This Privacy Policy for Narrowpath Strategies S.L. (referred to as “Narrowpath AI,” “we,” “us,” or “our”) describes how and why we collect, store, use, and share your personal information when you use our services (“Services”), which include:

• Visiting our website at nrpath.ai or any site that links to this Privacy Policy.

• Using any platform, application, or service provided by Narrowpath AI during the course of our business engagements.

• Engaging with us in other related ways – for example, contacting us via email, phone, or participating in our marketing or events.

Questions or concerns? Reading this Privacy Policy will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at contact@nrpath.ai.

Summary of Key Points

Q. What personal information do we process?
When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the choices you make. For example, we collect information that you actively provide (such as contact details you submit) and information that is collected automatically (such as technical device data) during your use of the Services

Q. Do we process any sensitive personal information?
No. We do not process sensitive personal information (for instance, we do not intentionally collect data about racial or ethnic origin, political opinions, health, or other special categories).

Q. Do we receive any information from third parties?
No. We do not receive personal information about you from third-party sources. The personal data we process is typically collected directly from you or through your use of our Services.

Q. How do we process your information?
We process your information to operate, provide, and improve our Services, to communicate with you, for security and fraud prevention, and to comply with our legal obligations. We may also process your information for other purposes with your consent, and will only do so when we have a valid legal reason.

Q. In what situations and with which parties do we share personal information?
We may share information in specific situations and with specific third parties, such as with service providers who assist in providing our Services, or if required by law. (See more details in the “Data Sharing” section below.) We do not sell your personal information.

Q. How do we keep your information safe?
We have implemented organizational and technical measures to protect your personal information. However, please note that no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise that hackers or other unauthorized parties will never be able to defeat our security and improperly access your information. We continuously work to protect your data, but you share and use our Services at your own risk.

Q. What are your rights?
Depending on your location, you may have certain rights regarding your personal information under applicable privacy laws. For example, individuals in the European Economic Area (EEA) and similar jurisdictions have the right to access, correct, or delete their personal data, among other rights. We honor all applicable rights as described in the “Your Privacy Rights” section of this Policy.

Q. How do you exercise your rights?
The easiest way to exercise your rights is by contacting us (see the “Contact Us” section at the end of this Policy) with your specific request. We will consider and act upon any request in accordance with applicable data protection laws. Exercising your rights is free of charge, and we will respond within the timeframe required by law.

Information We Collect

Information You Provide to Us: We collect personal information that you voluntarily provide to us when using our Services or contacting us. This may include your name, email address, contact details, organization name, payment information (if you are our client), or any other information you choose to give us. For example, if you fill out a form, sign up for an account, or correspond with us, you will be providing personal data that we will collect and use in accordance with this Policy. All personal information that you provide to us should be true, complete, and accurate, and you should notify us of any changes to such personal information.

Information Collected Automatically: When you interact with our website or platform, we automatically collect certain technical information about your device and usage of the Services. This information does not reveal your identity (it typically does not include your name or contact info) but may include data such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, general location, and information about how and when you use our website or Services. We collect this information to better understand how our users access our Services, to maintain security, and to improve performance. Like most businesses, we also use cookies and similar tracking technologies to collect some of this information (see Cookies and Tracking Technologies below).

No Collection of Sensitive Data: As noted above, we do not knowingly collect or process any sensitive personal information such as data about your health, ethnicity, religious or political beliefs, genetic or biometric data, or sexual orientation. Please refrain from providing such sensitive data to us.

Information from Third Parties: We generally do not obtain personal information about you from third-party sources. We do not purchase marketing lists or aggregate data from data brokers. In some cases, if you engage with us on external platforms (for example, by interacting on our social media pages), we might receive basic profile information via those platforms, but only in accordance with your settings on those services. Any such third-party data is handled with the same care as data you provide directly.

Personal Data of Minors: We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of a minor who is using our Services with your consent. If we learn that personal information from a user under the age of 18 has been collected, we will deactivate the account (if any) and promptly delete such data from our records. If you become aware of any personal data we have collected from children under 18, please contact us so that we can take appropriate action to remove that information.

