Privacy Policy

How we handle your data. Plain language, no legalese.

Last updated: 31 March 2026

Who we are

Solopreneur Superpowers is operated by [ENTITY NAME], registered in Spain (NIF: [NIF NUMBER]), with registered address at [ADDRESS].

For data protection purposes, you can reach us at [email protected] or [email protected].

What data we collect and why

Contact form

When you use our contact form, we collect your name, email address, and message. We use this solely to respond to your enquiry.

  • Lawful basis: Legitimate interest (responding to your request)
  • Retention: We keep contact form submissions for up to 12 months, then delete them

Business DNA conversation

When you use our AI-powered Business DNA tool, we collect:

  • Your email address (to send you the completed document)
  • Your conversation transcript (to generate your personalised Business DNA document)
  • The Business DNA document itself
  • Lawful basis: Consent (you choose to start the conversation and provide your email)
  • Retention: Conversation transcripts are retained for up to 90 days to improve the service, then deleted. Your Business DNA document is sent to you and not stored on our systems beyond delivery
  • Third-party processing: Conversations are processed using AI services (currently Anthropic Claude and/or OpenAI). These providers process data under their own data processing agreements. No conversation data is used to train AI models

Newsletter

If you subscribe to our newsletter, we collect your email address and process it through Kit.com (formerly ConvertKit), our email service provider based in the US. Kit.com operates under Standard Contractual Clauses for EU data transfers.

  • Lawful basis: Consent (you opt in to receive emails)
  • Retention: Until you unsubscribe. Every email includes an unsubscribe link

Website analytics

We do not use cookies for tracking. We do not use Google Analytics. If we add analytics in the future, we will use a privacy-respecting, cookie-free solution and update this policy accordingly.

Your rights under GDPR

As an EU resident, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data ("right to be forgotten")
  • Restrict processing
  • Port your data to another service
  • Object to processing based on legitimate interest
  • Withdraw consent at any time (without affecting the lawfulness of prior processing)

To exercise any of these rights, email [email protected]. We will respond within 30 days.

Data security

We take security seriously. All data is transmitted over HTTPS. Access to personal data is restricted to the business operators (Jim Christian and Maya Middlemiss). We do not sell, rent, or share your personal data with third parties for marketing purposes.

International data transfers

Some of our service providers are based outside the EU (Kit.com, AI processing services). Where this applies, data transfers are protected by Standard Contractual Clauses or equivalent safeguards as required by GDPR.

Complaints

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos — aepd.es).

Changes to this policy

We may update this policy as our services evolve. Material changes will be communicated via our website or email. The "last updated" date at the top reflects the most recent revision.