Last updated: 21 May 2026

At Miranda's Consulting ("we", "us", or "the controller"), we process personal data lawfully, fairly, and transparently. This policy explains what data we collect when you visit https://mirandas.io, how we use it — including ad measurement with Meta Pixel and Meta Conversions API — and your rights.

If you have questions about this policy or how we handle your data, contact us at jose@mirandas.io.

1. Data controller

Controller: Miranda's Consulting.

Address: Palma de Mallorca, Balearic Islands, Spain.

Contact email: jose@mirandas.io.

Website: https://mirandas.io.

2. Scope

This policy applies to personal data processed through our website, contact forms, newsletter sign-ups, resource downloads (lead magnets), meeting requests, and other digital interactions related to our B2B lead generation services.

It does not cover third-party websites you may reach via links on our site.

3. Personal data we collect

3.1. Data you provide directly

Identity and contact details: name, email, phone, company, and website.
Commercial information: messages, form responses, language preferences, and any additional information you voluntarily submit.
Subscription data: email and, if provided, name or other attributes when joining our newsletter or downloading resources.

3.2. Data collected automatically when browsing

Technical and usage data: IP address, browser type, operating system, language, pages viewed, access times, referrer URL, and similar web analytics data.
Advertising and measurement identifiers: cookies and identifiers associated with Meta (Facebook/Instagram), Google Analytics, and other providers listed below.
Interaction data: clicks, scroll depth, conversion events (e.g. form submissions), and, where applicable, anonymised or pseudonymised session recordings.

3.3. Inferred or derived data

Aggregated or pseudonymised campaign performance, traffic source, and conversion data.
B2B enrichment signals (e.g. probable company or sector) from commercial identification tools, within each provider's technical and legal limits.

4. How we collect data

Website forms (contact, meeting booking, newsletter, lead magnets).
Email or other communication channels you initiate with us.
Browser technologies: cookies, pixels, tags, and analytics or advertising scripts.
Server-side processing when you submit a form, including server-side conversion events sent to Meta.
Integrations with CRM, email marketing, hosting, and analytics providers.

5. Purposes and legal bases

We process your data for the purposes below, relying on the legal bases set out in the GDPR and applicable local law:

Handling contact and meeting requests — legal basis: pre-contractual steps or legitimate interest in responding to your request.
Sending newsletters, resources, and marketing communications — legal basis: your consent, which you may withdraw at any time.
Measuring site performance and improving user experience — legal basis: consent (non-essential cookies) or legitimate interest in aggregated analytics, depending on the technology.
Measuring and optimising advertising, attributing conversions, and building audiences — legal basis: consent where required; otherwise legitimate interest in measuring ad effectiveness.
Managing commercial relationships, CRM, and legal compliance — legal basis: contract, legitimate interest, or legal obligation.
Preventing fraud, form abuse, and maintaining site security — legal basis: legitimate interest.

6. Meta Pixel and Meta Conversions API

We use measurement tools from Meta Platforms Ireland Limited and its affiliates (Meta, Facebook, Instagram) to understand whether our marketing drives visits, subscriptions, or contact requests, and to optimise campaigns.

6.1. Meta Pixel (browser)

When you load our site, Meta Pixel may set or read cookies and identifiers on your device (e.g. _fbp and _fbc) and collect information about your visit, such as pages viewed, referrer, device type, and browser.

We record at least a PageView event on each visit. Other events may be recorded when you interact with the site.

6.2. Meta Conversions API (server)

In addition to the browser pixel, we send conversion events from our servers to Meta via the Conversions API. This helps measure conversions more reliably, including when browsers block third-party cookies or scripts.

When you submit certain forms, we may send Meta the following event-related data:

Events: Subscribe (newsletter or resource sign-up) and Contact (contact or meeting request).
Personal data hashed with SHA-256 before transmission: email, phone, first and last name when you provide them.
Non-hashed technical data: IP address, user agent, source page URL, and Meta cookie identifiers (_fbc, _fbp) when present.
Event metadata: event name, timestamp, unique event ID, and action source (website).

