Skip to main content
Compliance

Privacy Policy - AISA

Notice on the processing of personal data relating to the AISA website and service.

Version: 1.4
Date: 16/06/2026

1. Data controller

Traction Group S.r.l.
P. IVA 16409061005 - REA RM 1655464
Registered office: Via Val Di Lanzo, 113 - 00141 Roma (RM), Italia
Operating office: Viale Angelico, 86 - 00195 Roma (RM), Italia
PEC: [email protected]
Contact: [email protected]

2. What data we process

Depending on the use of the website and the Service, we may process:

A) Data provided by the user (lead/contact/registration)

  • first and last name, email, phone
  • company and website (if entered)
  • the content of requests submitted via forms or onboarding

B) Technical data

  • IP, user-agent, logs, timestamp, technical identifiers (e.g. request_id)
  • browsing data necessary for operation and security

C) Data related to the "Try it on your site" feature

  • URL/domain entered
  • public content extracted from the analyzed pages (e.g. homepage)
  • an optional "above the fold" screenshot (if enabled)

D) Data in the context of the Service (B2B customers)

  • data relating to the assistant's conversations and configurations
  • data entered in chat by the Customer's end users (depends on the Customer)
  • the contents of conversations are processed by artificial intelligence models (LLMs) of third-party providers solely for the purpose of generating the assistant's responses (see sections 5 and 6)

Users are urged not to enter special category data within the meaning of Art. 9 GDPR in chat (e.g. health-related data) unless strictly necessary.

3. Why we process data (purposes) and legal bases

  1. Handling contact, follow-up contact, demo and onboarding requests (pre-contractual)
    We use the contact details provided (e.g. email, phone) to respond to the request and for any strictly relevant follow-ups (e.g. clarifications, sending of credentials, appointment).
    Contact channels: we may contact you via email, phone call, SMS or messaging apps (e.g. WhatsApp/Telegram) only if you have provided the relevant contact detail and the contact is relevant to the request.
    Legal basis: performance of pre-contractual measures/contract (Art. 6.1.b GDPR) and legitimate interest for operational management and security (Art. 6.1.f GDPR), where applicable.
  2. Creating and managing the account, providing the Service and offering assistance
    Basis: contract (Art. 6.1.b GDPR)
  3. Carrying out analysis of the site indicated by the user (URL-based onboarding)
    Basis: pre-contractual measures/contract (Art. 6.1.b GDPR)
    Note: the analysis concerns public content and takes place at the user's request.
  4. Automatic creation of the first assistant during onboarding
    To offer immediate activation, at the time of registration we use the data provided (e.g. name, email, company, phone, website), including data originating from advertising campaigns, to automatically generate an initial configuration of the assistant, through artificial intelligence providers and automation tools (see sections 5 and 6).
    Legal basis: performance of the contract/pre-contractual measures (Art. 6.1.b GDPR).
  5. Promotional communications and marketing (optional)
    We may send promotional communications via email or messaging only in the cases permitted by applicable law. For prospects and non-customer users, the sending of newsletters or promotional communications normally takes place on the basis of consent. For customers, we may send communications relating to products or services similar to those purchased or requested, within the limits of so-called "soft spam", with the possibility of objecting at any time. Promotional communications via messaging channels such as WhatsApp or Telegram are carried out only where an appropriate legal basis exists, normally the data subject's specific consent.
    Legal basis: consent (Art. 6.1.a GDPR) and/or legitimate interest in the cases permitted (Art. 6.1.f GDPR).
    Opt-out: you can object or withdraw consent at any time by writing to [email protected] or by using the unsubscribe links contained in the communications.
  6. Security, abuse prevention and reliability improvement
    Basis: legitimate interest (Art. 6.1.f GDPR)
  7. Administrative/accounting obligations (paying customers)
    Basis: legal obligation (Art. 6.1.c GDPR)

4. Provision of data

The provision of the data requested in the contact, registration, onboarding, demo request or assistant configuration forms is necessary to respond to the request, create the account, generate the first assistant or provide the Service.

Failure to provide the necessary data may prevent Traction Group from fulfilling the request, activating the Service or providing assistance. Optional data may be left out without compromising essential functionality, unless it is necessary for specific configurations requested by the user or the Customer.

5. Privacy roles (important for customers)

For data relating to the site, leads, account and billing on aisalesassistant.it, Traction Group acts as Data controller.

For the data of end users who interact with the Customer's assistant, as a rule:

  • the Customer acts as Data controller, as it determines the purposes and means of the processing;
  • Traction Group acts as Data processor in order to provide AISA according to the Customer's instructions and configurations.

6. Automated decisions and profiling

The Service may automatically process the user's messages to generate responses, suggestions, qualifications or routing consistent with the configuration chosen by the Customer.

