M
Yoniliman Galvis Aguirre · yoniliman.com

Personal Data Processing
Policy

This document clearly explains how personal data is collected, used, stored, and handled for those who interact with any section of yoniliman.com.

Data controller
Yoniliman Galvis Aguirre
Contact email
ygalvis@gmail.com
Website
yoniliman.com and all its sections
Last update
March 26, 2026

1. Scope

This policy applies to all personal data collected through the forms, records, and systems of the yoniliman.com website, in particular:

  • The waiting-list forms for the φ tetralogy (Noesis, Noema, Metanoia, and Anamnesis).
  • Registration and access to the free AI for Creators course, including authentication through Google OAuth.
  • Contact forms and any other data collection mechanisms enabled on the site.

2. Data collected

Depending on the service used, the following data may be collected:

Literary waiting list φ: email address, book of interest, registration date and time, IP address, and authorization for data processing.

New — AI for Creators course

Registration with Google OAuth: full name, email address, profile picture, and unique Google identifier (Google ID). This data is provided directly by Google when the user authorizes access.

Academic progress: visited lessons, quiz results per lesson (numeric score), completion date and time for each lesson, and certificate issuance date when applicable.

Policy acceptance: exact date and time when the data subject accepted this policy, automatically recorded at registration.

Technical data: IP address, browser type, and operating system when necessary for security, traceability, and system operation.

3. Email tracking

New — full transparency

Emails sent by yoniliman.com (course welcome emails, lesson completion notifications, certificates, and φ waiting-list communications) include email tracking technology. This means the system automatically records the following information:

  • Send date and time of the email.
  • Open date and time of the email, detected through an invisible 1×1 tracking image embedded in the message body.
  • Number of opens for the same email.
  • Mail client and device from which the email was opened (user agent).
  • Approximate IP address from which the email was opened.
  • Clicks on links included in the email, recording the destination URL, date, time, and device.

This information is used exclusively to improve the quality and relevance of communications, verify the proper delivery of certificates, and optimize the course experience. It is not shared with third parties and is not used for advertising purposes.

Emails are sent through Resend (resend.com), a transactional email delivery service that complies with SOC 2 Type II security standards. Resend does not store email content nor access the data subject’s personal data beyond what is technically necessary to deliver the message.

If the data subject does not wish to be tracked, they may disable remote image loading in their email client. This will prevent open tracking, although the other data related to course registration will remain active.

4. Purposes of processing

Personal data will be processed for the following purposes:

  • To manage the data subject’s registration in waiting lists, forms, or the AI for Creators course.
  • To allow authenticated access to the course through Google OAuth and maintain an active session.
  • To record and display the student’s academic progress through the personal dashboard.
  • To issue the course completion certificate when the data subject completes all required modules and quizzes.
  • To send course-related communications: welcome, lesson completion notifications, and certificate delivery.
  • To inform about updates, launches, and content associated with the φ tetralogy when the data subject has subscribed to the waiting list.
  • To measure the effectiveness of email communications through open and click tracking.
  • To respond to requests, inquiries, complaints, or claims related to personal data.
  • To retain evidence of the authorization granted by the data subject.
  • To protect site security and prevent abusive or fraudulent registrations.

5. Data subject rights

The data subject may exercise the rights recognized by applicable Colombian regulations, including:

  • To know, update, and correct their personal data.
  • To request proof of the authorization granted for processing.
  • To be informed about how their personal data is being used, including email tracking.
  • To submit inquiries, requests, complaints, or claims related to personal data protection.
  • To request the deletion of their data and the removal of their course account when applicable.
  • To revoke the granted authorization, when legally possible.
  • To object to email tracking by disabling remote image loading in their email client.

Data subjects located in the European Union (GDPR)

For personal data subjects located in Spain or in any country of the European Union, the processing of their personal data is additionally carried out in accordance with Regulation (EU) 2016/679 — General Data Protection Regulation (GDPR).

The legal basis for processing the data is the data subject’s explicit consent, granted at the time of registration, subscription, or use of the services offered on this website, in accordance with Article 6.1.a of the GDPR.

In addition to the rights described above, data subjects located in the European Union may exercise the following rights:

  • Right to data portability.
  • Right to restriction of processing.
  • Right to lodge a complaint with the data protection supervisory authority in their country of residence within the European Union.

6. Channel for requests and complaints

The data subject may exercise their rights by sending a request to ygalvis@gmail.com. It is recommended to include full name, registered email address, reason for the request, and a clear description of what is required.

For requests to delete an AI for Creators course account, the request will be addressed within a maximum of 15 business days.

7. Technology service providers

The following providers may process technical data for the operation of the site and its services:

  • Google LLC — OAuth authentication for course access. Privacy policy: policies.google.com/privacy
  • Resend Inc. — transactional email delivery. Privacy policy: resend.com/legal/privacy-policy
  • Hostinger International Ltd. — web hosting and database services. Privacy policy: hostinger.com/privacy-policy

None of these providers is authorized to use personal data for purposes other than the provision of the contracted technical service.

8. Security and confidentiality

Reasonable administrative, technical, and organizational measures are adopted to protect personal data against unauthorized access, loss, misuse, alteration, or unauthorized disclosure. Database passwords are stored encrypted, and access to the administration panel is protected with authentication.

Communications between the site and the user are carried out through HTTPS with an active SSL certificate.

9. Validity and retention

Data will be retained for the period necessary to fulfill the purposes described herein. In particular:

  • Course registration data and the issued certificate are retained indefinitely to allow future certificate verification.
  • Email tracking records are retained for a period of 24 months.
  • Waiting-list data is retained until the data subject requests deletion or the corresponding book is published and distributed.

10. Legal framework

This policy is established on the basis of current Colombian regulations on personal data protection, including Law 1581 of 2012, Decree 1074 of 2015, and the provisions of the Superintendence of Industry and Commerce (SIC) applicable to the processing of data by natural-person controllers.

11. Changes to this policy

This policy may be updated at any time to reflect regulatory, technological, or functional changes to the website. The current version will always be the one published on this page, with the date of last update visible in the header.

This site does not display advertising and does not share data with third parties for commercial purposes. Email tracking is used exclusively to improve the course experience and verify certificate delivery.