Updated on Oct 12, 2025

Privacy Policy


This Privacy Policy describes how Camarai S.L. handles the personal data of its users. Our scope is global, with a strict focus on compliance with the General Data Protection Regulation (GDPR) of the European Union and the Organic Law 3/2018 (LOPDGDD) of Spain.



1. Identity and Contact of the Data Controller

The data controller of your data is Camarai (in formation).

  • Address for notification purposes: C/ Brasil, 7, 03008 Alicante (Alacant), Alicante, Spain.

  • Privacy Email: contacto@camarai.es.

2. Personal Data We Process

We only process the data that is necessary, adequate, and relevant for the provision of our service:

  • Identification and Contact: Name, surname, email, company/position, and phone number.

  • Account and Credentials: Username, password (hash), and single sign-on tokens (SSO).

  • Usage and Telemetry: IP address, device identifiers, access logs, and events (logs).

  • Service Content: User prompts, messages, uploaded files (images/audio), and generated results.

  • Billing: NIF/CIF, company name, address, and purchase data (card data is processed directly by the payment gateway).

We do not proactively process special categories of data (sensitive data). If the user enters such data in the content they upload or generate, they do so at their own risk.

3. Purposes and Legal Basis of Processing

We process your personal data based on the following legitimations:

  • Execution of a Contract: For the registration and management of your account, the provision of Camarai's main service, billing, and responding to technical and operational support inquiries.

  • Legitimate Interest: To ensure the security of the service, prevent fraud and abuse, conduct aggregated analytics to improve the quality of the product, and in the case of B2C accounts, to improve our AI models, with the option for the user to exercise their right to object (opt-out).

  • Legal Obligation: To comply with our tax, accounting obligations and to respond to requests from competent authorities.

  • Consent: For sending marketing communications (newsletter, news, and offers). This consent can be revoked at any time without affecting the prior processing.

4. Source of Data

The data comes directly from the user during registration and use of the service. They may also be generated by the system itself (logs) or provided by third parties through single sign-on services (SSO), such as Google or Apple, limited to obtaining the verified email, name, and avatar.

5. Automated Decisions

Camarai does not make decisions based solely on automated processing that produce legal effects or significantly affect you. If we apply predefined rules (for example, in calculating volume-based pricing), we always offer the option of human intervention and review.

6. Data Communication

We share your data with third parties that act as Data Processors, under contract and with adequate guarantees:

  • Messaging Platforms: We use Meta Platforms Ireland Limited to operate the WhatsApp Business API and other messaging platforms (Messenger/Instagram). Meta acts as our Data Processor for sending and receiving messages.

  • Payments: We use Stripe as a payment gateway, which securely processes your tokenized card data. Camarai does not store sensitive card data.

  • Other Providers: Include infrastructure and hosting services (preferably in the EU/EEA), transactional email, and support tools.

The complete list of sub-processors is available for consultation upon written request to the email: contacto@camarai.es.

7. International Data Transfers

Our primary hosting and processing is done within the European Union. International data transfers outside the European Economic Area (EEA) are limited to:

  • United States (U.S.): We prefer providers adhering to the EU-U.S. Data Privacy Framework (DPF). Otherwise, we apply the EU Standard Contractual Clauses (SCC), along with transfer assessments (TIA) and complementary measures.

We do not make other international data transfers outside those mentioned.

8. Retention Periods

We retain your data only for the time necessary to fulfill the purposes described, according to the following periods:

  • Account and Contractual Data: They are retained while the account is active and for 24 months after the cancellation request (blocking period).

  • Billing and Accounting: They are retained for a period of 6 years, as required by Spanish commercial and tax regulations.

  • Security and Access Logs: 12 months.

  • Service Content (Prompts and Files): The content of messages exchanged through the Meta API is deleted from their servers after 30 days. Camarai, for its part, retains a copy of the content in its own systems for 12 months to ensure service continuity and traceability.

9. Rights of the Data Subject

You have the right to exercise the rights of access, rectification, deletion, opposition, limitation of processing, data portability, and not to be subject to automated individual decisions.

  • How to exercise them: You can exercise your rights by sending an email to contacto@camarai.es.

  • Complaints: You can file a complaint with the Spanish Data Protection Agency (AEPD) if you believe your rights have not been adequately addressed.

10. Security and Technical Measures

We apply rigorous technical and organizational measures to ensure the security of your data, including encryption in transit and at rest, access control, two-factor authentication (2FA), encrypted backups, and continuous vulnerability management.

11. Use of Data for Artificial Intelligence and Improvement of Models

  • B2B Accounts: By default, the content of B2B customers is not used to train or improve Camarai's AI models, unless there is an agreement or express opt-in.

  • B2C Accounts: We use metadata and minimized samples of the content based on legitimate interest for the improvement and optimization of our product. Users have the right to object (opt-out) available in their account settings.

12. Other Aspects

  • Minors: The service is not directed at minors. We will block registration for minors under 14 years old unless there is valid consent from parents or legal guardians.

  • Cookies: We use necessary cookies for the operation of the service. For analytics or advertising cookies, we will request your consent through a preference management banner.

