BARRO
Privacy · Score ARENA Express

Score ARENA Express privacy.

This page describes what is stored, what isn't, and what control you have. Auditor tone: we only state what is active today.

What we store when you complete the questionnaire

  • Your eleven scoring answers + two calibrators (sector and revenue band).
  • The generated score and the full report in JSON.
  • Your answer to the optional open question (only if you fill it).
  • Timestamp (ISO) and locale (es/en).
  • Engine and questionnaire versions that produced the report.

What we do NOT store

  • Email (not requested).
  • Your company name (not requested).
  • Personal user identifiers (no login, no session cookies).
  • IP address or geolocation-derived data.
  • User agent, browser fingerprinting or detailed telemetry.

Local persistence in your browser

While you answer the questionnaire, your answers are saved in your browser's localStorage so you can continue later. That local persistence is not sent to any server until you click "Close questionnaire and generate report". It expires 14 days after the start. It is automatically cleared on successful submission.

Sharing with third parties

We do not sell or commercially share your responses. Active technical infrastructure today is:

  • Supabase · report database. EU hosting (Ireland). Only receives the data of the report you generate.
  • Vercel · site server. EU hosting (Frankfurt).
  • DonDominio · DNS provider for the score.barroaudit.com subdomain. Does not process report content.

What is NOT active in this version

No third-party transmission

In this version we do not send your answers or your report to any language model provider, transactional email tool, or third-party web analytics system (Google Analytics or similar). If we later enable AI-assisted narrative, we will announce it explicitly and allow opt-out before any transmission.

Permanent report URL

On submission, a 26-character random ULID is generated (2128 search-space entries). The report is available at a URL of the form score.barroaudit.com/{locale}/r/{ulid}. Anyone with that URL can read the report. The URL is practically impossible to guess; you decide with whom to share it.

Aggregate cohort

Your answers are not added to the aggregate cohort dataset without your explicit authorization. The infrastructure for that opt-in authorization is planned but not active in this version: for now, stored data is used only to serve your own report.

Optional open question

Question 13 is optional. If you fill it, it is stored with your report but not used to compute the score. It is not sent to third parties in this version. Recommendation: do not include client names, sensitive financial data or intellectual property in that field.

Right to deletion

You can request full deletion of your report by emailing privacy@barroaudit.com with the permanent URL (format /r/{ulid}). Deletion is executed within 72 hours.

Regulatory framework

We apply the General Data Protection Regulation (EU 2016/679) and the Spanish Organic Law 3/2018 on Personal Data Protection. Data controller is BARRO Audit Int. SL.

Changes to this policy

This policy is updated when something material changes: new integrations, new third parties, new storages. Previous versions are archived with their date. If we activate a service that receives report content (for example generative AI or transactional email), it will be announced here before going live.

BARRO · Last updated · 7 May 2026