Privacy Policy
Last updated: December 2025
This Privacy Policy describes how Diga Agentes S.L., with tax ID B24778862 (hereinafter, “Diga,” “the Company,” or “we”) processes the personal data of users who access and use the platform and the services available at diga.io, its subdomains, and associated applications (hereinafter, the “Services”).
Diga complies with Spanish and European data protection regulations, including:
Regulation (EU) 2016/679 (GDPR)
Organic Law 3/2018 (LOPDGDD)
By using the Services, the User declares that they have read and understood this Policy.
1. Data Controller
The controller of the personal data is:
Diga Agentes S.L.
Address: Blvr. Louis Pasteur, 47, 110 Campanillas, 29010 Málaga
Email: contact@diga.io
2. Data processed
Depending on how the Services are used, we may process the following categories of data:
2.1. Account and registration data
First and last name
Email address
Encrypted password
2.2. Data generated through the use of the Services
Configurations and workflows created by the User
Files, text, or information entered into the platform
AI-generated content
Data associated with automations, integrations, and APIs
2.3. Communication data
If telephony or messaging features are used:
Call metadata (date, duration, numbering)
Call audio, when the User enables recording
SMS or incoming and outgoing messages through integrations
2.4. Technical data
IP address
Device identifier
Activity log (logs)
Cookies (see separate Cookie Policy)
2.5. Support data
Messages sent to customer support
Information necessary to resolve issues
3. Purposes of processing
We process data to:
Provide the Services (agent creation, telephony, AI, etc.).
Manage the account and contractual relationship with the User.
Analyze Service use for maintenance, improvements, and abuse prevention.
Invoice and manage payments.
Provide technical support and resolve issues.
Ensure security, fraud detection, and misuse prevention.
Comply with legal obligations, especially in telecommunications, consumer law, and taxation.
Send operational communications, updates, or relevant changes.
We do not make automated decisions with legal effects based exclusively on profiling.
4. Legal basis for processing
The legal bases that justify processing are:
Performance of a contract (Art. 6.1.b GDPR): provision of the contracted service.
Compliance with legal obligations (Art. 6.1.c GDPR): tax, telecommunications, and security regulations.
Legitimate interest (Art. 6.1.f GDPR): fraud prevention, service improvement, network security.
Consent (Art. 6.1.a GDPR): call recording, non-technical cookies, and other voluntary operations.
5. Diga as processor
When the User enters personal data of third parties into the platform (customers, contacts, call interlocutors, chats, etc.), Diga acts as Data Processor, in accordance with Article 28 of the GDPR.
In that case:
The User is the Data Controller.
The User guarantees that they have obtained all necessary consent.
Diga will only process the data following the User's instructions.
A Data Processing Agreement (DPA) forms part of the Terms and Conditions.
6. Recipients of the data
Personal data may be shared with:
Technology providers necessary to provide the service (hosting, telephony, infrastructure, functional analytics, AI).
Financial institutions to manage payments.
Public authorities when there is a legal obligation.
Third parties integrated by the User, under their sole responsibility (CRMs, external tools).
All providers comply with the GDPR and have data processing agreements.
7. International transfers
We may use providers located outside the EEA.
In these cases, appropriate safeguards will apply:
European Commission adequacy decisions
Standard Contractual Clauses (SCCs)
Supplementary security measures
Diga will ensure a level of protection equivalent to that in Europe.
8. Data retention
Data will be retained:
While the account remains active.
For the mandatory legal periods, in tax, accounting, and telecommunications matters.
Usage data or logs: between 12 and 24 months, depending on the purpose.
Call recordings: according to the User's settings or up to 12 months by default (if the feature is enabled).
Thereafter, the data will be securely deleted or anonymized.
9. User rights
The User may exercise the following rights:
Access
Rectification
Erasure
Restriction of processing
Objection
Data portability
Withdraw consent when processing is based on it
To exercise them, send a request to: contact@diga.io
If you disagree, you may file a complaint with:
Spanish Data Protection Agency (AEPD)
www.aepd.es
10. Security
Diga applies appropriate technical and organizational measures to ensure data security, including:
Encryption in transit and at rest
Access controls
Intrusion detection systems
Internal audits
Redundancy and high availability protocols
However, no system is completely foolproof; the User must also protect their credentials and access.
11. Minors
The Services are not directed to minors under 18 years of age.
Diga does not intentionally collect information from minors.
12. Policy changes
We may update this Policy to reflect legal, technical, or operational changes.
We will notify relevant changes by email.
13. Contact
For privacy or data protection matters:
Diga Agentes S.L.
