Hosting and analytics. Data processed in the EU via the cdg1 Paris region where possible.
Public page requests, server logs, anonymised analytics events.
Privacy policyPrivacy Policy
HARNEXA public surfaces default to browser-local scoring, synthetic demos, and founder-reviewed handoffs. This page maps what stays local, what is stored only with consent, and which processors touch each surface.
Last updated: 21 June 2026
The buyer journey is intentionally narrow: score readiness, inspect proof, attach context, then request founder review. Storage is visible and consented.
Browser-local score, maturity band, and recommended path.
Nothing is stored unless the visitor sends a consented result packet.
Default public use
readiness score, recommended path, company, work email, role, workflow, and commerce stack.
Supabase readiness_submissions insert-only table with no public readback.
Explicit consent checkbox and Send result action
Name, email, selected offer, attached proof context, role, workflow, and message.
Prepared in the visitor email client and founder inbox; no hidden public form database.
Request diagnostic action
Synthetic account, proposed action, audit trail, CLEAR baseline, and proof packet context.
Browser copy/download and URL handoff parameters only.
Inspect proof, copy packet, or carry context into booking
Analytics data - anonymised page views and interaction events via Vercel Analytics. No cookies are set; no personal identifiers are stored.
Aggregate website performance and conversion baseline.
Page view or public CTA interaction
HARNEXA can demonstrate governed commerce workflows publicly, but the public site is not an execution surface. Client systems require signed scope, explicit credentials, private runtime controls, and human approval gates.
Processor exposure stays proportional to the route. The public site uses hosting and analytics infrastructure; consented readiness packets use Supabase; private runtime systems stay token-gated and out of the public journey.
Public page requests, server logs, anonymised analytics events.
Privacy policyOnly explicit PRISM packet fields when the visitor sends them.
Privacy policySynthetic demo/runtime telemetry unless a signed client scope authorises more.
Privacy policyThe following legal notice covers the personal data HARNEXA may process when you use the site, send a PRISM packet, or contact HARNEXA.
HARNEXA AI is a governed agentic deployment studio operated by Raul Rausell, based in Catalonia, Spain (EU). Contact: raul@harnexa.ai.
We collect minimal data to operate this website and respond to inquiries:
Inquiry correspondence is retained for up to 24 months unless a longer period is required by applicable law or you request deletion. Consented PRISM readiness packets are reviewed as founder pipeline evidence and can be deleted on request. Anonymised analytics aggregates are retained indefinitely. Server logs are retained for 30 days.
cdg1 (Paris) region where possible. Vercel Privacy Policy.Under GDPR you have the right to access, rectify, erase, restrict processing of, and port your personal data. You also have the right to object to processing based on legitimate interest. To exercise any right, email raul@harnexa.ai. We will respond within 30 days.
We prefer EU-resident infrastructure. Where data is transferred outside the EEA, for example by third-party processors, transfers are covered by Standard Contractual Clauses or an adequacy decision.
You have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD) at aepd.es.
We may update this policy. The last updated date at the top reflects the most recent revision. Material changes will be communicated via the site banner.
This is a technical summary. Consult qualified legal counsel for a complete GDPR compliance assessment.