Updated on Oct 12, 2025

Privacy Policy

This Privacy Policy describes how Camarai (in incorporation) handles the personal data of its users. Our scope is global, with a strict focus on compliance with the General Data Protection Regulation (GDPR) of the European Union and Organic Law 3/2018 (LOPDGDD) of Spain.

Updated Oct 12, 2025

1. Identity and Contact of the Data Controller

The data controller of your data is CamaraiSL

  • Address for notification purposes: C/ Brasil, 7, 03008 Alicante (Alacant), Alicante, Spain.

  • Privacy Email: contacto@camarai.es.

2. Personal Data We Process

We only process data that is necessary, adequate, and relevant for the provision of our service:

  • Identification and Contact: Name, surname, email, company/position, and phone.

  • Account and Credentials: User, password (hash), and single sign-on (SSO) tokens.

  • Usage and Telemetry: IP address, device identifiers, access logs, and events (logs).

  • Service Content: User prompts, messages, uploaded files (images/audio), and generated results.

  • Billing: NIF/CIF, company name, address, and purchase data (card data is processed directly by the payment gateway).

We do not proactively process special categories of data (sensitive data). If the user inputs this type of data into the content they upload or generate, they do so at their own risk.

3. Purposes and Legal Basis for Processing

We process your personal data based on the following justifications:

  • Execution of a Contract: For the registration and management of your account, the provision of Camarai's main service, billing, and responding to technical and operational support inquiries.

  • Legitimate Interest: To ensure the security of the service, prevent fraud and abuse, perform aggregated analytics to improve product quality, and in the case of B2C accounts, for the enhancement of our AI models, with the possibility for the user to exercise their right to object (opt-out).

  • Legal Obligation: To comply with our tax, accounting, and regulatory requirements with competent authorities.

  • Consent: For sending marketing communications (newsletter, updates, and offers). This consent can be revoked at any time without affecting previous processing.

4. Source of Data

The data comes directly from the user during the registration and use of the service. It may also be generated by the system itself (logs) or provided by third parties through single sign-on (SSO) services, like Google or Apple, limiting ourselves to obtaining the verified email, name, and avatar.

5. Automated Decisions

Cámarai does not make decisions based solely on automated processing that has legal effects or significantly affects you. If we apply predefined rules (for example, in volume pricing calculations), we always offer the option for human intervention and review.

6. Data Sharing (Data Processors)

We share your data with third parties that act as Data Processors, under contract and with adequate safeguards:

  • Messaging Platforms: We use Meta Platforms Ireland Limited to operate the WhatsApp Business API and other messaging platforms (Messenger/Instagram). Meta acts as our Data Processor for the sending and receiving of messages.

  • Payments: We use Stripe as a payment gateway, which securely processes the tokenized data of your card. Camarai does not store sensitive card data.

  • Other Providers: Include infrastructure and hosting services (preferably in the EU/EEA), transactional email, and support tools.

The complete list of sub-processors is available upon request in writing to the email: contacto@camarai.es.

7. International Data Transfers

Our hosting and primary processing take place within the European Union. International data transfers outside the European Economic Area (EEA) are limited to:

  • United States (U.S.): We prefer providers adhering to the EU-US Data Privacy Framework (DPF). Otherwise, we apply the EU Standard Contractual Clauses (SCC), along with transfer impact assessments (TIA) and complementary measures.

We do not carry out other international data transfers outside of those mentioned.

8. Retention Periods

We keep your data only for as long as necessary to fulfill the described purposes, according to the following time frames:

  • Account and Contractual Data: Retained while the account is active and for 24 months after account cancellation request (blocking period).

  • Billing and Accounting: Retained for a period of 6 years, as required by Spanish commercial and tax regulations.

  • Security and Access Logs: 12 months.

  • Service Content (Prompts and Files): The content of messages exchanged via the Meta API is deleted from their servers after 30 days. Camarai, for its part, retains a copy of the content in its own systems for 12 months to ensure service continuity and traceability.

9. Rights of the Data Subject

You have the right to exercise the rights of access, rectification, deletion, objection, limitation of processing, data portability, and not to be subject to automated individual decisions.

  • How to exercise them: You can exercise your rights by sending an email to contacto@camarai.es.

  • Complaints: You can file a complaint with the Spanish Data Protection Agency (AEPD) if you believe your rights have not been duly addressed.

10. Security and Technical Measures

We apply rigorous technical and organizational measures to ensure the security of your data, including encryption in transit and at rest, access controls, two-factor authentication (2FA), encrypted backups, and continuous vulnerability management.

11. Use of Data for Artificial Intelligence and Model Improvement

  • B2B Accounts: By default, the content of B2B clients is not used to train or improve Camarai's AI models unless there is an agreement or an explicit opt-in.

  • B2C Accounts: We use metadata and minimized samples of content under the basis of legitimate interest for the improvement and optimization of our product. Users have the right to object (opt-out) available in their account settings.

12. Other Aspects

  • Minors: The service is not directed to minors. We will block registration for minors under 14 years old unless there is valid consent from parents or legal guardians.

  • Cookies: We use necessary cookies for the functioning of the service. For analytical or advertising cookies, we will request your consent through a preference management banner.

