UNDER CONSTRUCTION — We're getting ContaGPT ready; some features may change.
ContaGPT

Last updated: Monterrey, Nuevo León, Mexico, 2025

Comprehensive privacy notice

Introduction

This Privacy Notice is part of the website https://contagpt.com and any related mobile application or digital platform (hereinafter the "Sites" or the "Platform").

In compliance with the Federal Law on Protection of Personal Data Held by Private Parties (hereinafter the "Law") and its Regulations, ContaGPT (hereinafter the "Controller" or "ContaGPT"), with address at Av. Puerta del Sol 260-6, Colinas de San Jerónimo, Monterrey, Nuevo León, Mexico, C.P. 64630, states that Personal Data provided by the natural persons to whom they belong (hereinafter the "Data Subject") will be processed observing the principles of lawfulness, consent, information, quality, purpose, loyalty, proportionality, and accountability provided for in the Law and its Regulations.

Personal Data means any information concerning an identified or identifiable natural person.

1. Identity and address of the controller

ContaGPT, with address at Av. Puerta del Sol 260-6, Colinas de San Jerónimo, Monterrey, Nuevo León, Mexico, C.P. 64630, is the Controller for the processing of personal data collected through the Platform.

2. Means of collecting personal data

ContaGPT may collect the Data Subject's Personal Data through the following means:

  • Directly, when the Data Subject provides them when registering or using the Platform.
  • Automatically, through Cookies, Web Beacons, and similar technologies that collect information such as IP address, browser, operating system, and browsing behavior.
  • Through integration with services of the Tax Administration Service (SAT) and other sources linked to use of the Platform.
  • By any other lawful means permitted by applicable legislation.

The Data Subject may disable Cookies and Web Beacons at any time by following their browser's instructions.

3. Personal data collected

To provide the digital accounting, tax management, and tax automation services that ContaGPT offers, the Controller may collect, among others, the following Personal Data:

3.1 Identification and contact data

  • Full name
  • Email address
  • Mobile phone number (WhatsApp)
  • Tax and home address

3.2 Tax data

  • Advanced Electronic Signature (e.firma) issued by the SAT, including the digital certificate file (.cer) and private key (.key)
  • Digital Seal Certificates (CSD) from the SAT
  • Federal Taxpayer Registry (RFC) key
  • Electronic invoices (CFDI) received and issued
  • Tax returns filed with the SAT (annual, monthly, provisional)
  • Any tax information contained in CFDI and other tax documents generated or managed through the Platform

3.3 Data generated by use of the Platform

  • Information derived from the Data Subject's interaction with ContaGPT services, including queries, generated reports, settings, and preferences
  • IP address and/or device identifiers
  • Operating system, browser type and version
  • Standard web logs and traffic to and from the Sites

ContaGPT informs the Data Subject that data contained in the e.firma and Digital Seal Certificates are processed with the highest level of security and confidentiality given their sensitive nature for legal and tax purposes.

4. Purposes of processing

4.1 Primary purposes

Collected Personal Data will be used for the following main purposes necessary to provide the service:

  • Provision of digital accounting services and automated tax management.
  • Processing, organization, and analysis of electronic invoices (CFDI) received and issued.
  • Preparation, review, and filing of tax returns with the SAT.
  • Use of e.firma and Digital Seal Certificates to sign and validate tax documents on behalf of the Data Subject.
  • Communication with the Data Subject via WhatsApp or other authorized channels to follow up on tax obligations.
  • Compliance with applicable legal, tax, and regulatory obligations.
  • Generation of reports, financial analysis, and personalized tax alerts.

4.2 Secondary purposes

Additionally, and only if the Data Subject gives express consent, data may be used to:

  • Send commercial communications, promotions, or information about new ContaGPT services.
  • Conduct market research and continuous service improvement.
  • Prepare anonymized statistics and reports to improve the Platform.

If the Data Subject does not wish their data to be processed for secondary purposes, they may state so through the procedure described in the ARCO Rights section of this Notice.

