Privacy Policy

Last updated: March 10, 2026

Data Controller

Ensolytics SLU, Barcelona, Spain, is the controller for personal data processed through PasoClaro. Contact: support@pasoclaro.io.

What We Collect

Depending on the feature you use, PasoClaro may collect your name, email address, phone number, current city, nationality, visa or residency path, status milestones, document planning details, questionnaire answers, cookie preferences, and technical data such as IP-derived country, device/browser details, and audit logs connected to consent or GDPR requests.

How We Use Data

We use personal data to provide the PasoClaro service, generate your onboarding and tracking workspace, deliver email sign-in links and notifications, respond to support or GDPR requests, improve product decisions, and maintain security, fraud prevention, and compliance evidence.

Legal Basis

We process data based on consent where you choose to submit forms or enable analytics, and on legitimate interests where processing is necessary to secure, operate, and improve the service. Where legal obligations apply, we may also retain limited records to comply with those obligations or defend legal claims.

Data Storage

Data is stored primarily in Supabase and served through Vercel infrastructure. Resend is used for transactional email delivery. If PasoClaro introduces paid services in the future, Stripe may process payment data under its own privacy terms; as of this policy update, PasoClaro does not process card payments directly on this website.

Cookie and Analytics Choices

PasoClaro uses necessary cookies to keep the website and sign-in flows functioning. Analytics is blocked by default for visitors detected in the EU, EEA, or UK until consent is given. Consent decisions are logged in Supabase for audit purposes.

Retention

Account, onboarding, and waitlist data is kept until you delete your account or request deletion, unless a longer retention period is reasonably necessary for security, compliance, dispute handling, or legal obligations. Consent and GDPR audit records may be retained longer where needed to demonstrate compliance.

Your Rights

You can request access, correction, export, deletion, restriction, or objection to processing. Use the GDPR request page or email support@pasoclaro.io to exercise your rights.

Third Parties and Transfers

Current service providers include Supabase, Vercel, and Resend. Where personal data is processed outside your jurisdiction, PasoClaro relies on the provider's contractual and organizational safeguards. If Stripe is later enabled for payments, payment-related data will be processed under Stripe's own processor terms and notices.