1. Data controller
herihe.digital is a brand operated by Converclick, headquartered in Santiago, Chile. It also includes the sub-product diy.herihe.digital (DIY marketing SaaS powered by AI).
For any matter related to your personal data, contact us at:
- General email: hola@herihe.digital
- Privacy / Data Protection Officer: privacy@herihe.digital
- Controller: Héctor Solís
2. What data we collect
2.1 Data you provide directly
- Brand Discovery form: name, email, website URL, country, main objective for the month.
- Optional free text: if you choose to describe your biggest frustration with AI tools.
- Account data (paying customers): billing details, payment method (processed by Stripe / MercadoPago — we never store card numbers).
- Credentials you voluntarily link: tokens for Google Ads (via MCC), Meta Business Manager, Google Analytics, Fathom, Dropbox, etc. Stored encrypted (age encryption) in your dedicated droplet.
2.2 Data collected automatically
- Technical: IP address, user-agent, consent and confirmation timestamps.
- From the analyzed site: public HTML, CSS colors, typography, metadata (only public pages of your own site).
- Platform usage: briefs generated, deliverables approved, revisions requested.
3. Purposes and legal basis
| Purpose | Legal basis (GDPR art. 6) | Data |
|---|---|---|
| Generate your Brand Discovery | Consent (double opt-in) — art. 6(1)(a) | Email, URL, name, country |
| Send transactional emails (confirmation, deliverables ready) | Consent / Contract performance — art. 6(1)(a)/(b) | Email, name |
| Provide SaaS service (paying customers) | Contract performance — art. 6(1)(b) | Account data, linked credentials |
| Billing and tax compliance | Legal obligation — art. 6(1)(c) | Billing data |
| Product improvement (anonymized) | Legitimate interest — art. 6(1)(f) | Aggregated usage, no individual ID |
| Newsletter or commercial content | Consent (separate opt-in) — art. 6(1)(a) | Email, name, preferences |
4. Who we share your data with
We only share data with vendors strictly necessary to operate the service. All are contractually bound to protect your data:
| Vendor | Purpose | Location |
|---|---|---|
| Anthropic (Claude API) | AI content generation | USA |
| DigitalOcean | Cloud infrastructure (droplets, databases) | USA / EU |
| Mautic (self-hosted) | Email marketing | Our infrastructure (DigitalOcean) |
| Stripe / MercadoPago | Payment processing | USA / Argentina |
| Telegram | Bot communication channel (optional) | Global |
| Google (Workspace, Analytics) | Corporate email, analytics | USA / EU |
We do not sell your data. We do not share your data with other herihe.digital customers. Each customer has full isolation.
5. International data transfers
Some of our vendors (Anthropic, DigitalOcean, Stripe) are located outside your jurisdiction. For these transfers we apply:
- Standard Contractual Clauses (SCC) with each vendor;
- Verification that the country offers adequate protection or that the vendor complies with GDPR / equivalent framework;
- Your informed consent when accepting this policy.
6. Retention period
| Data type | Retention |
|---|---|
| Lead with unconfirmed opt-in | 48 hours (then automatically deleted) |
| Confirmed lead without conversion | 12 months or until revocation |
| Active customer | While the account is active + 6 months |
| Billing records | 7 years (US/EU tax compliance) |
| Consent proof (revoked) | 6 months after revocation (proof-of-origin requirement) |
| Technical logs | 90 days |
7. Your rights as a data subject
Depending on your location, you have the following rights:
Under GDPR (EU) — arts. 15-22
- Access — know what data we have about you.
- Rectification — correct inaccurate or incomplete data.
- Erasure ("right to be forgotten") — request deletion of your data.
- Restriction of processing in certain circumstances.
- Data portability — receive your data in a structured format (JSON).
- Object to processing based on legitimate interest.
- Not be subject to automated decisions producing legal effects without human review.
- Withdraw consent at any time (link in every email).
- Lodge a complaint with your local Data Protection Authority.
Under CCPA (California residents)
- Right to know what personal information we collect, use, disclose.
- Right to delete personal information we collected from you.
- Right to opt-out of sale — we do NOT sell personal information.
- Right to non-discrimination for exercising your rights.
Email privacy@herihe.digital with the subject "Rights request — [your right]". We respond within 30 days (GDPR) or 45 days (CCPA). No fees for exercising your rights.
8. Security measures
- Encryption at rest: credentials in
age-encryptedvaults per customer on dedicated droplets. - Encryption in transit: HTTPS/TLS 1.2+ on all communications.
- Isolation: each customer has their own database (
converclick_dlv_{slug}), droplet, and vault. Impossible for one customer's data to cross to another. - Authentication: bcrypt passwords, hashed API keys (never plaintext), HttpOnly Secure sessions.
- Audit logs: every R2/R3 action (significant modifications) is logged.
- Mandatory opt-in before any processing that consumes AI resources.
9. Cookies and similar technologies
We use strictly necessary cookies (session, language and theme preferences) and, with your consent, analytics cookies (Google Analytics 4).
You can manage your preferences via the cookie banner on your first visit, or disable them in your browser.
We do not use behavioral advertising cookies.
10. Minors
Our services are intended for users 18 years or older (13+ with verified parental consent, per COPPA in US). We do not knowingly collect minors' data. If you believe a minor provided us data, contact us and we will delete it.
11. Changes to this policy
We may update this policy to reflect legal, technical, or business changes. We will notify you 30 days in advance of any material changes via email and a prominent site notice.
The date of the latest version appears at the top of this document.
12. Contact
For any questions about this policy or about the processing of your data:
- Email: privacy@herihe.digital
- Site: https://herihe.digital
- Company: Converclick, Santiago, Chile
This policy was drafted as version 1.0 on April 19, 2026 and should be reviewed by qualified counsel before production deployment (especially for EU and California customers). If you are that professional reviewing: legal@herihe.digital.