Back to GAISSA

Privacy

Privacy and data protection.

This notice explains how GAISSA handles personal data when you use the public website or submit the request-access form, including the information required by the EU General Data Protection Regulation (GDPR).

Last updated: July 17, 2026

Controller

GAISSA

For the website processing described here.

Privacy contact

contact@gaissa.ai

Questions and rights requests.

01 · Responsibility

Controller and scope

GAISSA is the controller for the personal data described in this notice. Questions about this notice and requests to exercise your rights can be sent to contact@gaissa.ai.

This notice covers the public GAISSA website and the request-access form. External websites linked from GAISSA have their own privacy practices. If authenticated product access is made available, account-specific processing may also be covered by additional terms presented with that service.

02 · Processing

Data, purpose and legal basis

Information you provide

The request-access form collects your name, work email, and company or organization. You may also provide an optimization goal and a description of the workload or constraints.

How the information is used

GAISSA uses the submitted information to respond to your request, understand potential product or pilot fit, and manage the follow-up conversation you initiated.

Why this processing is lawful

We process a request where necessary to take steps you ask us to take before a possible pilot, product, business, or research relationship (GDPR Article 6(1)(b)). For general professional enquiries, we rely on our legitimate interest in answering and managing a message you choose to send (Article 6(1)(f)).

Your name, work email, and organization are required so that we can identify and answer the request. The goal and message fields are optional. There is no statutory requirement to provide this information, but without the required fields we cannot handle the request through the form.

Website operation and security

When the website is requested, hosting and security infrastructure may process technical information such as an IP address, the requested page, date and time, browser or device details, and security events. This is used to deliver, protect, and troubleshoot the website based on our legitimate interest in operating a secure and reliable service (Article 6(1)(f)). It is not used for behavioural advertising.

Please do not include passwords, API keys, sensitive personal data, or personal data about another person in the optional message field.

03 · Service providers

Recipients and international transfers

How the form is delivered

Form submissions are transmitted through Resend, our email delivery provider, to the GAISSA contact inbox. Submitting the form does not automatically create a product account.

Access is limited to GAISSA team members who need the information and providers supporting website hosting, security, email delivery, and the receiving mailbox. We may also disclose information where law requires it. We do not sell submissions or share them for third-party advertising.

Resend is operated by Plus Five Five, Inc. in the United States, so delivery may involve processing outside the European Economic Area. Resend describes participation in the EU-U.S. Data Privacy Framework and Standard Contractual Clauses for relevant transfers in its Data Processing Addendum. You may contact us to ask about the safeguards applicable to your information.

04 · Storage

Retention and security

Retention and your choices

Information is retained for as long as needed to manage the conversation and relevant operational obligations. You can ask to access, correct, or delete information submitted through the form by contacting GAISSA.

The retention period is determined by whether the enquiry remains active, whether follow-up can reasonably be expected, and whether a limited record is needed to comply with law or to establish, exercise, or defend a legal claim. When those reasons end, the information is deleted or anonymized in line with the systems that hold it. Technical security records are kept only for the operational and security periods configured for the relevant service.

We use access controls and providers intended to protect information against unauthorized access, alteration, loss, or disclosure. No internet transmission or storage system can be guaranteed to be completely secure.

05 · Control

Your data-protection rights

Depending on the processing and the GDPR conditions, you may:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete information.
  • Ask for erasure or restriction where the GDPR conditions are met.
  • Object to processing based on legitimate interests.
  • Receive portable data where processing is automated and based on contract or consent.

Send a request to contact@gaissa.ai. We may need enough information to verify your identity and understand the request. Rights are normally free of charge, and we respond within the period required by the GDPR.

You also have the right to lodge a complaint with the supervisory authority where you live, work, or believe an infringement occurred. In Spain, you can contact the Spanish Data Protection Agency (AEPD).

Contact

Questions about this notice or information submitted through the form can be sent to:

contact@gaissa.ai