How We Use Personal Information

Purpose of Collection and Use: We process the personal information we collect for a variety of legitimate business purposes. In general, we use your information to provide, maintain, and improve our Services and to communicate with you. For example, we use personal data to:

• Provide Services: Fulfill our contractual obligations to you or your organization, such as setting up your access to our platform, delivering consulting or AI services, and providing customer support.

• Improve and Develop Services: Understand how users interact with our website/platform, troubleshoot issues, perform data analysis and testing, and develop new features or services.

• Communication: Send administrative information, respond to inquiries, provide updates, and inform you about changes to our terms, services, or policies. We may also send marketing or promotional communications if you have subscribed to them (you can opt out at any time).

• Security and Fraud Prevention: Ensure the security and integrity of our Services by monitoring for fraudulent or suspicious activity, preventing misuse, and enforcing our Terms of Use.

• Legal Compliance: Comply with applicable legal and regulatory requirements, such as financial record-keeping, honor data subject rights requests, or respond to lawful requests by public authorities.

We will only process your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will notify you and obtain your consent or ensure another legal basis, as required by law.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies (like web beacons and pixels) to access or store information when you use our website. Cookies are small text files that websites place on your device to store data that can be recalled by the web server in the domain that set the cookie. These technologies help us recognize you as a returning visitor, measure the effectiveness of campaigns, and improve our Services.

For example, we may use essential cookies to enable core site functionality, analytics cookies to understand site usage and improve our content, and marketing cookies to manage and display more relevant advertisements (if we run advertising). You have the ability to accept or reject cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. Please note that if you delete or disable cookies, some features of our site may not function properly. For more details on how we use cookies and how you can manage your preferences, please see our Cookie Policy (if available) or contact us for more information.

Data Sharing and Disclosure

We do not sell your personal information to third parties. However, we may share or disclose the information we collect in the following situations, and always in accordance with applicable law:

• Service Providers: We may share personal data with third-party companies and individuals that perform services on our behalf. For example, this includes IT hosting providers, cloud storage services, analytics services, email service providers, payment processors, and other vendors who assist us in operating the Services or conducting our business. These service providers are contractually obligated to handle data in compliance with this Privacy Policy and to only use it as necessary to perform services for us.

• Business Transfers: If we undergo a business transaction such as a merger, acquisition, reorganization, or sale of some or all of our assets, your personal information may be transferred as part of that deal. We will ensure any such transfer is subject to appropriate confidentiality and security measures.

• Affiliates: We may share your information with our affiliate or subsidiary companies (if any) that are under common ownership or control, in which case we will require them to honor this Privacy Policy.

• Legal Obligations: We may disclose your information if we are required to do so by law or in response to valid requests by public authorities (e.g., a subpoena, court order, or government demand). We may also disclose personal data if we believe in good faith that such action is necessary to comply with legal obligations, protect and defend our rights or property, prevent fraud, act in urgent circumstances to protect the personal safety of users, or as evidence in litigation in which we are involved.

• With Your Consent: In cases where you have explicitly consented to some form of sharing, we will share your information accordingly. For instance, if you request that we introduce you to a partner company or integrate a third-party service, we will share data with those parties at your direction.

We strive to limit the personal information we share and disclose to only what is reasonably necessary for each purpose. Whenever we share data with service providers or other third parties, we implement appropriate contractual and technical safeguards to protect your information.

International Data Transfers

Narrowpath Strategies S.L. is based in Spain, and our website servers and operations are primarily located in the European Union. However, the personal information that we collect from you may be transferred to, and processed in, countries other than your own. This can happen, for example, if our service providers (cloud hosting, email delivery services, etc.) are located outside of your country. If you are accessing our Services from outside the EU/EEA, be aware that your information may be transferred to and stored on servers in the EU, and possibly processed in other countries that may not have privacy laws as comprehensive as those in your jurisdiction.

