Back to home

Privacy policy

How we handle personal data at +Nodos. Aligned with Chile's Law 19.628 (in force) and Law 21.719 (effective December 2026).

Last updated: 01-06-2026

This policy describes what personal data we process, for what purpose, for how long, and how you can exercise your rights. It applies to the masnodos.cl website and to the +Nodos service operated for events contracted by our B2B clients.

Note on legal language: the binding version of this policy under Chilean law is the Spanish edition at /privacidad/. This English version is provided for convenience.

1. Data controller

The party responsible for processing your personal data is:

  • Legal name: Ampliando Círculos®
  • Trading name: Ampliando Círculos® / +Nodos
  • Data protection contact: hola@ampliandocirculos.cl

The controller’s tax ID (RUT) and address are provided within the service contract and are not published in this policy.

When an event is operated by one of our clients (event organizer), the client acts as controller and we act as processor over the attendees’ data, under a data processing agreement. The organizer’s own policy may apply additionally.

2. Personal data we process

We process the following categories:

Website (masnodos.cl):

  • Data you voluntarily submit through our contact or demo form: name, email, company, message.
  • Strictly functional cookies (language preference, session). We do not use marketing or behavioral advertising cookies.
  • We currently do not use third-party web analytics (GA4, Plausible, or others).

+Nodos service (during events):

  • Identification data: first name, last name, email, phone number (for WhatsApp).
  • Professional data: company, role, industry, seniority or background if the organizer requests it.
  • Affinity survey responses: interests, networking goals, declared preferences for matching. We do not request sensitive data (health, ethnic origin, sexual life, political views, religion, socioeconomic status). If the organizer adds custom questions, we contractually require that they do not collect sensitive categories either.
  • Service interaction data: matches sent, accepted, declined, timestamps.

WhatsApp conversations: conversations between attendees take place directly on WhatsApp, operated by Meta Platforms Inc. Once introductions are made, the content of those conversations is outside +Nodos and is governed by WhatsApp’s privacy policy.

B2B clients (organizers): commercial and billing data: name, role, company, email, phone, tax data for invoicing.

3. Purposes of processing

We process your data only for declared, specific purposes:

  1. Matching operation: cross-checking profiles of attendees of the same event to suggest affinity-based connections.
  2. Double opt-in management: notifying you of a proposed match and recording your acceptance or rejection.
  3. Contact introduction: once both parties accept, putting them in touch via WhatsApp.
  4. Aggregated reporting to the organizer: delivering event metrics (matches, top interests, group profile). The organizer receives aggregated data and, regarding attendees they themselves registered, the identifying data they already had.
  5. Commercial contact: responding to inquiries received through the demo form or by email.
  6. Legal compliance: invoicing, accounting, response to requirements from competent authorities.

We do not use your data for advertising profiling, sale to third parties, or to train AI models.

What you consent to when participating in +Nodos

When you complete your registration to an event operated with +Nodos, you expressly authorize us to:

  1. process your affinity survey responses (interests, networking goals, declared professional profile) to suggest connections with other attendees of the same event;
  2. notify you of proposed matches and record your acceptance or rejection;
  3. only when there is mutual consent, share your name and contact details with the other attendee so they can start a conversation.

This consent is specific to the matching service, separable from your event registration (you may attend without participating in matching) and may be withdrawn at any time without affecting your event attendance.

4. How matching works

Matching is the core of the +Nodos service. We want to be transparent about how it operates, because it involves cross-referencing data between attendees.

Variables we consider:

  • Your interests as declared in the affinity survey.
  • Your networking goals (what kind of person you want to meet).
  • Your declared professional profile — industry, role, seniority — only when the event organizer requests it and you provide it.

What we do not use:

  • We do not process sensitive data. We never ask about health, religion, sexual orientation, political views, ethnic origin, or socioeconomic status.
  • We do not infer characteristics beyond what you yourself declared. We do not analyze your social media, do not cross-reference your profile with external databases, do not profile your behavior.

How a match is finalized:

  • The system suggests possible affinity-based connections; it does not make decisions for you.
  • Each suggestion requires your explicit acceptance and that of the other participant (double opt-in).
  • Without mutual acceptance, contact details are not shared.

Why this is not an “automated decision with significant effects” (Art. 8 ter Law 21.719): no connection is finalized without your explicit human intervention. The algorithm prioritizes suggestions; you decide whether you are interested.

If you prefer not to participate in matching:

  • You may attend the event without participating in matching — request this from the organizer at registration or write to us at the address in section 1.
  • You may withdraw your participation at any time during or after the event, without justification.
  • Opting out of matching does not affect your access to the event or any other activity.

