Privacy Policy
Last updated: January 2026
1. Data Controller
2. Introduction
At Fëanor's Code S.L., we are committed to protecting the privacy of our clients and users. This Privacy Policy describes how we collect, use, store, and protect your personal data in compliance with:
3. Fundamental Principle: Privacy by Design
TENGWAR has been designed from its conception with privacy as a fundamental guiding principle:
100% Local Processing: All data processing, including artificial intelligence, document analysis, and queries, runs entirely on hardware installed at the client's premises. There is no transmission of data to external servers.
Zero Cloud Data: Unlike other enterprise AI solutions, TENGWAR does not send any data to cloud services. Your corporate documents, queries, and responses never leave your infrastructure.
Total Client Control: The client maintains absolute control over their data at all times. Fëanor's Code S.L. has no remote access to data processed by TENGWAR.
4. Data We Process
4.1. Data Processed Locally by TENGWAR (At Client Premises)
TENGWAR processes on your local infrastructure:
| Category | Data | Purpose |
|---|---|---|
| Corporate documents | PDFs, Word, Excel, PowerPoint, images, CSV, JSON, XML, HTML, Markdown and other formats | Indexing and semantic search for RAG-based responses |
| User queries | Questions and commands entered in chat | Generation of contextualized responses |
| Session data | Conversation history, user preferences | Service continuity and experience improvement |
| Access credentials | Usernames, hashed passwords (BCrypt) | Authentication and access control |
| Organizational metadata | Departments, roles, authorization levels | Permission management and security |
Important: This data is processed and stored exclusively on the client's hardware. Fëanor's Code S.L. has no access to this information.
4.2. Data Processed by Fëanor's Code S.L.
Fëanor's Code S.L. only processes the following data:
| Category | Data | Legal Basis | Purpose | Retention |
|---|---|---|---|---|
| Business contact data | Name, email, phone, company, position | Contract performance (Art. 6.1.b GDPR) | Management of commercial and contractual relationship | Contract duration + 5 years |
| Billing data | Tax data, payment information | Legal obligation (Art. 6.1.c GDPR) | Compliance with tax obligations | 6 years (Commercial Code) |
| Technical support data | Reported incidents, communications | Contract performance (Art. 6.1.b GDPR) | Provision of support service | Contract duration + 2 years |
| Web browsing data | IP, cookies (see specific section) | Consent (Art. 6.1.a GDPR) | Website analysis and improvement | See cookie policy |
5. Legal Bases for Processing
We process your personal data based on the following legal bases:
5.1. Contract Performance (Art. 6.1.b GDPR)
5.2. Compliance with Legal Obligations (Art. 6.1.c GDPR)
5.3. Legitimate Interest (Art. 6.1.f GDPR)
5.4. Consent (Art. 6.1.a GDPR)
6. Data Subject Rights
In accordance with the GDPR and LOPD-GDD, you have the right to:
| Right | Description |
|---|---|
| Access | Obtain confirmation of whether we process your data and access to it |
| Rectification | Request correction of inaccurate or incomplete data |
| Erasure | Request deletion of your data when the prescribed circumstances apply |
| Restriction | Request restriction of processing in certain cases |
| Portability | Receive your data in a structured format and transmit it to another controller |
| Objection | Object to the processing of your data in certain circumstances |
| Not be subject to automated decisions | Not be subject to decisions based solely on automated processing |
| Withdraw consent | Withdraw consent given at any time |
How to Exercise Your Rights
You may exercise your rights through:
We will respond to your request within a maximum period of one month, extendable by two additional months in cases of particular complexity.
Right to Lodge a Complaint
If you consider that the processing of your data violates regulations, you may file a complaint with the Spanish Data Protection Agency (AEPD): www.aepd.es
For users in other EU countries, you may contact your local Data Protection Authority.
7. Data Recipients
7.1. No Transfer of TENGWAR Data
Data processed by TENGWAR at the client's premises is never transferred to Fëanor's Code S.L. or third parties. The system operates completely autonomously and isolated.
7.2. Recipients of Administrative Data
Administrative and commercial data may be communicated to:
| Recipient | Purpose | Safeguards |
|---|---|---|
| Tax Administration | Compliance with tax obligations | Legal obligation |
| Financial institutions | Payment and collection management | Contract performance |
| Legal and accounting advisors | Professional advice | Confidentiality agreement |
| Technology providers | Web hosting, corporate email | Data processing agreement (Art. 28 GDPR) |
7.3. International Transfers
We do not make international data transfers outside the European Economic Area. Should it become necessary, we will ensure compliance with appropriate safeguards in accordance with Chapter V of the GDPR.
8. Security Measures
We implement appropriate technical and organizational measures to ensure the security of personal data:
8.1. Technical Measures
8.2. Organizational Measures
8.3. Security in TENGWAR
TENGWAR incorporates enterprise-grade security measures:
9. Data Retention
9.1. Data in TENGWAR (Client Premises)
The client autonomously determines the retention periods for their data in TENGWAR. The system allows deletion of documents, conversations, and users according to each organization's internal policies.
9.2. Administrative Data (Fëanor's Code S.L.)
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Contractual data | Contract duration + 5 years | Statute of limitations for civil actions |
| Invoices and tax documentation | 6 years | Art. 30 Commercial Code |
| Support data | Contract duration + 2 years | Legitimate interest |
| Commercial communications | Until withdrawal of consent | Consent |
10. Cookie Policy
Our website uses cookies. For detailed information about the types of cookies used, their purposes, and how to manage them, please see our Cookie Policy.
Cookie Summary
| Type | Purpose | Requires Consent |
|---|---|---|
| Technical | Website operation | No |
| Analytical | Usage statistics | Yes |
| Advertising | Not used | N/A |
11. Minors
TENGWAR is a product aimed exclusively at businesses. We do not knowingly collect data from minors under 16 years of age. If you become aware that a minor has provided us with personal data, please contact us so we can proceed with its deletion.
12. Third-Party Links
Our website may contain links to third-party sites. We are not responsible for the privacy practices of such sites. We recommend reading their privacy policies.
13. Updates to This Policy
We may update this Privacy Policy periodically. Substantial changes will be notified through our website or by email. The date of last update is indicated at the beginning of the document.
14. Contact
For any questions related to this Privacy Policy or the processing of your personal data:
Executive Summary
| Aspect | Description |
|---|---|
| Who is the data controller? | Fëanor's Code S.L. |
| What data is processed in TENGWAR? | Only on your infrastructure, without access by us |
| Is data sent to the cloud? | No, 100% local processing |
| What are your rights? | Access, rectification, erasure, restriction, portability, objection |
| How to contact? | info@feanorscode.com |
© 2026 Fëanor's Code S.L. All rights reserved.