1. Controller
SUCOSTRUCT S.A.S. B.I.C., RUC 0990348675001, domiciled at Urb. San Sebastián, La Aurora, Daule, Ecuador, is the controller of personal data processed through KAIRON, the g-structure.co website, and related services, in accordance with Ecuador's Organic Law on Personal Data Protection and its Regulation.
2. Data we process
- Identification and account data: name, email, encrypted/hashed password, contact number, country, language, billing region, and support communications.
- Usage data: completed modules, dates, frequency, sessions, preferences, technical events, interactions with Scanner, Filter, Workshop, Programs, and Night Mode.
- Data provided by the User: texts, responses, reflections, goals, frictions, execution patterns, professional context, and other content entered voluntarily.
- Sensitive data: information that may reveal aspects of emotional, psychological, or mental state, behavioral patterns, voice/audio, or data inferred from interactions. This data is processed only with explicit, free, specific, informed, and independent consent.
- Payment data: we do not store full card numbers. Paddle processes payments as Merchant of Record and provides us with necessary subscription, plan, status, receipt, and tax-region metadata.
- Technical data: IP, device, browser, operating system, logs, session identifiers, notification tokens, cookies, and diagnostic data.
3. Purposes
To create and administer accounts; provide the Service; generate responses and reframes; maintain memory between sessions when enabled by the User; process payments; prevent fraud; provide support; send operational communications; improve the Service in aggregated or anonymized form; comply with legal, tax, accounting, and consumer obligations; manage security; and respond to data-subject rights requests.
4. Legal bases
We use consent for sensitive data, voice, personalized memory, non-essential communications, and analytics that are not strictly necessary when applicable.
We use contractual necessity to create accounts, provide the Service, and manage subscriptions.
We use legal obligation for tax and accounting retention, consumer defense, authority requests, and regulatory compliance.
We use legitimate interest in a limited manner for security, fraud prevention, technical logs, aggregated improvement, and rights defense, without using it as the main basis for sensitive data.
5. Sensitive data and separate consent
The User must accept a separate consent before KAIRON processes sensitive data, memory between sessions, or voice. Refusing or withdrawing that consent may limit essential personalization features, but it will not affect the lawfulness of processing carried out before withdrawal.
6. AI and automated processing
KAIRON uses AI models to generate responses, reframes, and non-clinical classifications. These outputs do not produce legal effects and do not determine rights, benefits, employment, credit, insurance, or access to essential services. The User may ignore them and request reasonable information or human review regarding the processing of their data.
7. Processors, providers, and third parties
We share data only when necessary with infrastructure, AI, payment, support, notification, analytics providers, professional advisors, authorities, or corporate successors.
Expected providers include AWS/Amazon Bedrock or successor technologies; Paddle for payments; Intercom for support; push-notification services through Web Push (VAPID) and, when active, WhatsApp Business; and analytics tools if activated and consented to when applicable.
We will require agreements, conditions, or reasonable measures so processors process data according to instructions, confidentiality, security, and authorized purposes.
8. International transfers
Data may be processed outside Ecuador, including in the United States or other jurisdictions where providers operate. SUCOSTRUCT will apply mechanisms permitted by the LOPDP and its Regulation, such as adequacy decisions, appropriate safeguards, contractual clauses, processor agreements, explicit consent when necessary, or applicable legal exceptions.
9. Retention
We retain data while the account is active and for the time necessary to provide the Service, comply with legal obligations, resolve disputes, prevent fraud, and defend rights. Billing records may be retained for applicable tax/accounting periods. Sensitive data will be deleted or anonymized when the User deletes the account or withdraws consent, unless a superior legal retention obligation applies.
10. Security
We apply technical and organizational measures proportionate to risk: encryption in transit, access controls, segregation of duties, reputable providers, security records, minimization, backups, and reasonable monitoring. No system is absolutely secure. In case of a breach that creates relevant risk, we will notify the competent authority and affected data subjects according to the LOPDP.
11. Data-subject rights
The User may exercise rights of access, rectification, update, deletion, objection, portability, suspension, limitation, withdrawal of consent, and other rights recognized by the LOPDP and the Constitution. To exercise them, write to privacy@g-structure.co. SUCOSTRUCT will verify identity and respond within the applicable legal deadlines.
12. Minors
The Service is not directed to people under 18 years old. If we detect accidental processing of a minor's data, we will delete the account and associated data to the extent possible, unless a legal obligation applies.
13. Cookies
The use of cookies and similar technologies is described in the Cookie Policy. We do not use cookies for third-party behavioral advertising unless published and valid consent is obtained when applicable.
14. Complaints
The User may file complaints with Ecuador's Personal Data Protection Superintendence, without prejudice to other administrative, constitutional, or judicial remedies.
15. Contact
Privacy and data rights: privacy@g-structure.co. Support phone: +59398-687-5121. Controller: SUCOSTRUCT S.A.S. B.I.C., RUC 0990348675001, Urb. San Sebastián, Torre B, Dpto. 202, La Aurora, Daule, Ecuador.
Legal sources and criteria used
- Ecuador Organic Law on Personal Data Protection, Official Registry Fifth Supplement No. 459, May 26, 2021.
- General Regulation to the Organic Law on Personal Data Protection, Executive Decree No. 904, 2023.
- Ecuador Organic Consumer Defense Law, especially amended Article 45 on returns/exchanges within fifteen (15) days.
- Ecuador Electronic Commerce, Electronic Signatures and Data Messages Law, Law 67, Official Registry Supplement 557, April 17, 2002.
- Organic Code of the Social Economy of Knowledge, Creativity and Innovation (Código Ingenios).
- Public guidelines from Ecuador's Personal Data Protection Superintendence on risk management, impact assessment, and privacy by design and by default.
Privacy and data-rights requests: privacy@g-structure.co. Support phone: +59398-687-5121.
Back to home