6.3. How we use this data with Meta

Measure conversions from Meta ads.
Optimise ad delivery and budgets.
Build custom or lookalike audiences where permitted.
Produce aggregated advertising performance reports.

6.4. Processor role and transfers

Meta may act as processor or independent controller depending on the service and configuration. Meta may process data in the United States and other countries outside the EEA.

Meta uses recognised international transfer mechanisms such as Standard Contractual Clauses. See Meta's privacy policy at https://www.facebook.com/privacy/policy/

6.5. Retention and opt-out

Meta retains data according to its own retention settings. We do not store hashes sent to Meta beyond what is needed to generate and transmit the event.

You can manage ad preferences at https://www.facebook.com/settings/?tab=ads and, where applicable, refuse non-essential cookies via our cookie settings or your browser.

7. Other third-party providers

Besides Meta, we may share or allow access to data with the following providers, only for the purposes described:

Google Analytics (Google Ireland Limited): web traffic and aggregated behaviour analytics.
Microsoft Clarity: heatmaps, session recordings, and interaction analytics.
Ahrefs Analytics: traffic and SEO performance measurement.
Leadsy: B2B commercial identification and visitor analytics.
Brevo (Sendinblue): subscriber management, email delivery, and marketing automation.
Attio: CRM for contacts, companies, and sales opportunities from forms.
Resend: transactional email (e.g. internal notifications of new requests).
Redis (temporary storage): technical logging of sign-ups where applicable.
Vercel or other hosting providers: hosting, server logs, security, and site delivery.

8. Disclosure to third parties

We do not sell your personal data. We disclose data only when necessary to provide our services, comply with legal obligations, or protect legitimate interests.

Providers listed above generally act as processors under our instructions, except where law requires them to act as independent controllers.

We may also disclose data to public authorities when legally required.

9. International transfers

Some providers may process data outside the European Economic Area (EEA), especially in the United States. Where this occurs, we rely on appropriate safeguards under the GDPR, such as Standard Contractual Clauses or adequacy decisions.

10. Retention periods

Contact and meeting form data: for the duration of the commercial relationship and thereafter as needed for claims or legal obligations (often up to 6 years unless a longer period is required by law).
Marketing and newsletter data: until you withdraw consent or unsubscribe.
Analytics and advertising data: according to each tool's configured retention and always the minimum necessary for the purpose.
Technical and security logs: strictly as long as needed for diagnostics, fraud prevention, and compliance.

11. Security

We apply reasonable technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure. These include encryption in transit (HTTPS), access controls, data minimisation, and hashing personal identifiers before sending them to Meta.

No system is completely secure. If you identify a security incident related to our services, contact us immediately.

12. Your rights

If you are in the EEA, UK, or another jurisdiction with applicable data protection law, you may exercise the following rights:

To exercise your rights, email jose@mirandas.io stating the right you wish to exercise and verifying your identity where necessary. We will respond within the statutory period (usually one month).

You may also lodge a complaint with the Spanish Data Protection Agency (AEPD) at https://www.aepd.es if you believe processing does not comply with the law.

Access: know whether we process your data and obtain a copy.
Rectification: correct inaccurate or incomplete data.
Erasure: request deletion where applicable.
Restriction: limit processing in certain circumstances.
Objection: object to processing based on legitimate interest, including direct marketing.
Portability: receive your data in a structured format where processing is based on consent or contract and is automated.
Withdraw consent: at any time, without affecting the lawfulness of prior processing.

13. Minors

Our services target business professionals. We do not knowingly collect data from children under 16. If we learn we have received a minor's data without valid parental consent, we will delete it.

14. Cookies and similar technologies

We use cookies and similar technologies for site operation, analytics, and ad measurement. See our Cookie policy for details and how to manage preferences.

Link: https://mirandas.io/en/cookies/

15. Changes to this policy

We may update this policy to reflect legal, technical, or service changes (e.g. new measurement integrations). We will publish the current version on this page with the last updated date.

16. Contact

For privacy or data protection enquiries: jose@mirandas.io.

Miranda's Consulting · Palma de Mallorca, Balearic Islands, Spain · https://mirandas.io

Privacy policy