Back to home
Privacy

Privacy Policy

Last updated 25 June 2026

This policy explains what personal data AiSight processes when you build surveys, when people respond to them, and when you use the platform — and the choices you have over that data.

Working draft. This document is a starting point and has not been reviewed by a lawyer. Have it checked by qualified legal counsel — and add your registered company details and a data-protection contact — before relying on it for compliance.

Who we are

AiSight (“AiSight”, “we”, “us”) operates a survey platform that lets you build surveys, collect responses as live data, and analyse the results. For data you collect through your own surveys, you are the data controller and AiSight acts as your processor. For your account and billing data, AiSight is the controller.

Data we process

Account data

When you register, we process your name, email address, and authentication credentials. Sign-in and account storage are handled by Supabase, our authentication and database provider.

Survey content

The surveys, questions, logic, branding, and distribution links you create are stored so we can run the service.

Respondent data

When someone answers one of your surveys, we process their responses on your behalf. Depending on how you configure a survey, this may also include:

  • a respondent email address, where your survey collects one and is not anonymous;
  • the respondent’s IP address, used for security and to derive an approximate location;
  • an approximate location (country and city) derived from the IP address using the offline MaxMind GeoLite2 database — never a precise location;
  • a per-device marker stored in the respondent’s browser (localStorage) when you enable “one response per device”, so the same browser is not counted twice.

If you run a survey as anonymous, we do not attach respondent email or identity to the responses.

Technical data

We use strictly necessary authentication cookies and browser localStorage to keep you signed in and to remember interface preferences. See our Cookie Policy for details.

How we use data

  • to provide, secure, and operate the platform;
  • to run the surveys you build and present the analysis of their responses;
  • to manage your account, support requests, and (if applicable) billing;
  • to detect, prevent, and investigate abuse or fraud.

Legal bases (GDPR)

Where the GDPR applies, we rely on: performance of a contract (operating your account and the service), our legitimate interests (securing the platform and preventing abuse), consent where you give it, and legal obligation where the law requires it. As a respondent, the legal basis for processing your answers is determined by the survey owner (the controller).

Service providers (sub-processors)

  • Supabase — authentication, database, and file storage.
  • Stripe — payment processing. Billing is currently inactive; when enabled, card data is handled by Stripe and never stored on our servers.
  • MaxMind GeoLite2 — an offline database used to derive an approximate country/city from an IP address. No respondent data is sent to MaxMind.

Data retention

We keep account and survey data for as long as your account is active. Survey responses are retained until you delete them or close your account. When you delete data or close your account, we remove it from active systems within a reasonable period, subject to backups and any legal retention requirements.

International transfers

Our providers may process data outside your country. Where data leaves the European Economic Area, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

Your rights

Subject to applicable law, you may have the right to access, correct, delete, export, or restrict the processing of your personal data, and to object to certain processing. You can also lodge a complaint with your local data protection authority. If you are a survey respondent, contact the survey owner first; if you cannot reach them, contact us and we will help route your request.

To exercise a right, email office@aisight.ro.

Security

We use encryption in transit, scoped access controls, and reputable infrastructure providers. No system is perfectly secure, but we work to protect data against unauthorised access, loss, and misuse.

Children

The platform is not directed at children, and you should not collect data from children through it without a valid legal basis and any required parental consent.

Changes

We may update this policy. Material changes will be reflected by the “last updated” date above, and where appropriate we will notify you.

Contact

Questions about privacy? Email office@aisight.ro.