Unofficial translation. This is an English translation provided for convenience. The legally binding version is the Spanish original. In case of discrepancy, the Spanish version prevails.

Effivis Privacy Policy

Last updated: January 2026

At EFFIVIS TECHNOLOGIES S.L. ("Effivis"), we process personal data responsibly and transparently, in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD). This policy explains how we collect, process and protect the personal information you provide.

1. Data Controller

EFFIVIS TECHNOLOGIES S.L.
Tax ID (CIF): B23839962
Address: C/ Zurbano 49, Bajo – Oficina 4, 28010 Madrid, Spain
Contact: [email protected]

2. Purposes of Processing

The personal data you provide will be processed for the following purposes:

  • Managing and responding to information requests or enquiries.
  • Delivering the services contracted through the Effivis platform.
  • Managing your user account and the contractual relationship.
  • Processing payments and invoicing.
  • Sending commercial communications (only with your consent).
  • Complying with legal and tax obligations.
  • Improving our services through anonymised statistical analysis.

3. Legal Basis

  • Consent (GDPR Art. 6.1.a): for marketing communications and analytical cookies.
  • Performance of a contract (Art. 6.1.b): to provide the contracted services and manage your account.
  • Legal obligation (Art. 6.1.c): to comply with tax and accounting obligations.
  • Legitimate interest (Art. 6.1.f): to safeguard platform security and prevent fraud.

4. Data Retention Periods

We keep personal data for the time necessary to fulfil the purpose for which it was collected and to determine any potential liabilities. Detailed retention tables are available in the Spanish original.

5. Data Processors

We share data with the following providers acting as Data Processors under our instructions and in compliance with the GDPR: AWS (EU hosting), Cloudflare (DNS/CDN), Stripe (payments, US, SCCs + DPA), Twilio, OpenAI, Google Cloud, Microsoft, Meta Platforms and Zendesk (all US, SCCs + DPA).

6. International Transfers

Where providers are outside the European Economic Area, we use Standard Contractual Clauses (SCCs) approved by the European Commission, signed Data Processing Agreements (DPAs), and additional technical measures (TLS 1.3 in transit, AES-256 at rest, pseudonymisation where possible).

7. Your Rights

You can exercise at any time your rights to:

  • Access — know what data we process.
  • Rectification — correct inaccurate or outdated data.
  • Erasure (right to be forgotten) — where data is no longer necessary or you withdraw consent.
  • Restriction of processing in specific circumstances.
  • Objection to processing based on legitimate interest.
  • Portability — receive your data in a machine-readable format.

To exercise them, email [email protected] with subject "Data Protection" and a copy of an ID document. You may also lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).

8. Information Security

  • Encryption in transit (TLS 1.3) and at rest (AES-256).
  • Per-tenant data isolation via Row-Level Security (RLS).
  • Multi-factor authentication (MFA) available.
  • Periodic security audits and continuous monitoring.
  • Least-privilege access policies.

9. Cookies

This site uses first-party and third-party cookies that are strictly necessary for it to function and, upon consent, analytical cookies (Google Analytics 4 with IP anonymisation). You may withdraw consent at any time by clearing cookies in your browser or installing the Google opt-out add-on at tools.google.com/dlpage/gaoptout.

10. Messaging Data (WhatsApp/Instagram/Facebook)

If you have interacted with a business through WhatsApp Business, Instagram Direct or Facebook Messenger using our platform, the conversation data is controlled by that business as Data Controller. Effivis acts as a Data Processor on their behalf in compliance with the GDPR. See our data deletion instructions for details.

10.bis Zendesk integration (Marketplace apps)

When you install an Effivis app from the Zendesk Marketplace (for example Problem Portfolio), you establish an integration between your Zendesk account and Effivis. This section describes exactly which data is read, what is stored outside Zendesk, for how long, and how to delete it.

Zendesk data we access

  • Tickets (id, type, status, priority, tags, subject, description, problem_id, timestamps, requester_id, assignee_id) — read live to populate the Problems/Incidents list and detail views.
  • Zendesk users and groups (id, name, email) — only those referenced by the loaded tickets; to display assignees and requesters.
  • Ticket fields (custom fields) — metadata only (id, title, type, options) to offer them as grouping and filtering axes. We do not read values of fields marked sensitive.
  • Zendesk account subdomain and the app installation_id — to link your install to your Effivis workspace.

Data stored outside Zendesk

The app runs mainly in your browser; ticket data is read in real-time and is NOT persisted in Effivis except for the following specific cases:

  • Ticket embeddings (numeric vectors derived from text, after the PiiStripper filter removes emails, phone numbers, IBAN, NIF, card numbers and IPs). Only if an admin enables the AI-powered "Related Tickets" feature. Stored in PostgreSQL (AWS Ireland) with per-tenant Row-Level Security.
  • Integration token (opaque bearer) issued by Effivis and bound to your install. Only its SHA-256 hash is persisted.
  • Installation metadata: Zendesk subdomain, installation_id, state (pending/connected/uninstalled) and connection timestamps.
  • Anonymised audit logs of each API call (method, path, trace_id, response code) — ticket body excluded.

Integration-specific subprocessors

OpenAI Ireland Ltd. (embeddings and re-rank for AI features, under EU-US DPF + SCCs), AWS EMEA S.à r.l. (EU hosting, eu-west-1), Cloudflare (CDN and DDoS) and Stripe Payments Europe Ltd. (Effivis plan billing). Zendesk data is never sent to Stripe.

Retention

  • Embeddings and AI cache: until a deletion request, or 30 days after uninstalling the app (whichever comes first).
  • Integration token: revoked immediately on uninstall; the hash is kept for 90 days for security audit.
  • Installation metadata: kept in "uninstalled" state for 24 months for traceability and metrics; immediate deletion available on request by email.

How to disconnect and delete data

  1. In Zendesk, go to Admin Center → Apps → Manage and uninstall the Effivis app. Zendesk notifies us automatically and we revoke the integration token.
  2. From the app itself, the Disconnect button lets you choose between disconnecting with 30-day embedding retention (reversible) or immediate purge.
  3. For full, permanent deletion (including audit retention), email [email protected] with your Zendesk subdomain.

All personal data derived from the Zendesk integration is covered by the same rights (access, rectification, erasure, portability) described in section 7.

11. Updates

Effivis may update this Policy to reflect changes in regulation, technology or our services. Updates are published on this page with the effective date. For material changes, registered users will be notified by email.

12. Contact

EFFIVIS TECHNOLOGIES S.L.

C/ Zurbano 49, Bajo – Oficina 4
28010 Madrid, Spain

Privacy: [email protected]
General: [email protected]

See also our Terms of Service, Legal Notice and Data Deletion Instructions.