KookiAI
Start

Legal Document

Privacy Policy

At KookiAI (a brand owned by Jesús Rodríguez Canovaca), we value and respect your privacy. This policy clearly and transparently explains how we collect, use, and protect your personal information when you use our technical cookie auditing platform, in strict compliance with the European Union’s General Data Protection Regulation (GDPR) and the Spanish Organic Law 3/2018 (LOPDGDD).

1. Data Controller

  • Identity: Jesús Rodríguez Canovaca (Owner of the KookiAI brand and software)
  • Tax ID (NIF): 39732391Y
  • Business Address: Calle Joan Molas i Sabatè No. 9, floor 4-1, Postal Code 43007, Tarragona (Spain).
  • Contact Email: soporte@kookiai.com

Note: KookiAI is a B2B platform exclusively aimed at professionals, companies, agencies, and individuals over the age of 18. We do not knowingly collect data from minors.

2. Data Collected and Purpose of Processing

The platform collects and processes user information at different stages of your interaction with the software:

  • Account registration and management: We collect your corporate email, name, password, and the selected professional role (e.g., Developer, Agency). If you use Google Login, we will securely receive your email and unique user identifier.
  • Service execution (Scanner): We process the URL of the website you enter for auditing. Our software visits the website anonymously in incognito mode to record exclusively technical network data (names of cookies installed prior to consent and network calls to third parties).
  • Payment processing: For subscription plan billing, our secure provider (Stripe) collects your billing and payment details. The Controller does not store your bank card details on its servers.
  • Alerts and support: We use your email address to send you system notifications (e.g., “scan completed,” cookie alerts) and to resolve your technical questions.

The legal basis that allows us to process your personal data is:

  • Performance of a contract or pre-contractual relationship (Art. 6.1.b GDPR): Necessary to create your user account, provide access to the dashboard, and technically execute the cookie scan on the URLs you request.
  • Compliance with legal obligations (Art. 6.1.c GDPR): For mandatory commercial and tax invoicing of subscriptions.
  • Explicit consent (Art. 6.1.a GDPR): For sending commercial bulletins or informative newsletters, which you can revoke at any time immediately.

4. Transparency in the use of Artificial Intelligence (AI)

In compliance with Regulation (EU) 2024/1689 (AI Act) and the duty of transparency, we inform you that the KookiAI engine uses the Application Programming Interface (API) of the Gemini (Google) artificial intelligence model for strictly technical visual auditing purposes:

  • The AI analyzes screenshots of the public interface of audited websites to identify if the “Accept” and “Reject” buttons in the cookie banner comply with the principle of equal visual prominence.
  • The AI assists in the technical classification of detected cookie names.

Confidentiality guarantee: KookiAI does not transmit personal data of its registered users to the Gemini API. Only public technical data from the audited websites is sent. Furthermore, Google contractually guarantees that corporate API queries are not used to train its public models.

5. Data Retention and Inactivity

  • Active accounts: Your personal data and PDF audit reports will be stored on our protected servers as long as your account remains active.
  • Inactivity policy (Secure deletion): In application of the principle of storage limitation, if you do not log in to the platform for an uninterrupted period of 1 year, we will send you a notice email 30 days in advance. If the account remains inactive, we will proceed to the permanent deletion of your user profile, reports, and all associated data from our servers.
  • Tax data: Invoices and associated tax data will be blocked and stored securely during the applicable legal periods (6 years according to the Spanish Commercial Code).

6. Recipients and International Transfers

We share strictly necessary data with providers acting as data processors under contracts pursuant to Art. 28 of the GDPR. When using global, top-tier tools, international transfers are carried out under the legal safeguards of Art. 46 of the GDPR:

  • Hostinger International Ltd. (Cyprus/EU): Hosting of web infrastructure and databases. No international transfer.
  • Cloudflare Inc. (USA): Perimeter security protection, CDN, and secure storage of screenshots. US entity adhering to the EU-US Data Privacy Framework.
  • Stripe Inc. (USA): Payment processing and billing. Adhering to the EU-US Data Privacy Framework.
  • Google Ireland Ltd. / Google LLC (USA): Provider of Google Login and the Artificial Intelligence API (Gemini). Adhering to the EU-US Data Privacy Framework.
  • Telegram Messenger Inc. (UAE): Used exclusively for internal administrative notifications of platform registration. Compliance overseen by its European representative (EDPO, Brussels).

7. Your Rights (GDPR)

You have the right to access, rectify, port, and request the deletion of your personal data, as well as to restrict or object to its processing at any time.

To exercise these rights, please send an email to soporte@kookiai.com. Minimization note: To avoid unnecessary data collection, we will only request a photocopy of your identity document (ID card or equivalent) if there are reasonable doubts regarding the veracity of your identity.

If you believe that Jesús Rodríguez Canovaca has violated your rights, you have the right to file a direct claim with the Spanish Data Protection Agency (www.aepd.es).

Last Updated: 6/21/2026 KookiAI Compliance Seal