Privacy

Privacy notice.

How we collect, use, and protect personal data, in language that is meant to be readable. We are subject to GDPR and the laws of France.

Last updated: May 2026

This Privacy Notice describes how Nastia Research (together, "Nastia", "we", "us") collect, use, and protect personal data in connection with our research website at nastia.com and our consumer product. We are a French company subject to the European Union General Data Protection Regulation (GDPR).

Data controller

The data controller for personal data processed in connection with the corporate website at nastia.com is Nastia Research, registered in France. The data controller for the consumer product at nastia.ai is Nastia Research, also registered in France. Both can be reached at [email protected].

What we collect

Depending on how you interact with Nastia, we may process the following categories of personal data:

  • Account information
    Email address, display name, locale, account preferences.
  • Usage data
    Aggregated, anonymised information about how the service is used: feature interaction, error events, performance metrics.
  • Communication content
    Messages, voice recordings, and generated images created during conversations with the consumer product. Stored encrypted at rest and used to provide continuity for the user.
  • Payment information
    Processed by our payment processor Stripe. We do not store full card details on our infrastructure.
  • Communications with us
    Email correspondence and support requests sent to addresses such as [email protected] or [email protected].

How we use it

We use personal data to:

  • Provide, maintain, and improve the service
  • Communicate with users about their account and changes to the service
  • Detect, prevent, and respond to abuse, fraud, and safety incidents
  • Comply with legal obligations

Lawful bases (GDPR Article 6)

We process personal data on the following lawful bases:

  • Performance of a contract
    To provide the service users have signed up for.
  • Legitimate interests
    To secure the platform, prevent abuse, and improve the product. We balance our interests against user rights and freedoms.
  • Consent
    For optional features, marketing communications, and non-essential cookies. Consent can be withdrawn at any time.
  • Legal obligation
    When we are required by applicable law to retain or disclose data.

Your rights

If you are in the European Union, the United Kingdom, Switzerland, or another jurisdiction with similar data protection laws, you have the right to access, rectify, port, restrict, and erase your personal data, as well as to object to certain processing activities. To exercise any of these rights, please write to [email protected]. We respond within one month and will not charge for reasonable requests. You also have the right to lodge a complaint with your local data protection authority; in France this is the CNIL.

Retention

We retain personal data for as long as necessary to provide the service, comply with legal obligations, resolve disputes, and enforce our agreements. Account data is deleted within 30 days of account deletion, except where retention is required by law (for example, for tax or accounting purposes).

International transfers

Personal data may be processed outside the European Economic Area by some of our sub-processors. Where this is the case, we rely on the European Commission's Standard Contractual Clauses or another lawful transfer mechanism to ensure an adequate level of protection.

Sub-processors

We share personal data with a small number of carefully selected sub-processors who help us deliver the service. The current list is available on the Security page and can be requested in full at [email protected].

Cookies

The corporate website at nastia.com uses only essential cookies necessary for the site to function. The consumer product at nastia.ai uses additional cookies for authentication, analytics, and abuse prevention; users are presented with a cookie banner allowing granular consent.

Children

Nastia is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we learn that we have collected such data, we delete it promptly.

Changes

We may update this Privacy Notice from time to time. The "Last updated" date at the top reflects the most recent change. For material changes, we will notify users through the service or by email where appropriate.

Contact

Questions about this Privacy Notice or your personal data: [email protected].