Address: Blvr. Louis Pasteur, 47, 110 Campanillas, 29010 Málaga
Email: contact@diga.io
Privacy Policy
Last updated: December 2025
This Privacy Policy describes how Diga Agentes S.L., with tax ID B24778862 (hereinafter, “Diga,” “the Company,” or “we”) processes the personal data of users who access and use the platform and the services available at diga.io, its subdomains, and associated applications (hereinafter, the “Services”).
Diga complies with Spanish and European data protection regulations, including:
Regulation (EU) 2016/679 (GDPR)
Organic Law 3/2018 (LOPDGDD)
By using the Services, the User declares that they have read and understood this Policy.
1. Data Controller
The controller of the personal data is:
Diga Agentes S.L.
Address: Blvr. Louis Pasteur, 47, 110 Campanillas, 29010 Málaga
Email: contact@diga.io
2. Data processed
Depending on how the Services are used, we may process the following categories of data:
2.1. Account and registration data
First and last name
Email address
Encrypted password
2.2. Data generated through the use of the Services
Configurations and workflows created by the User
Files, text, or information entered into the platform
AI-generated content
Data associated with automations, integrations, and APIs
2.3. Communication data
If telephony or messaging features are used:
Call metadata (date, duration, numbering)
Call audio, when the User enables recording
SMS or incoming and outgoing messages through integrations
2.4. Technical data
IP address
Device identifier
Activity log (logs)
Cookies (see separate Cookie Policy)
2.5. Support data
Messages sent to customer support
Information necessary to resolve issues
3. Purposes of processing
We process data to:
Provide the Services (agent creation, telephony, AI, etc.).
Manage the account and contractual relationship with the User.
Analyze Service use for maintenance, improvements, and abuse prevention.
Invoice and manage payments.
Provide technical support and resolve issues.
Ensure security, fraud detection, and misuse prevention.
Comply with legal obligations, especially in telecommunications, consumer law, and taxation.
Send operational communications, updates, or relevant changes.
We do not make automated decisions with legal effects based exclusively on profiling.
4. Legal basis for processing
The legal bases that justify processing are:
Performance of a contract (Art. 6.1.b GDPR): provision of the contracted service.
Compliance with legal obligations (Art. 6.1.c GDPR): tax, telecommunications, and security regulations.
Legitimate interest (Art. 6.1.f GDPR): fraud prevention, service improvement, network security.
Consent (Art. 6.1.a GDPR): call recording, non-technical cookies, and other voluntary operations.
5. Diga as processor
When the User enters personal data of third parties into the platform (customers, contacts, call interlocutors, chats, etc.), Diga acts as Data Processor, in accordance with Article 28 of the GDPR.
In that case:
The User is the Data Controller.
The User guarantees that they have obtained all necessary consent.
Diga will only process the data following the User's instructions.
A Data Processing Agreement (DPA) forms part of the Terms and Conditions.
6. Recipients of the data
Personal data may be shared with:
Technology providers necessary to provide the service (hosting, telephony, infrastructure, functional analytics, AI).
Financial institutions to manage payments.
Public authorities when there is a legal obligation.
Third parties integrated by the User, under their sole responsibility (CRMs, external tools).
All providers comply with the GDPR and have data processing agreements.
7. International transfers
We may use providers located outside the EEA.
In these cases, appropriate safeguards will apply:
European Commission adequacy decisions
Standard Contractual Clauses (SCCs)
Supplementary security measures
Diga will ensure a level of protection equivalent to that in Europe.
8. Data retention
Data will be retained:
While the account remains active.
For the mandatory legal periods, in tax, accounting, and telecommunications matters.
Usage data or logs: between 12 and 24 months, depending on the purpose.
Call recordings: according to the User's settings or up to 12 months by default (if the feature is enabled).
Thereafter, the data will be securely deleted or anonymized.
9. User rights
The User may exercise the following rights:
Access
Rectification
Erasure
Restriction of processing
Objection
Data portability
Withdraw consent when processing is based on it
To exercise them, send a request to: contact@diga.io
If you disagree, you may file a complaint with:
Spanish Data Protection Agency (AEPD)
www.aepd.es
10. Security
Diga applies appropriate technical and organizational measures to ensure data security, including:
Encryption in transit and at rest
Access controls
Intrusion detection systems
Internal audits
Redundancy and high availability protocols
However, no system is completely foolproof; the User must also protect their credentials and access.
11. Minors
The Services are not directed to minors under 18 years of age.
Diga does not intentionally collect information from minors.
12. Policy changes
We may update this Policy to reflect legal, technical, or operational changes.
We will notify relevant changes by email.
13. Contact
For privacy or data protection matters:
Diga Agentes S.L.
Address: Blvr. Louis Pasteur, 47, 110 Campanillas, 29010 Málaga
Email: contact@diga.io
Do you still have questions?
Do you still have questions?
If you can't find answers to your questions, contact us.
© 2026 Diga agentes SL
© 2026 Diga agentes SL