Privacy Policy

Sustainlabs AI S.A. de C.V.

Last Updated: January 13, 2026

Introduction

Sustainlabs AI S.A. de C.V. ("Sustainlabs," "we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.sustainlabs.ai and use our services.

As a company lawfully constituted in Mexico, we comply with the Mexican Federal Law on Protection of Personal Data Held by Private Parties (Ley Federal de Protección de Datos Personales en Posesión de los Particulares, "LFPDPPP"), as well as applicable data protection laws in the jurisdictions where we operate and where our clients are located, including but not limited to the European Union's General Data Protection Regulation (GDPR), Brazil's Lei Geral de Proteção de Dados (LGPD), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and the California Consumer Privacy Act (CCPA).

Key Points:

  • ✓ We only collect information you voluntarily provide through our contact form
  • ✓ Your personal data is not transferred outside our organization
  • ✓ We use industry-standard security measures to protect your data
  • ✓ You have the right to access, correct, delete, and object to the processing of your data
  • ✓ We do not sell your personal information

1. Data Controller

The data controller responsible for your personal data is:

Sustainlabs AI S.A. de C.V.
Mexico City, Mexico
Email: juan@sustainlabs.ai

For any questions, requests, or concerns regarding the processing of your personal data, please contact us at the email address provided above.

2. Information We Collect

2.1 Information You Provide Directly

When you submit our contact form on the website, we collect the following information:

  • First Name and Last Name: To identify you and personalize our communications
  • Email Address: To respond to your inquiry and send you requested information
  • Company Name: To understand your organizational context
  • Job Title: To better understand your role and needs
  • Job Function: To tailor our services to your specific area of work
  • Interest: To understand whether you're interested in our platform, consulting services, or both
  • Message: Any additional information you choose to share with us

2.2 Information Collected Automatically

When you visit our website, we may automatically collect certain technical information, including:

  • Log Data: IP address, browser type and version, time zone setting, operating system, and platform
  • Usage Data: Information about how you interact with our website, including pages visited, time spent on pages, and links clicked
  • Device Information: Device type, unique device identifiers, and mobile network information

This information is collected through standard server logs and is used solely for website operation, security, and improvement purposes.

2.3 Cookies and Similar Technologies

Our website uses essential cookies necessary for the website to function properly. We do not use tracking cookies or third-party advertising cookies. You can control cookies through your browser settings.

3. How We Use Your Information

We use the personal data we collect for the following purposes:

3.1 Primary Purposes

  • Respond to Inquiries: To reply to your questions, requests, and provide information about our services
  • Service Delivery: To provide, maintain, and improve our sustainability consulting and platform services
  • Business Communication: To send you information about our services, updates, and relevant sustainability industry insights
  • Customer Relationship Management: To manage and develop our business relationship with you and your organization

3.2 Secondary Purposes

  • Analytics and Improvement: To analyze website usage and improve our services, user experience, and website functionality
  • Security: To protect our website, services, and users from fraud, security threats, and unauthorized access
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests
  • Business Operations: To conduct internal business operations, including audits, data analysis, and research

3.3 Legal Basis for Processing

We process your personal data based on one or more of the following legal grounds:

  • Consent: You have provided explicit consent for us to process your personal data for specific purposes when you submit our contact form
  • Legitimate Interest: Processing is necessary for our legitimate business interests, such as responding to inquiries, improving our services, and ensuring website security
  • Legal Obligation: Processing is necessary to comply with legal obligations under Mexican law and other applicable jurisdictions
  • Contract Performance: Processing is necessary to perform a contract with you or to take steps at your request before entering into a contract

4. Data Sharing and Disclosure

4.1 No Sale of Personal Information

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4.2 Internal Access

Your personal data is accessed only by authorized Sustainlabs employees and contractors who need the information to respond to your inquiry or provide services. All personnel with access to personal data are bound by confidentiality obligations.

4.3 Service Providers

We use select third-party service providers to help us operate our business and website, including:

  • Cloud Infrastructure Providers: Amazon Web Services (AWS) for website hosting and database storage
  • Email Services: To send and receive business correspondence

These service providers are contractually obligated to protect your personal data and use it only for the specific purposes we have authorized. We ensure that all service providers comply with applicable data protection laws and maintain appropriate security measures.

4.4 Legal Disclosures

We may disclose your personal information if required to do so by law or in response to valid requests by public authorities, including to meet national security or law enforcement requirements, or to:

  • Comply with legal processes or government requests
  • Enforce our terms and conditions or other agreements
  • Protect the rights, property, or safety of Sustainlabs, our users, or others
  • Detect, prevent, or address fraud, security, or technical issues

4.5 No International Data Transfers

Important: We do not transfer your personal data outside of Sustainlabs AI S.A. de C.V. or to entities in other countries. All data processing occurs within our organization and our service providers' infrastructure located in regions with adequate data protection standards.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal and regulatory requirements.

5.1 Retention Periods

  • Contact Form Data: Retained for up to 3 years from the date of submission or last contact, whichever is later
  • Client Data: Retained for the duration of the business relationship plus 7 years as required by Mexican tax and commercial law
  • Website Logs: Retained for up to 12 months for security and operational purposes
  • Email Communications: Retained for up to 5 years for business and legal purposes

5.2 Deletion

After the retention period expires, or if you request deletion of your data (and we are not legally required to retain it), we will securely delete or anonymize your personal information so that it can no longer be associated with you.

