Skip to content
Privacy

Privacy Policy

IAnalista Pro is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights under applicable privacy law.

Last updated: May 25, 2026Effective: May 25, 2026

1. Overview

This Privacy Policy applies to all users of IAnalista Pro (“we”, “us”, or “our”) — the AI-powered analyst platform available at ianalista.pro and associated applications. We process personal data in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Brazilian General Data Protection Law (LGPD), and other applicable privacy regulations.

2. Data We Collect

We collect the following categories of personal data:

Account & Identity Data

  • Full name and email address (required for registration)
  • Phone number (if using SMS authentication)
  • Profile picture (from Google OAuth, if applicable)
  • Password hash (never stored in plain text)

Usage & Analytics Data

  • Pages visited, features used, and session duration
  • Browser type, operating system, and IP address
  • Device identifiers and timezone
  • Click patterns and interaction metrics (aggregated)

Content Data

  • Analyst workspace names, configurations, and entities
  • Documents and files you upload for AI analysis
  • Chat messages sent to AI analysts
  • Reports, dashboards, and data records you create

Payment Data

  • Billing address and invoice history
  • Payment method tokens (we do not store raw card numbers — these are handled by our PCI DSS-compliant payment processor)

3. How We Use Your Data

We use your data for the following purposes and legal bases:

  • Provide the Service (Contract): Authenticate your account, host your workspaces, process AI requests, and deliver features you use.
  • Safety & Security (Legitimate Interest): Detect fraud, abuse, and policy violations; protect our systems and other users.
  • Improve the Platform (Legitimate Interest): Analyze aggregated usage patterns to identify bugs and prioritize features. We do not use individual user data for model training without explicit consent.
  • Communications (Consent / Contract): Send transactional emails (account verification, password reset, invoices) and, where you have opted in, product updates and newsletters.
  • Legal Compliance (Legal Obligation): Maintain records required by tax, financial, and law-enforcement regulations.

4. Data Sharing

We do not sell your personal data. We share data only as follows:

  • Service Providers: Hosting (AWS/Vercel), database (PlanetScale/Supabase), authentication (NextAuth), email delivery (Resend/Postmark), SMS (Twilio), payments (Stripe), and analytics — each under data processing agreements.
  • AI Providers: Chat messages and document content are processed by GipyAI for inference under a data processing agreement. Your data is not used to train AI models.
  • Legal Requirements: We may disclose data when required by law, subpoena, or to protect the rights and safety of IAnalista Pro and its users.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred — you will be notified in advance.

5. AI Processing

IAnalista Pro uses GipyAI to power its AI analyst features. When you interact with an AI analyst:

  • Your messages and any uploaded document content are transmitted to GipyAI's servers for processing.
  • We use zero-data-retention API endpoints where available, meaning GipyAI does not store inputs/outputs beyond the immediate inference request.
  • Do not submit sensitive personal data (health, financial, government ID) unless necessary for your business analysis and you have appropriate legal basis to do so.
  • AI conversation logs are stored in our database for 90 days to support history, debugging, and user experience, then automatically deleted.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specific retention periods:

  • Account data: Retained until you delete your account, then purged within 30 days.
  • AI chat logs: 90 days, then automatically deleted.
  • Uploaded documents: Deleted when you remove them or delete your analyst; retained max 12 months if not explicitly deleted.
  • Billing records: Retained for 7 years to comply with tax and accounting obligations.
  • Security logs: 12 months for fraud and abuse investigation.

7. Security

We implement the following technical and organizational measures to protect your data:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Bcrypt password hashing with appropriate work factor
  • Role-based access controls and least-privilege principles
  • Regular security audits and dependency vulnerability scanning
  • Multi-factor authentication support for accounts
  • Intrusion detection, rate limiting, and DDoS mitigation

If we become aware of a data breach that affects your personal data, we will notify you within 72 hours as required by GDPR Article 33 / 34.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of your data (“right to be forgotten”), subject to legal retention requirements.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Restriction: Request restriction of processing in certain circumstances.
  • Withdrawal of Consent: Withdraw consent where processing is based on consent.
  • CCPA / CPRA (California): Right to know, delete, opt-out of sale (we do not sell data), and non-discrimination.
  • LGPD (Brazil): All rights equivalent to GDPR plus the right to information about public and private entities with which we have shared your data.

To exercise any of these rights, contact us at privacy@ianalista.pro. We will respond within 30 days.

9. Cookies

We use cookies and similar tracking technologies. For full details, see our Cookie Policy.

10. Children's Privacy

The Service is not directed to children under 16 years of age (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately at privacy@ianalista.pro and we will delete the information promptly.

11. International Transfers

IAnalista Pro operates globally. Your data may be transferred to and processed in countries outside your country of residence, including the United States, which may have different data protection laws.

For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) adopted by the European Commission. For transfers from Brazil, we comply with LGPD Chapter V requirements.

12. Changes to Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or prominent in-app notice at least 30 days before taking effect. The “Last Updated” date at the top reflects the most recent revision.

13. Contact & DPO

For privacy inquiries, data subject requests, or concerns about our data practices, contact our Data Protection Officer:

If you are in the EEA and are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority.