Privacy Policy

This Privacy Policy explains how the entity operating Can I Hire a Bot? ("Operator", "we", "us"), established in Spain (European Union), collects, uses, shares and protects personal data when you use our website and services. We process data lawfully, fairly and transparently in accordance with Regulation (EU) 2016/679 ("GDPR") and Spanish data protection law (Organic Law 3/2018, "LOPDGDD").

Updated May 2026GDPR CompliantEU — Spain

Section 1 of 15

Data Controller

The data controller for personal data processed through Can I Hire a Bot? is the entity operating the service (the "Operator"), established in Spain. For any query about your data or this policy, contact us through the support email shown in the footer of every page of this website.

Section 2 of 15

Data we collect

We collect the following categories of data:

  • Analysis inputs: job title, role description, daily tasks, salary or compensation data, country, industry sector, company size, weekly hours and any extra detail you supply through the analysis form.
  • Lead and contact data: name, email address, company name, phone number and any free-text message submitted through the lead-capture forms (results page or PDF request).
  • AI-generated outputs: the analysis report, automation score, ROI calculation and recommendations produced from your inputs.
  • Technical data and engagement signals: IP address, browser, operating system, device type, referrer URL, anonymous visitor cookie identifier, view/like events on public example reports, page-level interaction events fired through Google Tag Manager, and timestamps. This data is collected automatically through server logs and, where applicable, cookies (see the Cookie Policy).

Section 3 of 15

Legal bases for processing (GDPR Art. 6)

We rely on the following legal bases:

  • Pre-contractual or contractual measures (Art. 6(1)(b)): processing the inputs of the analysis form to deliver the report you requested, processing your contact details to honour a request you made (e.g. PDF email, callback).
  • Consent (Art. 6(1)(a)): non-essential cookies and analytics tools (Google Analytics 4, Microsoft Clarity), email marketing follow-up beyond what is strictly necessary to satisfy your initial request. Consent is collected via the cookie banner and can be withdrawn at any time.
  • Legitimate interest (Art. 6(1)(f)): server logging, abuse prevention (Cloudflare Turnstile bot screening), aggregated and anonymised analytics for product improvement, recording engagement events on public example reports.
  • Legal obligation (Art. 6(1)(c)): retention required by tax, accounting or other applicable laws, responses to lawful requests from authorities.

Section 4 of 15

How we use your data

We use the data we collect to:

  • Generate the AI-powered analysis report you requested and display it to you.
  • Send you transactional emails (PDF report, lead confirmation, follow-up) tied to actions you took.
  • Follow up commercially when you have explicitly requested an implementation roadmap or asked us to contact you.
  • Improve the service, prompts and report quality through aggregated and anonymised analytics.
  • Detect, prevent and address fraud, abuse, security incidents and technical issues.
  • Comply with legal obligations (tax, accounting, regulatory, court orders).

Section 5 of 15

Third-party AI providers

To generate analysis reports we send the inputs of the analysis form (job title, tasks, salary, country, sector, company size and free-text fields) to Microsoft Azure OpenAI Service, deployed in an EU region under Microsoft's enterprise data-processing terms.

These terms commit Microsoft to:

  • Process the inputs only to generate the response to that specific request.
  • Apply technical and organisational security measures consistent with industry standards.
  • Not retain the data beyond what is required to deliver the response and run abuse-monitoring as configured.
  • Not use the data to train, fine-tune or improve any foundational AI model.

Section 6 of 15

AI training — your data is not used to train models

Can I Hire a Bot? does not use your personal data, the inputs you submit or the AI-generated outputs to train, fine-tune or improve any foundational AI or machine-learning model — neither our own nor those of third parties. Inputs are used solely to produce the specific report you requested.