Whenever we transfer your personal information internationally, especially outside of the European Economic Area (EEA) or other regions with data protection laws, we will take appropriate measures to ensure your personal data remains protected. Specifically, for transfers from the EEA or UK to countries not deemed “adequate” by EU law, we implement safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) or rely on another lawful transfer mechanism. These SCCs contractually require the recipient to protect EEA/UK personal data in accordance with European data protection standards. We will also put in place technical and organizational measures as needed (for example, encryption or pseudonymization of data) and will only transfer the minimum data necessary.

If you would like more information about our international data transfer practices or a copy of the SCCs we use, you may contact us using the information provided at the end of this Policy.

Data Security

We are committed to protecting the security of your personal information. We implement a variety of security measures, including physical, technical, and administrative safeguards, designed to protect your data from unauthorized access, use, or disclosure. For example, we use encrypted connections (TLS/SSL) for data transmission on our site, maintain up-to-date firewall and intrusion detection systems, and restrict access to personal data to only those employees or agents with a need to know.

However, please keep in mind that no method of transmission over the Internet, or method of electronic storage, is completely secure. Despite our efforts to protect your information, we cannot guarantee absolute security. No security system is impenetrable – thus, we cannot promise that your information will remain secure in all circumstances, especially against sophisticated cyber attacks or unforeseen system vulnerabilities. You should also take steps to protect yourself online, such as choosing a strong password for any account and keeping your login credentials confidential. If you believe that the security of your account or data has been compromised, please contact us immediately. We will notify you and the appropriate authorities of a data breach if required by law.

Data Retention

We will retain your personal information only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. In general, this means we keep your data for as long as you have an account with us or as long as needed to provide you with the Services or to administer our contractual relationship with you. If you close your account or it expires, or if we have collected your data for a specific limited purpose, we will either delete or anonymize your information or, if that is not immediately feasible (for example, because the data is stored in backup archives), securely store your information and isolate it from any further use until deletion is possible.

We may also retain certain information for longer if necessary to comply with our legal obligations (such as tax or audit requirements), resolve disputes, and enforce our agreements. The exact duration we retain data can vary depending on the type of information and the reason it was collected. If you would like more detail about our retention periods for specific categories of data, you may contact us.

Your Privacy Rights

Depending on your country or region, you have certain rights under applicable data protection laws regarding the personal data we hold about you. These rights may include:

• Right of Access: You have the right to request confirmation of whether we process personal information about you, and if so, to request a copy of that personal information, along with certain details about how we use and share it.

• Right of Rectification: You have the right to request that we correct or update any inaccurate or incomplete personal information we hold about you.

• Right to Erasure: You have the right to request deletion of your personal information, also known as the “right to be forgotten,” under certain circumstances (for example, if the data is no longer necessary for the purposes it was collected, or you withdraw consent and no other legal basis for processing exists).

• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information under certain conditions, such as while we verify or investigate your concerns about accuracy or legitimate grounds.

• Right to Data Portability: If applicable, you have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format, and to have that data transmitted to another controller, where technically feasible.

• Right to Object: In certain circumstances (for instance, if we are processing your data based on legitimate interests or for direct marketing), you have the right to object to the processing of your personal information.

We will honor all data subject rights to the extent required by law and will respond to your requests within the timeframes established by applicable regulations. Please note that these rights are not absolute – there are exceptions and limitations. For example, we may not be able to delete all of your data if we are legally required to keep it, or we may decline a request to access data if doing so would infringe on another person’s privacy. If we deny your request, we will explain the reasons, as permitted by law.

Exercising Your Rights: You can exercise any of the rights mentioned above by contacting us via email at contact@nrpath.ai or using any other contact method provided in this Policy. We may need to verify your identity (for example, by asking you to provide information to confirm it’s you) before fulfilling certain requests, especially for access, deletion, or data portability, to ensure that your information is protected from unauthorized access. There is no fee for making such requests unless they are manifestly unfounded or excessive. We will notify you if we determine a request warrants a fee or if we need additional information to process your request.

