Privacy Policy

Last updated: February 19, 2026

At ZenturLabs, the protection of your personal data is a priority. This Privacy Policy (hereinafter, the "Policy") describes how we collect, use, store, share, and protect your personal information, in compliance with Mexico's Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP), the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and other applicable legislation in the jurisdictions where we operate.

1. Data Controller

ZenturLabs is the Data Controller responsible for your personal data. You may contact us at:

Email: contact@zenturlabs.com
Website: through our contact form.

ZenturLabs is committed to protecting your privacy and processing your personal data lawfully, fairly, transparently, and in accordance with the principles of proportionality, purpose limitation, and accountability established by applicable legislation.

2. Personal Data We Collect

Depending on your interaction with us, we may collect the following categories of personal data:

2.1 Data provided directly by you

Identification data: full name, email address, phone number.
Professional data: company or organization name, job title or position, website.
Project data: project description, type of service required, estimated budget, desired timelines.
Billing data: business name, tax address, Tax ID (RFC/VAT number), banking information for billing and payment purposes.
Communication data: content of messages, emails, and any other communications you have with us.

2.2 Data collected automatically

Browsing data: IP address, browser type and version, operating system, screen resolution.
Site usage data: pages visited, time spent, referral source, browsing patterns.
Cookie and similar technology data: session identifiers, language preferences, analytics data (see Cookies section).
General location data: country and region derived from IP address (precise location is not collected).

3. Legal Basis for Processing

We process your personal data based on the following legal grounds, depending on the applicable jurisdiction:

Consent: when you voluntarily provide your data through our contact forms, quote requests, or direct communications (applicable in all jurisdictions).
Performance of a contract: when processing is necessary to provide the contracted Services or to take pre-contractual steps at the data subject's request (Art. 6.1.b GDPR).
Legitimate interest: to improve our services, ensure the security of our website, and conduct usage analysis that does not disproportionately affect your rights (Art. 6.1.f GDPR).
Legal obligation: when processing is necessary to comply with applicable tax, accounting, or regulatory obligations (Art. 6.1.c GDPR; Mexican and U.S. tax legislation).
Express consent (LFPDPPP): under Mexican law, we obtain your consent for the processing of personal data in accordance with the purposes described in this Policy.

4. Processing Purposes

4.1 Primary purposes (necessary)

Your personal data will be used for the following primary purposes:

Respond to your inquiries, information requests, and quote requests.
Prepare and send customized commercial proposals.
Enter into and perform service agreements.
Provide the contracted web development, software, and automation services.
Manage billing, collections, and payment administration.
Provide technical support and after-sales service.
Comply with legal, tax, and regulatory obligations.
Exercise or defend legal rights in the event of disputes.

4.2 Secondary purposes (non-essential)

With your consent, we may use your data to:

Send newsletters, updates, and content of interest about our services and the technology sector.
Send promotional communications and special offers.
Conduct satisfaction surveys and market studies.
Compile internal statistics and analyses to improve our services.
Include case studies or testimonials in our portfolio (with specific authorization).

You may withdraw your consent for secondary purposes at any time without affecting the provision of our services. To do so, send an email to contact@zenturlabs.com with the subject line 'Consent Withdrawal'.

5. Data Retention Period

We retain your personal data for the time strictly necessary to fulfill the described purposes:

Active client data: for the duration of the contractual relationship and up to 5 years after its termination (to comply with tax and legal obligations).
Prospect data: up to 2 years from the last contact, unless you request earlier deletion.
Billing and accounting data: in accordance with the periods established by applicable tax legislation (generally 5 years in Mexico, per the Federal Tax Code).
Browsing data and cookies: as specified in the Cookies section of this Policy.
Marketing data: until you withdraw your consent.

Once the retention period has elapsed, your data will be securely deleted or anonymized.

6. Your Rights — Data Subjects in Mexico (ARCO Rights)

Under the LFPDPPP and its Regulations, you have the right to:

Access: know what personal data we hold about you and how we process it.
Rectification: request correction of inaccurate or incomplete personal data.
Cancellation: request deletion of your personal data when you believe it is not being processed in accordance with legal principles and duties.
Opposition: object to the processing of your personal data for specific purposes.

To exercise your ARCO rights, send a request to contact@zenturlabs.com with the following information: full name, copy of official identification, clear description of the right you wish to exercise, and any supporting documentation. We will respond within a maximum of 20 business days from receipt of your complete request.

7. Your Rights — EU Residents (GDPR)

If you reside in the European Union or the European Economic Area, you have the following rights under the GDPR:

Right of access (Art. 15): obtain confirmation of whether we process your data and access a copy thereof.
Right to rectification (Art. 16): request correction of inaccurate or incomplete data.
Right to erasure / 'right to be forgotten' (Art. 17): request deletion of your data when no longer necessary, you withdraw consent, or you object to processing.
Right to restriction of processing (Art. 18): request restriction of your data processing under certain circumstances.
Right to data portability (Art. 20): receive your data in a structured, commonly used, and machine-readable format, and transmit it to another controller.
Right to object (Art. 21): object to processing based on legitimate interest or for direct marketing purposes.
Right not to be subject to automated decisions (Art. 22): not be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you.
Right to lodge a complaint: with the data protection authority of your country of residence.

