Mad Cowboys Logo
Mad Cowboys

Privacy Policy

Last updated: 1/22/2026

Data Controller: Mad Cowboys is committed to protecting your privacy and handling your data responsibly in accordance with the Federal Law on Protection of Personal Data Held by Private Parties (Mexico).

1. Information We Collect

Mad Cowboys collects different types of information depending on the automation service contracted:

1.1 Company Information

  • Business Data: Company name, legal name, tax ID, fiscal address
  • Contact Information: Responsible person's name, position, email, phone
  • Payment Data: Card information processed and stored by Stripe (PCI-DSS certified)

1.2 Operational Data

  • Process Information: Data necessary to implement automations as agreed
  • End Customer/User Data: Only those necessary for automation (e.g., names, contacts, appointments)
  • Communication Records: Emails, WhatsApp messages, SMS according to service scope
  • Recordings: Of calls or interactions when part of contracted service

1.3 Technical Data

  • System Information: APIs, integration credentials, technical configurations
  • Usage Logs: Usage statistics, errors, automation performance
  • Navigation Data: Cookies, IP, browser (on our website)

2. Use of Information

We use collected information exclusively to:

  • Provide and maintain contracted automation services
  • Implement system integrations as agreed
  • Improve and optimize automation performance
  • Provide technical support and resolve incidents
  • Generate usage reports and statistics for client
  • Comply with legal, tax, and regulatory obligations
  • Communicate relevant service updates
  • Process payments and billing

3. Sensitive Data Protection

For clients in regulated industries (healthcare, finance, legal), we implement additional measures:

  • Advanced Encryption: AES-256 for data in transit and at rest
  • Data Segregation: Logical isolation of sensitive information
  • Regulatory Compliance: Adherence to specific standards (HIPAA for healthcare, etc.)
  • Security Audits: Regular reviews by certified third parties
  • Access Controls: Least privilege principle and multi-factor authentication
  • Encrypted Backup: Encrypted backups with controlled retention

4. Information Sharing and Transfer

Mad Cowboys does NOT sell or commercialize personal information. We share data only when:

4.1 Service Providers

We work with trusted providers for specific operations:

  • Cloud Services: Google Cloud, AWS (with SOC 2, ISO 27001 certifications)
  • Communication Platforms: Twilio (SMS), WhatsApp Business API
  • Payment Processing: Stripe (PCI-DSS certified) - sole payment method
  • AI Tools: OpenAI, Anthropic (with confidentiality agreements)

All providers sign data processing agreements and are required to protect information.

4.2 Legal Requirements

  • When required by law or competent authorities
  • To protect legal rights of Mad Cowboys or third parties
  • In case of security or fraud investigations

4.3 With Consent

With explicit client authorization for specific cases not covered by contract.

5. Data Retention

We retain data for specific periods according to their nature:

  • Operational Data: During service validity + 1 year
  • End Customer Data: As specified in contract (typically 1-2 years)
  • Recordings/Logs: 6-12 months for analysis and improvement
  • Business Information: During contract + 5 years for tax obligations
  • Billing Data: 10 years per tax requirements
  • Legal Documentation: During applicable statute of limitations

After these periods, data is securely and irreversibly deleted.

6. ARCO Rights and Other Rights

Under Mexican Federal Law on Protection of Personal Data, you have the right to:

  • Access: Know what personal data we have and what we use it for
  • Rectification: Request correction of inaccurate or incomplete data
  • Cancellation: Request deletion of your data when no longer required
  • Opposition: Object to data processing for specific purposes
  • Portability: Obtain copy of your data in structured format
  • Limitation: Request temporary restriction of processing
  • Consent Revocation: Withdraw previously granted consent

How to Exercise Your Rights?

To exercise any of these rights:

  1. Send request to: info@madcowboys.com.mx
  2. Include: full name, contact information, description of request
  3. Attach official ID for verification
  4. We will respond within maximum 20 business days

7. Security Measures

We implement technical, physical, and administrative measures to protect your data:

7.1 Technical Measures

  • TLS 1.3 encryption for data in transit
  • AES-256 encryption for data at rest
  • Mandatory multi-factor authentication (MFA)
  • Firewalls and intrusion detection systems (IDS/IPS)
  • 24/7 security monitoring
  • Regular penetration testing
  • Vulnerability and patch management

7.2 Organizational Measures

  • Strict access control policies
  • Continuous staff training on privacy
  • Confidentiality agreements with employees and providers
  • Incident response procedures
  • Regular internal and external audits
  • Certifications: ISO 27001 (in progress)

8. Cookies and Tracking Technologies

Our website uses cookies to improve user experience:

Types of Cookies We Use:

  • Strictly Necessary: Essential for site operation (cannot be disabled)
  • Functional: Remember user preferences and settings
  • Analytics: Google Analytics to understand site usage (anonymized)
  • Advertising: We do not use third-party advertising cookies

You can manage cookies from your browser settings. Rejecting cookies may affect site functionality.

9. International Transfers

Some of our service providers operate outside Mexico. When we transfer data internationally:

  • We only work with countries with adequate data protection levels
  • We implement Standard Contractual Clauses (SCC)
  • We require privacy certifications (Privacy Shield, GDPR compliance)
  • We maintain control over data processing

10. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not intentionally collect data from minors. If we identify that we have received information from a minor, we will delete it immediately.

11. Security Breach Notification

In case of a security breach affecting personal data:

  • We will notify affected client within 72 hours
  • We will inform competent authorities if required
  • We will describe breach nature and measures taken
  • We will provide recommendations to mitigate risks

12. Changes to this Policy

We may update this policy occasionally to reflect changes in our practices or legal requirements:

  • Minor changes: publication on website
  • Significant changes: email notification with 30 days advance notice
  • We will always show last update date
  • Continued service use implies acceptance of changes

13. Supervisory Authority

If you believe your privacy rights have been violated, you can file a complaint with:

National Institute for Transparency, Access to Information and Personal Data Protection (INAI)

Website: https://home.inai.org.mx

Phone: 800 835 4324

14. Contact - Data Protection Officer

For any questions about this policy or handling of your personal data:

Mad Cowboys

Digital Process Automation Agency

Email: info@madcowboys.com.mx

Subject: "Privacy - [Your Name]"

Business hours: Monday to Friday, 9:00 AM - 6:00 PM (Central Mexico Time)

Important note: This privacy policy describes our general practices. Specific data processing terms for each client are detailed in the service contract or corresponding Data Processing Agreement (DPA). By using our services, you accept the practices described in this policy.