Complaints to Authorities: If you are located in the European Economic Area (EEA) or the United Kingdom (UK) and believe that we are unlawfully processing your personal information, you have the right to lodge a complaint with your local data protection supervisory authority. You can find the contact details of the supervisory authorities in the EEA at the following link: (this is an official EU website listing Data Protection Authorities by country). If you are in the UK, you can contact the UK Information Commissioner’s Office (ICO). If you are located in Switzerland, you may contact the Swiss Federal Data Protection and Information Commissioner.

We would, however, appreciate the chance to address your concerns before you approach a regulator. So please feel free to contact us first, and we will do our best to resolve your issue.

Withdrawing Your Consent: In cases where we are processing your personal information based on your consent, you have the right to withdraw your consent at any time. You can do this by contacting us at contact@nrpath.ai and specifying which consent you are withdrawing (for example, consent to receive marketing emails). Once we have received notification that you withdraw your consent, we will cease processing your information for that purpose, unless we have another legitimate basis to continue under applicable law. Please note that withdrawing consent will not affect the lawfulness of any processing we carried out before you withdrew consent. Additionally, if you withdraw consent for certain essential uses of your data (such as for providing the core service), we may not be able to continue providing you with some features of the Services.

Opting Out of Marketing Communications: If you have signed up to receive our newsletter or other marketing communications, you can opt out at any time. To unsubscribe, simply click the “unsubscribe” link in any promotional email we send, or email us at contact@nrpath.ai with your request. Once you opt out, we will remove you from our marketing lists. Please note that even after you opt out of marketing, we may still send you non-promotional messages – for example, service-related announcements, account notifications, or responses to your direct inquiries – as these are not marketing communications but part of our Service relationship with you.

Account Information and Deletion: If you maintain an account with us, you have the ability to review and update certain personal information within the account settings. If you would like to delete or deactivate your account, you may do so through the account settings if that option is available, or by sending a request to us at contact@nrpath.ai. Upon your request to terminate your account, we will deactivate or delete your account and remove your personal information from active databases. However, please note that we may retain certain information in our files after account deletion, as needed to comply with legal obligations, resolve disputes, or enforce our agreements. We will securely isolate and protect any information we retain for such purposes and will delete it when no longer required.

Third-Party Accounts and Social Logins

Our Services may allow you to register an account or log in using third-party credentials (for example, signing in with Google, Facebook, or other social networks), or otherwise integrate with third-party services. If you choose to register or log in through a third-party platform, we will receive certain profile information about you from that platform with your permission. For instance, if you use a social media login, the information we receive may include your name, email address, and any other information you have chosen to make public on that platform (such as your profile picture). The exact data we receive depends on the third-party provider and your settings with them.

We will use the information obtained from these third-party accounts only for the purposes described in this Privacy Policy or that are otherwise made clear to you at the time. Importantly, we do not control and are not responsible for how these third-party providers handle your personal data. Your interactions with those services are governed by the privacy policy of the third-party provider. We recommend reviewing the privacy settings and policies of any third-party service you use to log in to our Services, so you understand how they collect and share your information.

If at any time you wish to disconnect a third-party account from our Services, you can do so in your account settings (if available) or by contacting us for assistance. Keep in mind that if you revoke our access to the third-party account, we may lose the ability to authenticate you and you might have to set a new password or use another login method for our Services.

Updates to this Privacy Policy

We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. The updated version will be indicated by an updated “Last Updated” date at the top of this Policy, and the new policy will be effective as soon as it is posted on our website. If we make material changes to this Policy, we will take appropriate measures to inform you in advance, consistent with the significance of the changes. For example, we may prominently post a notice on our website or notify you via email (if we have your email on file) explaining the updates. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Contact Us

If you have any questions, concerns, or comments about this Privacy Policy or our data practices, we encourage you to contact us. You can reach us by email at contact@nrpath.ai, or by post at the address below:

Narrowpath Strategies S.L.
Calle Laguna Negra, 2
28905 Getafe, Madrid
Spain

Telephone: +34 632 982 259

Narrowpath Strategies S.L. (NIF: B22870281) is the data controller responsible for the processing of your personal information as described in this Policy. We will be happy to answer your questions or address any concerns you may have about your personal data.