Woman & Business

Legal

Privacy & Cookies

Last updated: 7 June 2026

This policy is provided for informational purposes. It does not constitute legal advice. We recommend consulting a qualified professional if you need legal guidance specific to your situation.

1. Data Controller

The data controller is María Cudeiro, reachable at cudeiromaria@gmail.com. This site operates under the brand Woman & Business at mariacudeiro.com.

2. What We Collect and Why

  • Newsletter subscription — your email address and, optionally, first name. Collected when you subscribe via the sign-up form. We use a double opt-in flow: you receive a confirmation email and must click to confirm before you are added to the list. We also record the UTM source so we can understand where subscribers come from. Legal basis: consent.
  • Contact form — name, email address and your message. Used solely to reply to your enquiry. Legal basis: consent / legitimate interest.
  • Account registration — email address (and optionally name) if you create a member account to access exclusive content. Legal basis: contract performance / consent.
  • Analytics — Vercel Web Analytics collects cookieless, aggregate page-view data (no personal identifiers, no cross-site tracking). Google Analytics may be added in the future; if so, it will only be enabled after obtaining your explicit consent via a cookie banner.

3. Data Processors

We use the following third-party processors:

  • Supabase (supabase.com) — database and authentication hosting. Subscriber records, account data and contact form submissions are stored here.
  • Resend (resend.com) — transactional and newsletter email delivery.
  • Vercel (vercel.com) — hosting, edge infrastructure and cookieless Web Analytics.
  • Google (google.com) — Google Analytics, if and when enabled with consent.

Each processor is bound by its own data processing terms and applicable law.

4. Retention

Newsletter subscriber data is kept for as long as you remain subscribed. After unsubscribing we delete or anonymise your record within 30 days. Contact form data is retained only as long as necessary to handle your enquiry. Account data is kept until you request deletion.

5. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR) and, where applicable, the Spanish LOPDGDD, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data (“right to be forgotten”).
  • Objection — object to processing based on legitimate interests.
  • Portability — receive your data in a structured, machine-readable format.
  • Withdraw consent — at any time, without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, send an email to cudeiromaria@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with the Spanish data protection authority (AEPD, aepd.es).

6. Cookies

  • Session / authentication cookie — set by Supabase Auth when you log in. It is strictly necessary to keep you signed in and expires when your session ends. No consent required.
  • Vercel Web Analytics — cookieless by design; no cookie is set and no personal data is collected.
  • Google Analytics — not currently active. If enabled, it will only run after you have given explicit consent via a cookie banner.

7. Changes to This Policy

We may update this policy to reflect changes to our practices or legal requirements. Material changes will be indicated by a new “Last updated” date at the top of the page.