Last updated: 29/07/2025
This Privacy Policy explains how Mutable Potential Lda (“we”, “us”, “our”) handles personal data when you visit cannabud.ai, contact us, or use our services. It also clarifies when we act as controller and when we act as processor on behalf of customers.
Controller: Mutable Potential Lda (NIF 517017849)
Address: R. Bernardo Santareno, n.º 27, Portugal
Email: team@mutablep.com
We process personal data in line with the General Data Protection Regulation (GDPR) and applicable Portuguese law. When we process data on behalf of a customer under a data processing agreement, the customer is the controller and we are the processor. If your data was supplied to our platform by one of our customers, please address requests directly to that customer.
This notice covers: website visitors; prospective and existing customers; individuals who contact us via forms, chat, email, phone or events; and job applicants. It also applies to features on our site such as contact forms, chat, cookies/consent tools and any analytics we may deploy.
Identification & contact details (e.g., name, email, company, phone)
— To respond to enquiries, provide requested services, manage accounts, and send opted-in updates.
Technical & device data (e.g., IP address, browser/OS, device type, error logs)
— To deliver content, maintain security and stability, detect fraud/abuse, and diagnose issues.
Usage data (e.g., pages viewed, clicks, session duration, referrers)
— To improve site performance, user experience and content relevance (consistent with your cookie/consent settings).
Communications (emails, chat transcripts, support notes)
— To provide support, fulfil requests, and maintain appropriate records.
Customer content (data uploaded by customers into our services)
— Processed strictly to provide the contracted service, under the customer’s instructions (processor role).
Recruitment data (CVs, cover letters, interview logistics)
— To assess applications and manage the hiring process.
Legal bases
Depending on context: consent (e.g., non-essential cookies/marketing), contract or pre-contract steps, legal obligations, and legitimate interests (e.g., security, service improvement, fraud prevention).
We use cookies and similar technologies to run the site and, with your consent, for additional purposes (e.g., audience measurement). We operate a consent banner using Yescookie, which lets you grant, refuse, or withdraw consent at any time. Your choices are recorded to demonstrate compliance. You can also control cookies through your browser settings.
A detailed list of cookie categories and third-party cookies (if any) is provided in our Cookie Policy.
We use third-party providers to operate, secure, and support our website. They act as processors under contracts that require confidentiality, security, and GDPR-compliant safeguards:
Hostinger — hosting and infrastructure for cannabud.ai (storage, delivery of web content, basic server logging).
WordPress — our content management system and website framework (including core, themes, and plugins we select).
Tawk.to — live-chat and messaging on the website (handling chat messages, metadata necessary to deliver the chat, and, if you provide them, your contact details).
Notes
• Server access logs (e.g., IP, request timestamp, user-agent, status code) are used for security and operational purposes.
• Some WordPress plugins may process limited data to provide their features; we only enable plugins that are necessary or beneficial and configure them to minimise data.
• If we add analytics, email, or other tools in future, they will appear in the Cookie Policy and (if materially relevant) this Privacy Policy.
International transfers. If a provider stores/handles data outside the EEA, we use appropriate safeguards (e.g., EU Standard Contractual Clauses) and limit transfers to what’s necessary for the service.
We do not sell personal data.
We maintain appropriate technical and organisational measures, including TLS/HTTPS encryption in transit, access controls, least-privilege permissions, monitoring and logging, regular patching, and incident response procedures. We design for privacy by default and by design and review safeguards periodically.
We keep personal data only as long as needed for the purposes described or to meet legal/accounting requirements. Operational server logs are generally retained up to 30 days, unless a longer period is needed to investigate or respond to security events. Where processing relies on consent, we delete data when consent is withdrawn unless another legal basis applies.
Subject to the GDPR, you can request: access, rectification, erasure, restriction, portability, and you may object to processing (including direct marketing). Where processing relies on consent, you may withdraw consent at any time. You also have the right to complain to the Comissão Nacional de Proteção de Dados (CNPD).
To exercise your rights, contact team@mutablep.com.
Contact forms & email. If you contact us, we process the data you provide to handle your request and keep relevant records.
Live chat (Tawk.to). When you use chat, the content of your messages is processed to provide support. The chat widget may process technical metadata (e.g., timestamps, device/browser details) required to deliver the service. Please avoid sharing sensitive information via chat.
Accounts / login (if enabled). If we offer user accounts, we will process login credentials and apply security measures (e.g., optional 2FA). Account data is deleted after closure, subject to legal retention. Users should export their data before requesting deletion.
Newsletters/marketing (if enabled). We will send electronic communications only with your consent or as permitted by law. We log opt-ins to demonstrate compliance and maintain suppression lists to honour opt-outs.
Our services are not directed to children under 16. If you believe a child provided us personal data, please contact us and we will act appropriately.
We may update this notice from time to time. Material changes will be posted here with a new “Last updated” date.
Mutable Potential Lda
R. Bernardo Santareno, n.º 27, Portugal
team@mutablep.com
