to contacto@notfound404.es stating the right you wish to exercise. We will reply within a maximum of one month. If you believe we have not handled your request properly, you may lodge a complaint with the Spanish Data Protection Agency (AEPD) at https://www.aepd.es.

7. Security

We apply reasonable technical and organisational measures to protect your data: encryption in transit (HTTPS), restricted database access, validation of everything submitted through the forms, and row-level access policies in the database. No system is infallible, but we work to minimise risks.

8. Minors

This site and its services are aimed at professionals and businesses. We do not knowingly request or process data of minors.

9. Changes to this policy

If we modify this policy, we will update the "last updated" date. If the changes are significant, we will communicate them visibly on the site.


This policy is adapted to the General Data Protection Regulation (EU 2016/679) and to Organic Law 3/2018 (LOPDGDD, Spain).