Legal

Privacy Policy

Last updated: March 2026

1. Data Controller

HighDevel Engineering Studio ("HighDevel", "we", "us", or "our") is the data controller responsible for your personal data. We are established in Spain and operate the website highdevel.com.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data in accordance with Regulation (EU) 2016/679 (GDPR), the Spanish Organic Law 3/2018 on Personal Data Protection and Digital Rights (LOPDGDD), and other applicable privacy laws.

To contact us regarding this policy or to exercise your rights: hello@highdevel.com

2. Personal Data We Collect

Data you provide directly

When you submit a project inquiry through our contact form, we collect:

  • Full name
  • Business email address
  • Company name and your role (optional)
  • Project type, timeline, and budget preferences
  • Project description

Data collected automatically

When you visit our website, Cloudflare (our hosting and CDN provider) may collect standard server log data including IP address, browser type, pages visited, and referring URLs for security and performance purposes.

Cookies and browser storage

We do not use cookies for tracking or analytics. However, our CAPTCHA provider Cloudflare Turnstile may use browser storage (including cookies) solely to distinguish human users from automated bots. This is a necessary security measure and the data is not used for advertising. See Cloudflare's Privacy Policy for details.

3. Purposes and Legal Basis for Processing

We process your personal data on the following legal bases under Article 6 GDPR:

  • Legitimate interests (Art. 6(1)(f)) — evaluating your project inquiry, preparing a response, and managing our client pipeline. Our legitimate interest is to respond to business inquiries submitted to us voluntarily.
  • Performance of a contract (Art. 6(1)(b)) — if we enter into a service engagement, processing is necessary to fulfil that contract.
  • Legal obligation (Art. 6(1)(c)) — where required by applicable law, including Spanish tax and accounting obligations.

We do not sell your data, use it for advertising, or share it with third parties for purposes unrelated to delivering our services.

4. Third-Party Processors

To operate our website and process inquiries, we share data with the following data processors under appropriate Data Processing Agreements (DPAs):

  • Cloudflare, Inc. (USA) — website hosting, CDN, and CAPTCHA (Turnstile). Data transferred under Standard Contractual Clauses. See Cloudflare's Privacy Policy.
  • Zoho Corporation — email delivery for confirmations and notifications. See Zoho's Privacy Policy.

5. International Data Transfers

As a company established in Spain (EU), when we transfer your personal data to our service providers located in the United States (Cloudflare) or other third countries outside the EEA, we ensure appropriate safeguards are in place in accordance with Chapter V GDPR, specifically:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Where applicable, reliance on an EU adequacy decision for the destination country

You may request a copy of the applicable safeguards by contacting us at hello@highdevel.com.

6. Data Retention

We retain inquiry data for as long as necessary to manage our business relationship with you, and for a maximum period of 3 years after our last interaction, unless a longer retention period is required by applicable law (e.g., Spanish tax law requires certain records to be kept for 5 years).

If your inquiry does not result in an engagement and you request deletion, we will erase your data without undue delay.

7. Your Rights Under GDPR

As a data subject under GDPR and LOPDGDD, you have the following rights:

  • Right of access (Art. 15) — obtain confirmation of whether we process your data and receive a copy of it
  • Right to rectification (Art. 16) — request correction of inaccurate or incomplete data
  • Right to erasure (Art. 17) — request deletion of your data where there is no legitimate reason to continue processing it
  • Right to restriction (Art. 18) — request that we limit processing of your data in certain circumstances
  • Right to data portability (Art. 20) — receive your data in a structured, commonly used, machine-readable format
  • Right to object (Art. 21) — object to processing based on legitimate interests at any time
  • Right not to be subject to automated decisions (Art. 22) — we do not make automated decisions with legal effects based on your data

To exercise any of these rights, send a written request to hello@highdevel.com. We will respond within 30 days (extendable by two further months for complex requests, with prior notice).

You also have the right to lodge a complaint with the Spanish data protection supervisory authority:

Agencia Española de Protección de Datos (AEPD) — Spain
C/ Jorge Juan, 6, 28001 Madrid
www.aepd.es

If you are located in the United Kingdom, you may also contact the UK supervisory authority:

Information Commissioner's Office (ICO) — United Kingdom
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
ico.org.uk

8. California Privacy Rights (CCPA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know — request disclosure of the categories and specific pieces of personal information collected, the sources, business purpose, and categories of third parties with whom it is shared
  • Right to Delete — request deletion of personal information, subject to certain exceptions
  • Right to Non-Discrimination — we will not discriminate against you for exercising your CCPA rights

We do not sell personal information and do not share it for cross-context behavioural advertising. To submit a CCPA request, contact us at hello@highdevel.com with the subject line "California Privacy Request". We will respond within 45 days.

9. Data Security

We implement appropriate technical and organisational security measures as required by Art. 32 GDPR, including HTTPS throughout the site, encrypted email transmission (TLS) for all inquiry notifications, and CAPTCHA verification on forms to prevent automated abuse.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the AEPD within 72 hours and, where required, inform affected individuals without undue delay.

10. Children's Privacy

Our website is intended for business use and is not directed at children under the age of 14 (the minimum age under Spanish law / LOPDGDD Art. 7). We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. Changes will be posted on this page with an updated revision date. For material changes we will make reasonable efforts to notify affected parties.

12. Contact

For any questions, concerns, or data subject requests regarding this Privacy Policy, please contact us:

HighDevel Engineering Studio
Spain, European Union
Email: hello@highdevel.com

Back to Home