1) Service scope

OSINTA.AI is a SaaS platform that aggregates signals from open sources and user-connected sources to increase visibility into your digital assets.

This notice explains the personal data processed in the course of providing the service, processing purposes, transfer and retention principles, and your rights under GDPR and applicable data protection laws.

2) Categories of personal data processed

To provide and securely operate the service, the following categories may be processed:

• Identity information: name, surname (in account/contact context).
• Contact information: email, optional phone number.
• Account and transaction security: IP address, session/login-logout records, security logs; passwords are stored only in hashed form.
• Payment/subscription: transaction/subscription identifiers produced by your payment provider (card information is not stored by us).
• Usage data: platform transaction history, reports/outputs, and support requests (as applicable).

3) Processing purposes and legal basis

Your personal data may be processed for the following purposes under GDPR Art.6 and applicable data protection laws:

• Contract formation and performance: account creation, authentication, service delivery, reporting, and support.
• Legal obligation compliance: statutory record-keeping/reporting obligations and billing processes.
• Legitimate interest: service security, abuse prevention, performance/quality improvements, and product reliability.
• Explicit consent (where applicable): product updates, marketing communications, and optional communications.

4) Data transfers (domestic / international)

Data may be shared with service providers necessary for service delivery, such as cloud hosting, email/communications, error tracking, analytics (if applicable), and payment infrastructure.

If a lawful request is received from authorized public authorities, sharing may occur within the scope of legal obligations.

If transfer outside the EEA is required, appropriate safeguards (e.g., Standard Contractual Clauses) are applied and transfer scope is kept to a minimum.

5) Retention periods

Personal data is retained for as long as necessary for the processing purpose and within the limits of retention periods prescribed by applicable law.

Retention periods may vary based on account status, contractual relationship, legal retention obligations, and technical/operational requirements.

6) Your rights and requests

Under GDPR Art.15-22 and applicable data protection laws, you have rights including access, rectification, erasure, restriction of processing, objection, and (where applicable) data portability.

You may submit requests via email. Identity verification may be required.

7) Updates

This notice may be updated from time to time. Significant changes will be communicated through reasonable means.