Privacy Policy

Legal basis for processing: Processing is based primarily on your consent (Art. 6.1.a GDPR), which you can withdraw at any time. Important notice: if you share information about your neurodivergence or health condition (for example, when filling out your profile or searching for specific services), this information may be considered special category data (health data) under Art. 9 of the GDPR. For this type of data, we request your explicit consent separately. You have the right to withdraw this consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

Who do we share your data with? We do not sell your data or share it with third parties for commercial purposes. However, for the platform to function, we work with service providers (data processors) who access your data solely to provide their services: (1) Clerk — authentication and login management (US company, operating under EU Standard Contractual Clauses); (2) Stripe — secure payment processing (US company, PCI-DSS certified, operating under EU Standard Contractual Clauses); (3) PostHog — platform usage analytics, only if you accept analytics cookies (EU instance, data stored in Europe); (4) Resend — transactional email delivery (US company, operating under EU Standard Contractual Clauses); (5) Mapbox — map visualization (US company, operating under EU Standard Contractual Clauses). Important: some of these providers are based in the US. International transfers are safeguarded through Standard Contractual Clauses approved by the European Commission, as required by Art. 46 GDPR.

How long do we keep your data? We keep your data as long as your account is active. If you delete your account, we delete your personal data within 30 days, unless the law requires us to retain it longer (e.g., billing data: 5 years under Spanish tax regulations).

Your rights: You have the right to access your data, correct it, delete it, object to its processing, restrict its use, and obtain a portable copy. You can also withdraw your consent at any time. To exercise any of these rights, write to us at info@atipicos.org. You also have the right to file a complaint with the Spanish Data Protection Agency (www.aepd.es) if you believe we have not handled your request properly.

Security of your data: We apply robust technical and organizational measures to protect your information: data encryption, restricted access, secure authentication via Clerk, and protected database storage (Convex). Given the sensitivity of data from neurodivergent people, we apply enhanced protection standards.

Legal basis for processing: Processing is based on your consent (Art. 6.1.a GDPR) and the performance of the service contract (Art. 6.1.b GDPR). Payment processing is necessary for the execution of the contract.

What information is made public? You decide what information appears on your public profile (name, specialties, location, social networks, photos, videos, etc.). ATÍPICOS will not modify or remove your content without your authorization, except where it violates our terms of use. Any images or testimonials you publish must respect the rights of third parties.

Who do we share your data with? We do not sell your data. We work with service providers necessary for the platform to function: (1) Clerk — authentication management (US, Standard Contractual Clauses); (2) Stripe — subscription payment processing (US, PCI-DSS certified, Standard Contractual Clauses); (3) PostHog — usage analytics (EU instance, analytics cookies only); (4) Resend — email communications (US, Standard Contractual Clauses); (5) Mapbox — map and location display (US, Standard Contractual Clauses). Transfers to the US are covered by Standard Contractual Clauses approved by the European Commission (Art. 46 GDPR).

How long do we keep your data? We keep your professional data as long as your account is active. After deleting your profile, your data is deleted within 30 days, except where legally required to retain it (billing data: 5 years under Spanish tax law).

Your rights: You have the right to access, correct, delete, object to, restrict, and obtain portability of your data. Write to us at info@atipicos.org. You may also file a complaint with the Spanish Data Protection Agency (www.aepd.es).

Security: We implement advanced technical and organizational security measures: encryption, controlled access, protected storage, and regular audits. Sensitive content receives enhanced protection.