Privacy Policy


This Privacy Policy describes how CamaraiSL handles the personal data of its users. Our scope is global, with a strict focus on compliance with the General Data Protection Regulation (GDPR) of the European Union and the Organic Law 3/2018 (LOPDGDD) of Spain.



1. Identity and Contact of the Data Controller

The data controller of your data is Camarai (in establishment).

  • Address for notification purposes: C/ Brasil, 7, 03008 Alicante (Alacant), Alicante, Spain.

  • Privacy email: contacto@camarai.es.

2. Personal Data We Process

We only process data that is necessary, adequate, and relevant for the provision of our service:

  • Identification and Contact: Name, surname, email, company/position, and phone number.

  • Account and Credentials: Username, password (hash), and single sign-on (SSO) tokens.

  • Usage and Telemetry: IP address, device identifiers, access logs and events (logs).

  • Service Content: User prompts, messages, uploaded files (images/audio), and generated results.

  • Billing: NIF/CIF, business name, address, and purchase data (card data is processed directly by the payment gateway).

We do not proactively process special categories of data (sensitive data). If the user inputs this type of data into the content they upload or generate, they do so at their own risk.

3. Purposes and Legal Basis for Processing

We process your personal data based on the following legitimizations:

  • Execution of a Contract: For the registration and management of your account, the provision of Camarai's main service, billing, and responding to technical and operational support inquiries.

  • Legitimate Interest: To ensure the security of the service, prevent fraud and abuse, conduct aggregated analytics to improve product quality, and in the case of B2C accounts, to improve our AI models, with the possibility for the user to exercise their right to object (opt-out).

  • Legal Obligation: To comply with our fiscal, accounting obligations, and respond to requests from competent authorities.

  • Consent: For sending marketing communications (newsletter, updates, and offers). This consent can be revoked at any time without affecting prior processing.

4. Origin of the Data

The data comes directly from the user during registration and use of the service. They may also be generated by the system itself (logs) or provided by third parties through single sign-on (SSO) services, such as Google or Apple, limited to obtaining the verified email, name, and avatar.

5. Automated Decisions

Cámarai does not make decisions based solely on automated processing that produce legal effects or significantly affect you. If we apply predefined rules (for example, in volume pricing calculations), we always offer the option for human intervention and review.

6. Data Communication (Data Processors)

We share your data with third parties acting as Data Processors, under contract and with appropriate guarantees:

  • Messaging Platforms: We use Meta Platforms Ireland Limited to operate the WhatsApp Business API and other messaging platforms (Messenger/Instagram). Meta acts as our Data Processor for sending and receiving messages.

  • Payments: We use Stripe as a payment gateway, which securely processes the tokenized data of your card. Camarai does not store sensitive card data.

  • Other Providers: Include infrastructure and hosting services (preferably in the EU/EEA), transactional email, and support tools.

The complete list of subprocessors is available for consultation upon written request to the email: contacto@camarai.es.

7. International Data Transfers

Our hosting and primary processing occur within the European Union. International data transfers outside the European Economic Area (EEA) are limited to:

  • United States (US): We prefer providers adhering to the EU-US Data Privacy Framework (DPF). Otherwise, we apply the EU Standard Contractual Clauses (SCC), along with transfer assessments (TIA) and complementary measures.

We do not carry out any other international data transfers outside of those mentioned.

8. Retention Periods

We retain your data only for the time necessary to fulfill the described purposes, according to the following periods:

  • Account and Contractual Data: Retained while the account is active and for 24 months after a cancellation request (blocking period).

  • Billing and Accounting: Retained for a period of 6 years, as required by Spanish commercial and tax regulations.

  • Security and Access Logs: 12 months.

  • Service Content (Prompts and Files): The content of messages exchanged through the Meta API is deleted from their servers after 30 days. Camarai, for its part, retains a copy of the content in its own systems for 12 months to ensure service continuity and traceability.

9. Rights of the Data Subject

You have the right to exercise the rights of access, rectification, deletion, objection, restriction of processing, data portability, and not to be subject to automated individual decisions.

  • How to exercise them: You can exercise your rights by sending an email to contacto@camarai.es.

  • Complaints: You can file a complaint with the Spanish Data Protection Agency (AEPD) if you believe your rights have not been properly addressed.

10. Security and Technical Measures

We apply rigorous technical and organizational measures to ensure the security of your data, including encryption in transit and at rest, access control, two-factor authentication (2FA), encrypted backups, and continuous vulnerability management.

11. Use of Data for Artificial Intelligence and Model Improvement

  • B2B Accounts: By default, the content of B2B clients is not used to train or improve Camarai's AI models, unless there is an agreement or express opt-in.

  • B2C Accounts: We use metadata and minimized samples of content based on legitimate interest for the improvement and optimization of our product. Users have the right to object (opt-out) available in their account settings.

12. Other Aspects

  • Minors: The service is not directed to minors. We will block registration for those under 14 years old unless valid consent from parents or legal guardians is obtained.

  • Cookies: We use cookies necessary for the operation of the service. For analytical or advertising cookies, we will request your consent through a preference management banner.