Privacy policy

This Privacy Policy explains how Dalta (“we”, “us”) collects and processes personal data on dalta.ai (the “Site”) and within the Dalta platform (the “Service”).

Who we are (Controller)

• Dalta, 21 rue Visconti, 75006 Paris, France

• Email: contact@dalta.ai (or thomas@dalta.ai)

• We act as controller for website/ops data. For Customer Data inside workspaces, we act as processor.

—

What we collect

Website (Site):

• Identifiers & usage: IP, device/browser, pages viewed, timestamps (via consented analytics/cookies).

• Contact data: name, email, company, messages (when you contact us or book a demo).

• Scheduling: information you submit via Calendly (meeting details).

Service (Product):

• Account/workspace: name, email, role, SSO identifiers (Google).

• Customer Data: documents you upload, variables, prompts/config, and Outputs the Service generates.

• Logs/telemetry: run IDs, timestamps, error/debug logs, event metadata (no model training on private data).

Why we process it (legal bases – GDPR)

• Provide the Service / fulfill a contract: account setup, authentication (Google SSO), runs/exports, support.

• Legitimate interests: security, fraud/abuse prevention, product improvement using aggregated/anonymous telemetry, contacting work emails about your active requests.

• Consent: optional analytics/marketing cookies; newsletters.

• Legal obligations: tax, accounting, regulatory requests.

—

Sources & data residency

• Public sources by default for facts (filings/registries, official company docs, reputable press). Our M&A-tuned deep search typically scans ~80–100× more distinct sites per query than a standard ChatGPT “deep research,” with de-duplication and timestamps.

• Private documents (optional): you may add PDFs, spreadsheets, or Word files to your workspace and run on private-only data or mix with public sources.

• Storage location: primary storage in the EU.

—

Security

• Encryption in transit and at rest.

• Access controls, audit logs, least-privilege practices.

• We never train our models on your private Customer Data.

—

Subprocessors & transfers

• We use vetted providers to host and operate the Service (e.g., AWS, OpenAI, Anthropic, Gemini for LLMs in EU regions where available; Framer for the public Site; Stripe for payments; Calendly for scheduling; email/analytics tools).

• If data leaves the EEA, we rely on SCCs or equivalent safeguards. Primary storage remains in the EU.

—

Retention

• Runs/logs: 30 days by default.

• Backups: deleted on a rolling schedule after retention.

• Account/contract data: kept for the term of the agreement and then as required by law (e.g., accounting). You can export Customer Data during the subscription and for a limited period after termination (see ToS).

—

Cookies

We use strictly necessary cookies and, with your consent, analytics (and any other non-essential) cookies.

—

Your rights (EU/UK GDPR)

You can access, rectify, erase, or port your personal data, and request restriction or object to certain processing (including direct marketing). Contact: contact@dalta.ai ; You can lodge a complaint with the CNIL (France) or your local authority.

—

Sharing

We do not sell personal data. We share data only with: subprocessors (see §6) under contract ; Authorities when required by law ; Professional advisors (legal/accounting) under confidentiality.

—

Data Processing Addendum (DPA)

For Customer Data in the Service, our DPA applies and is incorporated by reference. A signed DPA is available on request.

—

Changes

We may update this Policy. We will post the new date above and, for material changes, notify you by email or in-app.

—

Contact

• Questions or requests: contact@dalta.ai

• Security reports: contact@dalta.ai (or thomas@dalta.ai)

—

Controller: Dalta, 21 rue Visconti, 75006 Paris, France

Governing law: France.