Section 7 of 15

Recipients of your data

We do not sell your personal data. We share data, strictly on a need-to-know basis, with the following categories of recipients (each acting as a processor under a written agreement with us):

  • Microsoft Azure (cloud hosting, database, Azure OpenAI Service) — EU region.
  • HubSpot Ireland Ltd (CRM, used to follow up commercially with leads) — EU.
  • Resend Inc. (transactional email delivery for analysis confirmations, PDF reports, lead confirmations and admin notifications) — United States, with EU Standard Contractual Clauses.
  • Cloudflare Inc. (Turnstile bot protection on the analysis and lead forms) — United States, with EU Standard Contractual Clauses.
  • Google LLC (Tag Manager and Google Analytics 4, only after analytics consent) — United States, with EU Standard Contractual Clauses.
  • Microsoft Corporation (Clarity session-replay and heatmaps, only after analytics consent) — United States, with EU Standard Contractual Clauses.
  • Langfuse GmbH (LLM tracing and observability, used in aggregate; no personally identifying analysis input is forwarded other than what is required to debug a specific call) — EU.
  • Public authorities and courts where required by applicable law, regulation, court order or governmental request.
  • External professional advisors (auditors, lawyers, accountants) bound by confidentiality where strictly necessary.

Section 8 of 15

International data transfers

Some processors are established outside the European Economic Area (EEA), notably in the United States. When personal data is transferred outside the EEA we rely on:

  • Adequacy decisions of the European Commission where available (GDPR Art. 45).
  • Standard Contractual Clauses approved by the European Commission (GDPR Art. 46(2)(c)) combined with supplementary technical and organisational measures.
  • Other applicable derogations under GDPR Art. 49 only where no other mechanism is available.

Section 9 of 15

Retention

We keep personal data only for as long as it is needed for the purpose for which it was collected, or to comply with applicable law:

  • Analysis inputs and AI-generated outputs: retained while you may want to access the report. Deleted on request, or anonymised after 24 months of inactivity, whichever comes first.
  • Lead and contact data: retained for up to 24 months of commercial follow-up after the last interaction, after which the record is anonymised unless retention is required by law.
  • Engagement events on public example reports (anonymous visitor identifiers, view and like events): retained for up to 12 months in identifiable form, after which they are aggregated.
  • Server logs and security event records: retained for up to 12 months.
  • Accounting and billing data linked to commercial follow-up: retained for the period required by applicable tax law (typically 6 years in Spain).
  • When a retention period ends, data is securely deleted or irreversibly anonymised.

Section 10 of 15

Security

We apply appropriate technical and organisational measures to protect your data, including transport encryption (HTTPS/TLS), encryption at rest for the database, principle-of-least-privilege access controls, environment separation between staging and production, secret management, regular dependency updates and security reviews.

No method of transmission over the internet or electronic storage is completely secure. While we use commercially reasonable means to protect your data, we cannot guarantee absolute security.

Section 11 of 15

Your rights under the GDPR

As a data subject you have the following rights. You may exercise them at any time by contacting us via the support email shown in the footer of this website. We will respond within one month, extendable by two further months for complex requests, in line with GDPR Art. 12.

  • Right of access (Art. 15) — confirmation that we are processing your data and a copy of it.
  • Right to rectification (Art. 16) — correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17) — deletion of your data when no longer needed, when consent is withdrawn or when processing is unlawful.
  • Right to restriction of processing (Art. 18).
  • Right to data portability (Art. 20) — receive your data in a structured, commonly used and machine-readable format.
  • Right to object (Art. 21) — to processing based on legitimate interest or for direct marketing.
  • Right to withdraw consent at any time, without affecting the lawfulness of processing already carried out.
  • Right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, AEPD) at www.aepd.es, or with the supervisory authority in your EU Member State of residence.

Section 12 of 15

Automated decision-making

The reports produced by this service involve automated processing of the inputs you submit. However, these outputs are informational estimates only and are not used to make decisions producing legal effects or similarly significant effects on you within the meaning of GDPR Art. 22. No profiling with legal or equivalent effects is carried out.

If you believe an automated decision has significantly affected you, contact us to request human review.

Section 13 of 15

Children

This service is not directed at individuals under the age of 14 (the age of digital consent under Spanish law per LOPDGDD Art. 7). We do not knowingly collect data from children. If we become aware of such data collection, we will delete the data promptly.

Section 14 of 15

Cookies and tracking

We use cookies and similar technologies to operate the service and, with your consent, to measure how it is used. The full list of cookies, their categories, durations and providers is described in our Cookie Policy. You can withdraw or change your consent at any time from the Cookie Policy page.

Section 15 of 15

Changes to this policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements or other factors. The updated version will be posted on this page with the revised date.

Continued use of the service after a change is published constitutes acceptance of the revised policy.

Last updated: May 2026.