Home

Privacy Policy

Last updated: February 2025

1. Data Controller

The data controller for the processing of personal data is Visera P.S.A., registered in Poland, with its office at Grunwaldzka Ave. 472 (Olivia Gate A), 80-309 Gdańsk, Poland ("Controller").

Contact: office@visera.digital

2. Scope

This Privacy Policy applies to the processing of personal data in connection with the Obsigen AI platform and the obsigen.com website. It describes what data we collect, why, how we process it, and what rights you have under the General Data Protection Regulation (GDPR).

3. Data We Collect

We may collect and process the following categories of personal data:

  • Account data — name, email address, company name, job title
  • Contact form data — name, email, phone number, message content
  • Usage data — IP address, browser type, pages visited, session duration
  • Conversation data — prompts and queries submitted to the AI agent (processed transiently)
  • Billing data — invoicing details as required by law (no credit card numbers stored directly)

4. Legal Basis for Processing

We process personal data on the following legal bases under GDPR:

  • Art. 6(1)(b) — performance of a contract or pre-contractual measures
  • Art. 6(1)(f) — legitimate interests (analytics, security, service improvement)
  • Art. 6(1)(a) — consent (marketing communications, optional cookies)
  • Art. 6(1)(c) — legal obligation (tax, accounting, regulatory requirements)

5. Purpose of Processing

Personal data is processed for the following purposes:

  • Providing and maintaining the Obsigen AI service
  • Responding to inquiries and support requests
  • Account management and billing
  • Service analytics and performance monitoring
  • Security incident detection and prevention
  • Compliance with legal obligations

6. Data Retention

We retain personal data only as long as necessary for the purposes described above or as required by law. Specifically:

  • Account data — retained for the duration of the contract + 30 days after termination
  • Conversation data — processed transiently; not stored beyond the session unless explicitly saved by the user
  • Contact form data — retained for up to 12 months
  • Billing data — retained for the legally required period (typically 5–10 years)

7. Data Transfers

Obsigen AI follows an EEA-first architecture. All persistent data storage is within the European Economic Area. Transient inference requests may be routed to AI model providers; however, no personally identifiable information, passwords, or authentication tokens are included in inference payloads.

Where data transfers outside the EEA are necessary, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

8. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption at rest (AES-256) and in transit (TLS 1.3)
  • Role-based access control and least-privilege policies
  • Regular security assessments and penetration testing
  • Audit logging and anomaly detection

9. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Access — request a copy of the data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Restriction — request limited processing of your data
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent, you may withdraw at any time

To exercise any of these rights, contact us at office@visera.digital. We will respond within 30 days.

10. Cookies

Our website uses essential cookies required for the operation of the Service. Analytics and optional cookies are only used with your consent. You can manage cookie preferences through your browser settings.

11. Third-Party Services

We may use third-party service providers for hosting, analytics, and communication. All third-party processors are bound by data processing agreements and comply with GDPR requirements.

12. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be published on this page with an updated "Last updated" date. Material changes will be communicated to registered users via email.

14. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. The relevant authority for Visera P.S.A. is the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland.

15. Contact

For privacy-related inquiries:

Visera P.S.A.
Grunwaldzka Ave. 472 (Olivia Gate A)
80-309 Gdańsk, Poland
office@visera.digital