Privacy notice

How we handle your data.

Last updated: May 29, 2026

Eurema (eurema.ai) operates from Monterrey, Nuevo León, Mexico and serves B2B companies across Latin America. This notice describes what personal data we collect, why, and how we protect it — under Mexico's Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP).

1. Data controller

The controller is Luis Guzmán, founder of Eurema, based in Monterrey, Nuevo León, Mexico. Direct contact: [email protected] · +52 81 1532 9429.

2. What we collect

Only what you give us in the contact form:

  • Name — to address you.
  • Work email — to reply.
  • Company, role, phone (optional) — to qualify and personalize the proposal.
  • Industry, interest, source channel (optional) — to tailor the response to your sector.
  • Free-text message — what you type.
  • IP address and browser user-agent — to prevent spam and abuse.

We do not use tracking cookies or third-party analytics (no Google Analytics, no Meta Pixel). If we ever do, this notice will be updated and you'll see a consent banner.

3. What we use your data for

  • Respond to your contact request and continue the commercial conversation.
  • Send you the proposal and materials related to your interest.
  • Keep an auditable record of the exchange.

We do not use your data for advertising, do not sell it, and do not share it with third parties for marketing.

4. Where your data lives

  • Cloudflare D1 (serverless database, distributed infrastructure with replicas in the data center nearest you).
  • Resend (transactional email service) to send notification to Luis and the confirmation email you receive.
  • Google Workspace — where Luis reads your email in his [email protected] inbox.

All these providers meet international security standards (SOC 2, GDPR-compliant, in-transit and at-rest encryption).

5. How long we keep it

As long as the conversation is active and through the duration of the commercial relationship. After a year of inactivity, we delete the lead (kept anonymized for internal metrics: sector, source channel, no name or email). You can request early deletion at any time (see point 7).

6. Who we share data with

Nobody outside the Eurema team. We don't sell data, don't pass it to commercial partners, don't use it to train AI models.

The only third parties touching your data are the technical providers in point 4 — and only so the infrastructure works (hosting, transactional email).

7. Your ARCO rights

Under LFPDPPP you have the right to:

  • Access — know what data we have on you.
  • Rectification — correct what's wrong.
  • Cancellation — request deletion.
  • Opposition — ask us to stop using it for specific purposes.

To exercise any of them, email [email protected] with subject "ARCO rights". We respond within 20 business days (legal deadline). For deletion, ≤72 hours and we confirm in writing.

8. Security

  • Forced HTTPS across eurema.ai (HSTS + preload).
  • Cloudflare Turnstile — invisible anti-bot verification.
  • Rate limiting — max 5 submits/hour per IP.
  • Security headers (CSP, X-Frame-Options, etc.).

In case of a security incident compromising your data, we'll notify you by email within 72 hours of detection.

9. Changes to this notice

If we change something material, we'll update the "Last updated" date above and, for material changes, notify you at the email of the last contact we have.

10. Contact

Questions about this notice or how we handle your data:

Luis Guzmán — Founder, Eurema
Email: [email protected]
Phone / WhatsApp: +52 81 1532 9429
Monterrey, Nuevo León, Mexico