6. Your Data Protection Rights

You have the following rights regarding your personal data, which you can exercise by contacting us at juan@sustainlabs.ai:

6.1 Universal Rights (Applicable to All Users)

  • Right to Access: You can request a copy of the personal data we hold about you
  • Right to Rectification: You can request that we correct inaccurate or incomplete personal data
  • Right to Deletion: You can request that we delete your personal data, subject to legal retention requirements
  • Right to Object: You can object to the processing of your personal data for certain purposes, including direct marketing
  • Right to Restrict Processing: You can request that we limit how we use your personal data in certain circumstances
  • Right to Data Portability: You can request that we provide your data in a structured, machine-readable format
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw your consent at any time

6.2 Additional Rights for Specific Jurisdictions

For European Union Residents (GDPR)

  • Right to lodge a complaint with a supervisory authority
  • Right not to be subject to automated decision-making, including profiling

For California Residents (CCPA/CPRA)

  • Right to know what personal information is collected, used, shared, or sold
  • Right to opt-out of the sale of personal information (Note: We do not sell personal information)
  • Right to non-discrimination for exercising privacy rights

For Brazilian Residents (LGPD)

  • Right to information about the possibility of denying consent and its consequences
  • Right to information about shared use of data

For Canadian Residents (PIPEDA)

  • Right to challenge the accuracy and completeness of your information
  • Right to file a complaint with the Privacy Commissioner of Canada

For Mexican Residents (LFPDPPP)

  • Rights of Access, Rectification, Cancellation, and Opposition (ARCO Rights)
  • Right to revoke consent for data processing

6.3 How to Exercise Your Rights

To exercise any of these rights, please send an email to juan@sustainlabs.ai with the subject line "Data Privacy Request" and include:

  • Your full name and email address
  • A description of the right you wish to exercise
  • Any relevant details or documentation to help us process your request

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request to ensure the security of your personal data.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

7.1 Security Measures

  • Encryption: Data transmission is encrypted using industry-standard SSL/TLS protocols (HTTPS)
  • Access Controls: Strict access controls limit who can view and process personal data
  • Secure Storage: Data is stored in secure, enterprise-grade cloud infrastructure with encryption at rest
  • Regular Audits: We conduct regular security assessments and audits of our systems and practices
  • Employee Training: All employees receive data protection and security training
  • Incident Response: We maintain incident response procedures to address potential security breaches

7.2 Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.

8. Email Communications

8.1 Types of Emails

We send the following types of email communications:

  • Transactional Emails: Responses to your inquiries, confirmation messages, and service-related communications
  • Marketing Emails: Information about our services, sustainability insights, and relevant industry updates (only with your consent)

8.2 Email Management

Frequency: We send transactional emails as needed to respond to inquiries. Marketing emails are sent no more than once per month, unless you have opted in to receive more frequent communications.

Recipient Lists: We maintain our recipient lists internally and only send emails to individuals who have:

  • Submitted our contact form
  • Provided explicit consent to receive marketing communications
  • Have an existing business relationship with us

8.3 Unsubscribe

You can unsubscribe from marketing emails at any time by:

  • Sending an email to juan@sustainlabs.ai with "Unsubscribe" in the subject line
  • Replying to any marketing email and requesting to be removed from our mailing list

We will process your unsubscribe request within 10 business days. Note that you may still receive transactional emails related to ongoing business matters even after unsubscribing from marketing communications.

8.4 Bounce and Complaint Management

We monitor email bounces and complaints to maintain the quality of our email communications:

  • Hard Bounces: Email addresses that hard bounce (permanently undeliverable) are automatically removed from our mailing lists
  • Soft Bounces: Temporary delivery failures are retried for up to 3 attempts, after which the email address is removed
  • Complaints: If you mark our email as spam, we immediately remove you from our mailing list and investigate the issue

9. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at juan@sustainlabs.ai, and we will promptly delete such information from our systems.

10. Third-Party Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to read the privacy policies of any third-party websites you visit.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other operational reasons. The "Last Updated" date at the top of this policy indicates when it was last revised.

If we make material changes to how we collect, use, or share your personal data, we will notify you by:

  • Posting a prominent notice on our website
  • Sending an email to the address you provided (if applicable)
  • Updating the "Last Updated" date

We encourage you to review this Privacy Policy periodically. Your continued use of our services after we post changes constitutes your acceptance of those changes, where permitted by law.

12. Complaints and Dispute Resolution

12.1 Internal Complaints

If you have concerns about how we handle your personal data, please contact us at juan@sustainlabs.ai. We will investigate and respond to your complaint within 30 days.

12.2 Supervisory Authorities

You also have the right to lodge a complaint with the relevant data protection supervisory authority:

  • Mexico: Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI)
  • European Union: Your local Data Protection Authority
  • Brazil: Autoridade Nacional de Proteção de Dados (ANPD)
  • Canada: Office of the Privacy Commissioner of Canada
  • California: California Attorney General's Office

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Sustainlabs AI S.A. de C.V.

Email: juan@sustainlabs.ai

Website: www.sustainlabs.ai

Response Time: We aim to respond to all privacy-related inquiries within 5 business days.

14. Governing Law

This Privacy Policy is governed by the laws of Mexico. Any disputes arising from or relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Mexico City, Mexico, without prejudice to your rights under applicable data protection laws in your jurisdiction.

15. Consent and Acknowledgment

By submitting our contact form or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. You consent to the collection, use, and processing of your personal data as described in this policy.

If you do not agree with this Privacy Policy, please do not use our website or submit your personal information to us.