To exercise any of these rights, contact contact@zenturlabs.com. We will respond within one (1) month, extendable by two additional months for complex or numerous requests.

8. Your Rights — U.S. Residents

8.1 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA and CPRA:

Right to know: request information about the categories and specific pieces of personal data we have collected, the sources, business purposes, and third parties with whom we share it.
Right to delete: request deletion of personal data we have collected about you.
Right to correct: request correction of inaccurate personal data.
Right to opt-out: opt out of the sale or sharing of your personal data. ZenturLabs does not sell personal data.
Right to non-discrimination: you will not be discriminated against for exercising your privacy rights.

8.2 Additional Information for California Residents

We do not sell consumers' personal data to third parties.
We do not share personal data with third parties for cross-context behavioral advertising purposes.
We do not use or disclose sensitive personal information for purposes other than those permitted by the CCPA/CPRA.

To exercise these rights, contact contact@zenturlabs.com. We will verify your identity before processing your request. You may designate an authorized agent to submit requests on your behalf.

9. International Data Transfers

As ZenturLabs operates across multiple jurisdictions, your personal data may be transferred to and processed outside your country of residence. We ensure that all international transfers are supported by appropriate safeguards:

Transfers from the EU/EEA: are carried out based on Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or, where applicable, the explicit consent of the data subject.
Transfers from Mexico: are carried out in accordance with the LFPDPPP, informing the data subject and, when necessary, obtaining their consent.
Transfers from the United States: are carried out in compliance with applicable state and federal laws.

We do not transfer personal data to unauthorized third parties. Service providers and sub-processors with access to personal data are bound by data processing agreements ensuring the same level of protection.

10. Third Parties and Service Providers

We may share your personal data with the following categories of third parties, strictly for the purposes indicated:

Hosting and cloud storage providers: to host our website and securely store data.
Email service providers: to manage communications and, where applicable, marketing campaigns.
Web analytics providers (such as Google Analytics): to understand site usage and improve user experience. This data is collected in anonymized or pseudonymized form where possible.
Payment service providers: to securely process transactions.
Professional advisors: accountants, lawyers, and consultants, when necessary to comply with legal obligations.
Government authorities: when required by law, court order, or legal proceedings.

All third parties are contractually obligated to protect your personal data and use it only for authorized purposes.

11. Cookie Policy

Our website uses cookies and similar technologies. Cookies are small text files stored on your device when you visit our site.

11.1 Types of cookies we use

Strictly necessary cookies: essential for the website to function (navigation, security, language preference). These do not require consent.
Performance and analytics cookies: allow us to understand how visitors interact with our site, collecting information anonymously or pseudonymously.
Functionality cookies: remember your preferences (such as selected language) to enhance your experience.

11.2 Cookie management

You can configure your browser to reject all cookies or to be notified when a cookie is sent. However, disabling some cookies may affect site functionality. For EU residents, we request your consent before installing non-essential cookies, in accordance with the ePrivacy Directive and the GDPR.

12. Security Measures

ZenturLabs implements reasonable and appropriate technical, administrative, and physical measures to protect your personal data, including:

Data encryption in transit via TLS/SSL protocol (HTTPS).
Restricted access control to personal data, limited to authorized personnel.
Internal information security policies and staff training.
Monitoring and detection of unauthorized access.
Periodic data backups.
Regular review and update of security measures.

In the event of a security breach affecting your personal data, we will notify you in accordance with the timelines and requirements established by applicable legislation (72 hours to authorities under GDPR; without undue delay to affected data subjects).

13. Children's Data

Our services are not directed at minors (under 18 in Mexico, 16 in the EU, or 13 in the U.S., depending on the jurisdiction). We do not intentionally collect personal data from minors. If we become aware that we have collected data from a minor without required parental consent, we will proceed to delete it immediately. If you are a parent or guardian and believe your child has provided us with personal data, please contact contact@zenturlabs.com.

14. Automated Decision-Making and Profiling

ZenturLabs does not carry out automated decision-making or profiling that produces legal effects on you or similarly significantly affects you. If we implement such processing in the future, we will inform you in advance and provide mechanisms to exercise your rights in accordance with applicable legislation.

15. 'Do Not Track' Signals

Our website respects 'Do Not Track' (DNT) signals sent by your browser. When we detect a DNT signal, we do not install analytics or tracking cookies. Additionally, for California residents, we respect Global Privacy Control (GPC) signals in accordance with the CCPA/CPRA.

16. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy at any time to reflect changes in our data processing practices, legal requirements, or improvements to our services. Changes will be published on this page with the corresponding update date.

For material changes that significantly affect the processing of your data, we will notify you by email (if we have your address) or through a prominent notice on our website, at least 30 days before the changes take effect.

We recommend reviewing this Policy periodically to stay informed about how we protect your information.

17. Contact and Data Protection Officer

For any inquiries, rights exercise requests, complaints, or clarifications about this Privacy Policy or the processing of your personal data, you may contact us through:

Email: contact@zenturlabs.com
Contact form: available on our website.

If you believe that the processing of your personal data violates applicable regulations, you have the right to lodge a complaint with the competent data protection authority:

Mexico: National Institute for Transparency, Access to Information and Protection of Personal Data (INAI) — www.inai.org.mx
European Union: the data protection authority of your country of residence.
United States (California): Office of the California Attorney General — oag.ca.gov