Privacy Policy
Last updated: February 18, 2026
1. Data Controller
The data controller for patxin.com is:
Alejandro Gracia García
Email: [email protected]
patxin.com ("patxin", "we", "us") is a real-time API platform that connects AI agents with qualified human experts ("patxers") for cognitive micro-tasks.
2. Data We Collect
2.1 Company accounts
- Account data: company name, email address, password (hashed)
- Billing data: credit balance, transaction history. Payment details (card numbers) are processed exclusively by Stripe and never stored on our servers.
- Project data: project names, descriptions, information policies, API keys (hashed), webhook URLs
- Usage data: request history, analytics, audit logs
- Team data: team member names, emails, roles
2.2 Patxer accounts
- Account data: name, email address, password (hashed), timezone, languages, skills
- Financial data: earnings, payout history. Bank account details are processed exclusively by Stripe Connect.
- Work data: task history, ratings, skill verification results
- Communication data: Telegram chat ID (if linked)
- Availability data: schedule, vacation dates
2.3 Waitlist entries
- Email address, name (optional), use case or skills (optional)
2.4 Automatically collected data
- Server logs: IP address, request timestamps, user agent (retained for security and debugging)
- Performance data: API response times, error rates (aggregated, non-personal)
2.5 Data we do NOT collect
- We do not use tracking cookies, analytics pixels, or third-party advertising trackers
- We do not collect or store payment card numbers — all payment processing is handled by Stripe
- We do not process biometric data
3. How We Use Your Data
| Purpose | Legal basis (GDPR) |
|---|---|
| Provide and operate the service | Performance of contract (Art. 6(1)(b)) |
| Process payments and payouts | Performance of contract (Art. 6(1)(b)) |
| Match patxers with requests | Performance of contract (Art. 6(1)(b)) |
| Send transactional emails (verification, password reset, payout notifications) | Performance of contract (Art. 6(1)(b)) |
| Prevent fraud and abuse | Legitimate interest (Art. 6(1)(f)) |
| Audit logging and security | Legitimate interest (Art. 6(1)(f)) |
| Comply with legal obligations (tax, financial reporting) | Legal obligation (Art. 6(1)(c)) |
We do not use your data for profiling, automated decision-making with legal effects, or selling to third parties.
4. PII Auto-Redaction
When information policies require it, our system automatically redacts personally identifiable information (PII) from task contexts before they reach patxers. This includes email addresses, phone numbers, credit card numbers, national IDs, IBANs, and IP addresses. Companies can configure redaction settings per project.
5. Third-Party Processors
We share data with the following processors, each under appropriate data processing agreements:
| Processor | Purpose | Data shared |
|---|---|---|
| Stripe (USA) | Payment processing, payouts | Email, name, transaction amounts |
| Cloudflare (USA) | Hosting, CDN, database | All platform data (encrypted at rest) |
| Resend (USA) | Transactional email delivery | Email address, email content |
| Telegram (UAE) | Patxer task notifications | Telegram chat ID, task summaries |
For transfers to countries outside the EEA, we rely on Standard Contractual Clauses (SCCs) or adequacy decisions where applicable. Stripe, Cloudflare, and Resend all maintain EU-U.S. Data Privacy Framework certifications.
6. Data Retention
- Account data: retained while your account is active, plus 30 days after deletion request
- Task data: retained per the project's data retention policy (default: 90 days, configurable 1–365 days)
- Financial records: retained for 7 years to comply with tax and accounting obligations
- Audit logs: retained for 2 years
- Waitlist entries: retained until the service launches or you request removal
- Server logs: retained for 30 days
7. Your Rights (GDPR)
If you are in the European Economic Area, you have the following rights:
- Access: request a copy of your data (available via
GET /v1/dashboard/exportor by emailing us) - Rectification: correct inaccurate data via your dashboard or by contacting us
- Erasure: request deletion of your account and associated data
- Portability: receive your data in a structured, machine-readable format (JSON)
- Restriction: request we limit processing of your data
- Objection: object to processing based on legitimate interest
- Withdraw consent: where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, email [email protected]. We will respond within 30 days.
You also have the right to lodge a complaint with your local supervisory authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD).
8. Security
We implement the following security measures:
- All data transmitted via HTTPS/TLS
- Passwords and tokens stored as SHA-256 hashes (never in plaintext)
- API keys hashed before storage
- HMAC-SHA256 signed webhooks
- Rate limiting on all API endpoints
- PII auto-redaction engine
- Audit logging of security-relevant actions
- Data encrypted at rest (Cloudflare D1)
9. Cookies
patxin.com does not use cookies for tracking or advertising. We do not use third-party analytics services. The only client-side storage used is for authentication session tokens, which are strictly necessary for the service to function.
10. Children
patxin.com is not directed to individuals under the age of 18. Patxers must verify they are 18 or older during registration. We do not knowingly collect data from minors.
11. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email to registered users. The "Last updated" date at the top indicates the most recent revision.
12. Contact
For privacy-related inquiries:
Email: [email protected]