What the event organizer sees about you: the identifying data they themselves collected when registering you, plus aggregated event metrics with no possibility of re-identification. The organizer does not access your individual affinity responses or the detail of which matches you accepted or rejected.

Each purpose is supported by a specific legal basis:

  • Consent (Art. 4 Law 19.628 / Art. 12 Law 21.719): to participate in the matching and to share your contact with an accepted match. We request it explicitly at the time of registration.
  • Contractual performance: for the provision of the service to the organizer client.
  • Legitimate interest: to reply to a message you sent us via the contact form, and to keep aggregated and anonymized metrics that help us improve the service.
  • Legal obligation: for the retention of tax documents and response to legitimate requirements from authorities.

You may withdraw your consent at any time, without affecting the lawfulness of prior processing, by writing to the address in section 9.

6. Retention period

Data typeRetention
Attendee data used for matching (name, phone, company, interests)During the event and up to 30 days to resolve incidents
Aggregated / anonymized event metricsIndefinite retention, with no possibility of re-identification
B2B commercial contact dataWhile the commercial relationship is active + tax retention periods (6 years for accounting documents under the Tax Code)
Contact form submissions12 months, then deleted
Records of rights requests3 years from the response date, to demonstrate compliance to the authority

Once the period expires, data is deleted or irreversibly anonymized.

7. Disclosures to third parties and processors

To operate +Nodos we use technology providers acting as processors under contract with us:

  • Google Cloud / Firebase (Google LLC, USA) — hosting, database, authentication. International transfer covered by standard contractual clauses.
  • WhatsApp Business API (Meta Platforms Inc., USA) — message and match notification delivery.

We do not sell, rent, or transfer your data to third parties for those third parties’ own commercial purposes.

We may disclose personal data if legitimately required by a competent authority or if necessary to defend rights in court.

8. Your rights as data subject

Law 19.628 (in force) and Law 21.719 (effective December 2026) grant you the following rights over your data:

  • Access: know what data we hold about you and obtain a copy.
  • Rectification: correct inaccurate or outdated data.
  • Cancellation / erasure: have your data deleted when it is no longer needed for the declared purpose, when you have withdrawn consent, or when you legitimately request it.
  • Objection: object to processing on legitimate grounds related to your particular situation.
  • Portability: receive your data in a structured, commonly used format, or have it transmitted to another controller when technically feasible.
  • Blocking: temporarily suspend processing while a request or dispute is resolved.
  • Not to be subject to solely automated decisions with significant effects. +Nodos matching suggests contacts, but no connection is finalized without your explicit acceptance.

These rights are personal and non-transferable. Exercise is free of charge.

9. How to exercise your rights

Response time: we will respond within a maximum of 15 business days from receipt of your complete request, in line with the Law 21.719 standard. If the complexity of the case requires more time, we will inform you with justification.

If you feel we have not properly handled your request, you may file a complaint with the supervisory authority (see section 13).

10. Security measures

We apply reasonable technical and organizational measures to protect your data against loss, unauthorized access, or unlawful processing:

  • Encryption in transit (TLS) for all site and backend communications.
  • Encryption at rest in the product database.
  • Role-based access control: only authorized staff access identifiable data, and only when required by their role.
  • Audit logging of access to personal data.
  • Documented incident management and breach notification procedure. In the event of a security breach significantly affecting your rights, we will notify you without undue delay and, in any case, within 72 hours of becoming aware, in line with the Law 21.719 standard.

No system is 100% impregnable. If you spot a vulnerability, please write to the address in section 1 and we will treat it as a priority.

11. Cookies and similar technologies

The masnodos.cl site uses functional cookies only: selected language and, where applicable, session state. We do not use advertising, profiling, or third-party marketing cookies.

If we add web analytics in the future (e.g., Plausible or Google Analytics 4), we will update this section before activation, disclosing the provider, data collected, legal basis, and opt-out mechanism.

You can configure your browser to reject cookies; functional ones do not affect basic site operation.

12. Changes to this policy

This policy may be updated to reflect legal changes, new services, or operational adjustments. The version in force is always the one published at this URL, with the last-updated date shown at the top.

If we make substantive changes affecting your rights, we will notify you through the channels available to us (email, in-service notification) before the changes take effect.

13. Contact and supervisory authority

For data protection matters: hola@ampliandocirculos.cl

Supervisory authority: Once the Personal Data Protection Agency created by Law 21.719 is operational (from December 2026), you may file complaints with that entity if you believe the processing of your data does not comply with the law.

In the meantime, claims relating to violations of the current Law 19.628 may be heard by the competent Civil Courts of First Instance, under summary procedure.