5. Transfers of personal data

ContaGPT may transfer the Data Subject's Personal Data only in the following cases:

  • To the Tax Administration Service (SAT) and other federal, state, or municipal tax authorities, within the framework of the Data Subject's tax obligations.
  • To technology service providers acting as processors who are contractually bound to maintain confidentiality of the data.
  • To any competent authority when required by law, court order, or administrative requirement.
  • To third parties when the Data Subject gives express consent.

Under no circumstances will ContaGPT sell, assign, or distribute the Data Subject's Personal Data to unauthorized third parties.

6. Security measures

ContaGPT implements technical, administrative, and physical security measures intended to protect the Data Subject's Personal Data against damage, loss, alteration, destruction, unauthorized use, access, or improper disclosure. These measures include, without limitation:

  • End-to-end encryption in the transmission and storage of sensitive data such as e.firma and CSD.
  • Role-based access controls and multi-factor authentication.
  • Periodic security audits and continuous infrastructure monitoring.
  • Internal confidentiality policies and staff training.

7. ARCO rights

In accordance with the Federal Law on Protection of Personal Data Held by Private Parties, the Data Subject has the right to:

  • Access: Know the personal data ContaGPT holds about you and how it is processed.
  • Rectification: Request correction of your personal data when it is inaccurate or incomplete.
  • Cancellation: Request deletion of your personal data from processing.
  • Objection: Object to processing of your personal data for specific purposes.

To exercise any of these rights, the Data Subject must submit a request containing:

  • Original and copy of valid official ID (voter ID, passport, or driver's license).
  • Full name of the Data Subject.
  • Clear description of the right to be exercised and the data involved.
  • Email address to receive the response.

The request may be submitted at the address Av. Puerta del Sol 260-6, Colinas de San Jerónimo, Monterrey, Nuevo León, Mexico, C.P. 64630, or through the procedure available at https://contagpt.com. Requests will be answered within twenty (20) business days of receipt.

8. Revocation of consent

The Data Subject may revoke consent granted for processing of their personal data at any time, following the procedure established at https://contagpt.com. Revocation of consent will not have retroactive effect. Note that if consent is revoked regarding data necessary to provide the service, ContaGPT will not be able to continue providing it.

9. Cookies and tracking technologies

ContaGPT Sites use Cookies, Web Beacons, and similar technologies to improve user experience, analyze traffic, and personalize services. The Data Subject may configure their browser to reject or delete these technologies at any time, which may affect Platform functionality.

10. Limitation of use or disclosure

If the Data Subject wishes to limit use or disclosure of their personal data, including for purposes other than those that originated the legal relationship, they may do so through the procedure available at https://contagpt.com. Once the request is processed, the Data Subject will be included on the exclusion list managed by ContaGPT and their data will not be shared with third parties except as strictly necessary to fulfill the contracted service.

11. Changes to this privacy notice

ContaGPT reserves the right to modify this Privacy Notice at any time in accordance with applicable legal provisions. Any modification will be notified to the Data Subject through the Platform or the contact means provided. The current version of the Privacy Notice will be available at https://contagpt.com.

12. Statement for messaging platforms and social networks

ContaGPT uses the WhatsApp Business platform (owned by Meta Platforms, Inc.) as a communication channel with its clients for the provision of its digital accounting services. In that context:

  • The Data Subject expressly accepts that their contact data (WhatsApp number and name) will be used exclusively for communications related to contracted services.
  • ContaGPT complies with WhatsApp Business Usage Policies and Meta guidelines for verified businesses.
  • Messages sent via WhatsApp are also subject to Meta/WhatsApp Privacy Policy at https://www.whatsapp.com/legal/privacy-policy.
  • ContaGPT will not share the Data Subject's data with Meta beyond what is strictly necessary to operate the messaging channel.
  • The Data Subject may opt out of communications via WhatsApp at any time without affecting service delivery, as long as another communication channel is available.

13. Contact details

For any questions, requests, or clarifications regarding this Privacy Notice, the Data Subject may contact ContaGPT through:

Address: Av. Puerta del Sol 260-6, Colinas de San Jerónimo, Monterrey, N.L., Mexico, C.P. 64630 Website: https://contagpt.com Last updated: Monterrey, Nuevo León, Mexico, 2025.