World Alerts Privacy Policy

Effective date: November 20, 2025
Last updated: January 2, 2026

This Privacy Policy describes how World Alerts (hereinafter, "World Alerts", "we", "us" or "our") collects, uses, and protects the personal data of users who access and use the website www.worldalerts.io and the associated platform (the "Service").

World Alerts provides a SaaS service for real-time global risk monitoring and is committed to processing personal data in compliance with Regulation (EU) 2016/679 (GDPR), Organic Law 3/2018 (LOPDGDD), and Law 34/2002 (LSSI-CE).

1. Data Controller

  • Trade name: World Alerts
  • Owner: Carlota Escolano Monreal (self-employed)
  • Tax ID: 26278587Y
  • Professional address: Calle Santa Catalina, 7, 28802, Alcalá de Henares, Madrid (Spain)
  • Contact email: team@worldalerts.io
  • Official website: www.worldalerts.io
  • Data Protection Officer (DPO): Given the current size of the company, no DPO has been appointed. For any data protection-related inquiries, you may contact the Data Controller directly at team@worldalerts.io.

2. Personal data we collect

a) Identification and contact data

Datos: First and last name, professional email address, phone number, company, job title or professional role, country of residence.

Finalidad: To manage inquiries, commercial communications, newsletters, support services, and the relationship with the user.

Base legal y conservación: Legal basis and retention: Active users during the contractual relationship + 6 years (tax obligations). Commercial contacts without conversion: 24 months from the last contact. Newsletter subscribers: until they unsubscribe.

b) Account and service usage data

Datos: Access credentials (email and encrypted password), geographic alert configuration and preferences, monitored countries, categories and locations, activity records (logs), feature usage, access dates and times.

Finalidad: To provide the Service, manage the free trial and subscription, deliver technical support, ensure account security, and improve the platform.

Base legal y conservación: Legal basis: Performance of a contract (Art. 6.1.b GDPR) and legitimate interest. Retention: for the duration of the account + 6 years (legal obligations).

c) Billing and transactional data

Datos: Name or company name, Tax ID/VAT number, billing address, payment-related information (processed by third parties), subscription and transaction history.

Finalidad: To manage payments, invoicing, and compliance with accounting, commercial, and tax obligations.

Base legal y conservación: Legal basis: Performance of a contract and compliance with legal obligations. Retention: 6 years from the last transaction (Spanish General Tax Law, Art. 70).

d) Technical and browsing data

Datos: IP address (anonymized where possible), browser type and version, operating system, device identifiers, pages visited, browsing times, referring page (referrer), and approximate geolocation.

Finalidad: To ensure security, prevent fraud, detect misuse, perform statistical analysis, improve user experience, maintain proper operation of the Service, and comply with legal log retention obligations.

Base legal y conservación: Legal basis: Legitimate interest (Art. 6.1.f GDPR), compliance with legal obligations (Art. 6.1.c GDPR), and consent (Art. 6.1.a GDPR) for non-essential analytics. Retention: security logs for 12 months; analytics data for 26 months.

e) Communication data

Datos: Content of emails, support chats, or contact forms, date, time, and type of inquiry.

Finalidad: To handle inquiries, provide technical support, and manage incidents.

Base legal y conservación: Legal basis: Performance of a contract (Art. 6.1.b GDPR) and legitimate interest (Art. 6.1.f GDPR). Retention: 5 years from resolution of the inquiry or termination of the contractual relationship.

3. How we collect data

  • Direct user interaction through forms, account creation, plan subscriptions, newsletter sign-ups, or communications.
  • Use of the Service and activity within the World Alerts platform.
  • Automated technologies such as cookies and similar technologies.
  • Third-party service providers for analytics, infrastructure, email, or billing.

4. Data retention

Personal data will be retained while a contractual or Service usage relationship exists, while the user maintains an active account, and for the periods required by applicable tax, accounting, or legal regulations. Commercial contact data that does not convert into customers will be retained for a maximum period of 24 months.

5. Data recipients and disclosure

World Alerts may share personal data with third-party service providers acting as data processors under agreements that ensure data confidentiality and security:

  • Technology service providers: cloud hosting, infrastructure, email tools, analytics, CRM, or billing services.
  • Payment service providers: to manage subscriptions and payments.
  • Public authorities: when legally required.

All providers operate under contracts that guarantee data confidentiality and security. Under no circumstances do we sell, rent, or disclose personal data to third parties for advertising purposes without explicit consent.

6. International data transfers

If personal data is transferred outside the European Economic Area (EEA), World Alerts will implement appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission or other legally recognized mechanisms. Some of our providers are located outside the EEA. In such cases, World Alerts applies the following safeguards in accordance with Art. 46 GDPR:

  • Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914).
  • European Commission adequacy decisions (where applicable).
  • Certifications such as the EU-U.S. Data Privacy Framework.

If you would like more information about the safeguards applied to a specific international transfer, you may contact us at team@worldalerts.io.

7. Users' rights

  • Access to personal data.
  • Rectification of inaccurate data.
  • Erasure of data.
  • Restriction of processing.
  • Objection to processing.
  • Data portability.
  • Withdrawal of consent at any time.

To exercise these rights, you may contact team@worldalerts.io. You also have the right to lodge a complaint with the competent supervisory authority.

8. How to exercise your rights

You may exercise your rights by sending an email to team@worldalerts.io indicating your full name, account email address, the right you wish to exercise, and attaching a copy of your identification document.

Response period: 1 month from receipt of the request (extendable by an additional 2 months in complex cases, with prior notification).

  • Right to lodge a complaint with the supervisory authority:

    If you believe that the processing of your personal data violates applicable regulations, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD): Website: https://www.aepd.es. Electronic office: https://sedeagpd.gob.es

9. Data security

World Alerts adopts reasonable technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or unlawful disclosure.

  • Data encryption: communications are carried out using secure HTTPS/TLS protocols, and passwords are stored using secure hashing algorithms such as bcrypt.
  • Access control: availability of two-factor authentication (2FA) and role-based access control (RBAC) for enterprise users.
  • Audits and activity logs: logging of access and critical actions, as well as periodic review of security logs.
  • Backups: automatic daily backups and storage in geographically redundant locations.
  • Staff training and confidentiality: all employees and collaborators sign confidentiality agreements and receive ongoing training in data protection and cybersecurity.
  • Secure infrastructure: servers hosted on Google Cloud Platform, with ISO 27001 and SOC 2 certifications, firewall, intrusion detection systems, and 24/7 monitoring.

Important: no data transmission over the Internet is completely secure. Although World Alerts implements reasonable security measures, it cannot guarantee absolute security of transmitted data.

10. Cookie policy

World Alerts uses cookies and similar technologies on its website. For detailed information about which cookies we use, their purpose, and how to manage them, please consult our Cookie Policy.

11. Minors

World Alerts is a B2B service exclusively intended for professionals and businesses. We do not knowingly collect personal data from minors under the age of 18.

If a parent, guardian, or legal representative becomes aware that a minor has provided personal data without consent, they must contact us immediately at team@worldalerts.io so that we can delete such data.

12. Links to third-party websites

The World Alerts website and platform may contain links to third-party websites (providers, partners, social networks). World Alerts is NOT responsible for the privacy practices of such websites. We recommend reviewing their privacy policies before providing any personal information.

13. Changes to the privacy policy

World Alerts may modify this Privacy Policy at any time. Any changes will be published on this page, indicating the date of the last update.

If you have any questions regarding this Privacy Policy or the processing of your personal data, you may contact us at team@worldalerts.io.