Legal

Privacy Policy.

Effective: May 9, 2026 Last updated: May 9, 2026 Controller: Alsyst SAS

Short version: We collect your name, email and project info when you sign up. We use it to build your dashboard and notify you when Alsyst opens. We don't sell your data, we don't use it for advertising, and you can delete everything anytime by emailing privacy@alsyst.com.

1. Who we are

Alsyst SAS ("Alsyst", "we", "our", "us") is a company incorporated under French law, operating the Alsyst platform — an AI-powered control center for founders. Our registered address and data controller contact is hello@alsyst.com.

This privacy policy applies to all personal data we collect through our website at alsyst.com, our pre-launch platform, onboarding flow, and related services.

2. What data we collect

2.1 Data you give us

Identity data: your first name
Contact data: your email address (when provided)
Project data: your company or project name, stage, sector priorities, and the blockers you describe in the onboarding chat
Communications: anything you type to the AI agent on the landing page or in the dashboard

2.2 Data we collect automatically

Usage data: pages visited, features interacted with, session duration
Device data: browser type, operating system, screen resolution
Local storage: we store your onboarding answers and preferences locally in your browser (not on our servers at the pre-launch stage)

2.3 Data we do NOT collect

We do not collect payment information, government identifiers, or sensitive personal data (health, religion, political views, etc.).

3. How we use your data

To set up and personalise your dashboard preview
To manage your waitlist position and notify you when Alsyst opens
To send you product updates and the acceptance email (you can unsubscribe anytime)
To improve the product and AI agent quality
To comply with our legal obligations

Legal basis (GDPR): Contract performance (onboarding and dashboard), legitimate interest (product improvement), and consent (marketing communications). We do not rely on consent for essential service communications.

4. Cookies and local storage

Our website uses:

Strictly necessary cookies: session identifiers needed to keep you logged in. These cannot be refused without breaking the service.
Functional local storage: we store your onboarding answers, theme preference, and dashboard state directly in your browser's localStorage. This is local only — it does not transmit data to our servers during the pre-launch phase.
Analytics cookies (optional): if you consent, we use privacy-preserving analytics (no cross-site tracking, no fingerprinting, IP anonymised) to understand which features are useful.

You can manage your cookie preferences through the banner shown on first visit, or by clearing your browser's local storage. See your browser settings for full control.

5. Who we share data with

We do not sell your personal data. We may share it with:

Infrastructure providers (cloud hosting) acting as data processors under a data processing agreement
Email service providers used solely to send you the communications you opted into
Legal authorities when required by law

All processors are required to maintain appropriate security measures and may not use your data for their own purposes.

6. International transfers

If any of our service providers are based outside the European Economic Area (EEA), we ensure appropriate safeguards are in place — such as Standard Contractual Clauses (SCCs) approved by the European Commission — before transferring your data.

7. Data retention

We retain your personal data for as long as your account is active or as needed to provide services. If you don't receive access and don't engage with us, we delete waitlist data after 24 months. You can request immediate deletion at any time (see section 8).

8. Your rights (GDPR)

If you are in the EEA or UK, you have the following rights:

Access: request a copy of all personal data we hold about you
Rectification: correct inaccurate data
Erasure ("right to be forgotten"): request deletion of your data
Restriction: ask us to stop processing your data in certain circumstances
Portability: receive your data in a machine-readable format
Objection: object to processing based on legitimate interests
Withdraw consent: unsubscribe from marketing at any time

To exercise any of these rights, email privacy@alsyst.com. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority (in France: CNIL).

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, or destruction. During the pre-launch phase, most of your data is stored locally in your browser — on your device, not our servers.

10. Children

Alsyst is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to this policy

We may update this privacy policy from time to time. When we do, we will update the "Last updated" date above and, if changes are material, notify you by email. Continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact us

Alsyst SAS — Data Controller

Email: privacy@alsyst.com

General enquiries: hello@alsyst.com

For GDPR requests, please include "Data Request" in the subject line. We aim to respond within 30 days.