Privacy Policy

Last updated: April 21, 2026

1. Who we are

BESO is a product of Agere Infrastructure Partners, S.L. ("Agere", "we", "us"), a company registered in Spain. We are the data controller for the personal data processed through the website beso.energy and the BESO Excel Add-in.

Contact: info@beso.energy

2. Data we collect

2.1 Website (beso.energy)

  • Account data: name, email address, company (provided at registration).
  • Subscription data: when requesting a paid plan, we collect company name, tax ID (CIF/NIF), fiscal address, billing address, billing email, IBAN, and contact phone. This data is used exclusively for invoicing and contract management.
  • Analytics data: page views, navigation patterns, device type, approximate location (country/city). Collected via Google Analytics only after cookie consent.
  • Contact form: name, email, company, message content.

2.2 BESO Excel Add-in

  • License data: email address, machine fingerprint, activation timestamps.
  • Machine fingerprint: a SHA-256 hash derived from hardware characteristics (machine name, processor count). This identifier is used solely for license validation and cannot be used to personally identify the user.
  • Telemetry (optional): anonymous usage data (hours of use, features used), collected only with your explicit consent. You can enable or disable telemetry at any time from the software settings.
  • No simulation data: we do not collect, transmit, or store any of your energy data, financial models, or simulation results. All calculations run locally on your machine.

3. How we use your data

  • To provide and maintain our services (account management, license validation).
  • To communicate with you (support, product updates, responses to inquiries).
  • To analyze website usage and improve our product (aggregated analytics).
  • To comply with legal obligations.

4. Legal basis (GDPR)

  • Contract execution: account management, license validation, billing, support.
  • Consent: analytics cookies, telemetry data (you can accept or reject via our cookie banner and software settings respectively).
  • Legal obligation: billing and tax data retention as required by Spanish fiscal regulations.
  • Legitimate interest: product improvement based on aggregated usage data.

5. Cookies

Detailed list of cookies used on beso.energy:

NameProviderPurposeTypeDuration
sb-*-auth-tokenSupabase (beso.energy)Authentication sessionEssential1 hour (refreshed)
beso-cookie-consentbeso.energyStores your cookie-banner choiceEssential12 months (localStorage)
_gaGoogle AnalyticsDistinguishes unique usersAnalytics (opt-in)24 months
_ga_C6LTDS0KF7Google AnalyticsSession state for property G-C6LTDS0KF7Analytics (opt-in)24 months

Essential cookies are required for authentication and basic site functionality; they cannot be disabled. Analytics cookies are only set after you accept them via our consent banner. You can revoke consent at any time by clearing beso-cookie-consent in your browser's local storage, after which Google Analytics will stop loading on your next visit.

We do not use advertising or third-party tracking cookies.

6. Data sharing and international transfers

We do not sell your personal data. We share data only with the following processors:

  • Supabase, Inc. (USA, EU-region infrastructure): authentication and database hosting. Data is stored in AWS Frankfurt (EU). Acts as a data processor under a signed DPA.
  • Google Analytics (Google Ireland Ltd.): anonymized website analytics (measurement ID: G-C6LTDS0KF7). Only activated after cookie consent. Processes IP addresses (anonymized), page views, device type, and approximate location.
  • Vercel Inc. (USA): website hosting and serverless functions. Processes IP addresses and request metadata in server logs (retained up to 30 days). Operates globally with edge caching.
  • Resend, Inc. (USA): transactional email delivery. Processes recipient email addresses and email content for delivery purposes only.

International transfers outside the EU/EEA

Vercel and Resend are US-based processors, and Google Analytics processes data on infrastructure that may be located outside the EU/EEA. When your data is transferred to a country outside the EU/EEA that has not received an adequacy decision from the European Commission, we rely on appropriate safeguards recognized by GDPR, specifically:

  • EU-US Data Privacy Framework (DPF): Google LLC, Vercel Inc. and Resend Inc. are DPF-certified participants. Certification verifiable at dataprivacyframework.gov.
  • Standard Contractual Clauses (SCCs): each processor publishes a Data Processing Addendum (DPA) incorporating SCCs where required; these DPAs are accepted by reference through the processor's terms of service. Additional technical safeguards apply (encryption in transit and at rest). Copies of each DPA are available upon request to info@beso.energy.

You may request a copy of the safeguards in place for any specific transfer by contacting info@beso.energy.

7. Data retention

  • Account data: retained while your account is active. Deleted upon request or after 12 months of inactivity.
  • Billing and tax data: retained for 6 years after the end of the contractual relationship, as required by Spanish fiscal regulations.
  • Telemetry data: retained for 2 years, then anonymized.
  • Analytics data: retained for 14 months (Google Analytics default).
  • Contact form submissions: retained for 12 months.

8. Your rights

Under GDPR, you have the right to:

  • Access your personal data.
  • Rectify inaccurate data.
  • Erase your data ("right to be forgotten").
  • Restrict processing of your data.
  • Port your data to another service.
  • Object to processing based on legitimate interest.
  • Withdraw consent for analytics cookies at any time.

To exercise any of these rights, contact us at info@beso.energy. We will respond within 30 days.

Right to lodge a complaint with a supervisory authority

If you believe that our processing of your personal data infringes data-protection law, you have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, AEPD):

  • Website: www.aepd.es
  • Postal address: C/ Jorge Juan, 6, 28001 Madrid, Spain
  • Phone: +34 901 100 099 / +34 912 663 517

You may also contact the supervisory authority of your country of residence or habitual workplace within the EU/EEA.

9. Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), secure authentication, and access controls.

10. Changes to this policy

We may update this policy from time to time. Changes will be posted on this page with an updated revision date. For significant changes, we will notify registered users by email.