Unless otherwise configured by the Customer, AISA does not make decisions based solely on automated processing that produce legal effects on the data subject or similarly significantly affect them within the meaning of Art. 22 GDPR. Any qualification, scoring or routing logic configured by the Customer is carried out according to the Customer's instructions, who remains the Data controller in relation to its own end users.

7. Voluntary nature of the chat session

Interaction with the AISA assistant occurs only when the user voluntarily decides to open or use the chat. Through the chat, AISA does not carry out continuous monitoring of end users, does not track the user outside the conversational session and does not perform cross-site tracking activities. The processing concerns the data voluntarily provided by the user during the conversation and the technical metadata necessary for the operation, security and provision of the service.

The use of measurement and marketing cookies and pixels on the site (distinct from the chat) is governed by the Cookie Policy and occurs only with prior consent.

8. Recipients and providers

The data is hosted and processed within our infrastructure (servers in the European Union) and may be disclosed to the following third-party providers, who act as data processors, subprocessors or independent controllers depending on the case, to the extent necessary for the provision of the Service:

  • OpenAI (USA) - processing of conversation contents through artificial intelligence models to generate the assistant's responses;
  • Google (USA) - artificial intelligence models (Gemini API) and spreadsheets (Google Sheets, on a transitional basis) used for the automatic creation of the first assistant during onboarding;
  • Stripe (USA) - payment and billing management;
  • Meta (USA) - advertising campaigns and lead acquisition; the WhatsApp messaging channel (and any future Messenger/Instagram channels) is activated only at the Customer's request;
  • Zapier (USA) - automation and integration of the lead acquisition flows coming from campaigns;
  • Infobip (EU) and MailerSend - sending of emails and messages (e.g. notifications and communications) to our customers;
  • Cloud.it (EU, Italy) - hosting of the infrastructure and data storage.

Any future messaging channels (e.g. Telegram, Slack, Microsoft Teams), if activated, will be handled with the same safeguards and added to this list.

Authorized Traction Group personnel, bound by confidentiality, may also access the data: for the data of which Traction Group is Controller (site, leads, account, billing) for commercial and support purposes; for end users' data, of which the Customer is Controller, solely for support purposes and on the Customer's instructions.

Self-hosted software components within our infrastructure (e.g. authentication, search engine, database, internal automations) do not constitute third-party providers. The updated and versioned list of subprocessors is available on the Subprocessors page.

9. Transfers outside the EU

The data is stored on servers located in the European Union (Italy). Some providers may process data outside the European Economic Area, in particular in the United States (OpenAI, Google, Stripe, Meta and Zapier). In such cases, Traction Group adopts appropriate safeguards pursuant to Chapter V GDPR, such as adequacy decisions, Standard Contractual Clauses (SCC), the EU-US Data Privacy Framework where applicable and supplementary measures where necessary.

The data subject or the Customer may request further information or a copy of the applicable safeguards by writing to [email protected].

The artificial intelligence providers that process conversation contents and onboarding data do not use them to train their own models. Such data may be retained for a limited period solely for security and abuse-prevention purposes, in accordance with the provider's terms (by way of example, up to 30 days for OpenAI), and subsequently deleted unless legal obligations apply.

10. Retention

We retain data for as long as necessary for the stated purposes. As a guideline:

  • Lead/contact data: up to 24 months from the last contact or until a deletion request (subject to legal obligations).
  • Account data: for the duration of the account + up to 12 months for administrative/security needs (subject to legal obligations).
  • Technical/anti-fraud logs: up to 12 months (subject to security/investigation needs).
  • "Try it on your site" data (extracts/screenshots): up to 6 months or until the assistant is created, subject to technical needs.
  • Onboarding data (e.g. originating from campaigns, passing through spreadsheets and automation tools): retained on a transitional basis, only for the time necessary for the automatic creation of the first assistant and in any case deleted or anonymized within 30 days of the completion of onboarding, subject to legal obligations or documented needs of security, assistance or abuse prevention.
  • Conversation data with the assistants (end users): processed on behalf of the Customer and retained according to its instructions and the relevant data processing agreement (DPA); in the absence of different instructions, for the time necessary to provide the Service and then deleted or anonymized.

11. Data subject rights

You can exercise the rights provided by the GDPR (access, rectification, erasure, restriction, objection, portability, where applicable) by writing to [email protected] or via PEC. You also have the right to lodge a complaint with the Garante per la Protezione dei Dati Personali.

End users who interact with a Customer's assistant must direct requests relating to their data directly to the Customer, who is its Controller; Traction Group, as Data processor, assists the Customer in handling such requests.

12. Minors

The Service is not intended for minors.

13. Updates

We may update this notice by publishing a new version on the website with a last-updated date. If the changes materially affect the processing, we will take reasonable measures to make them evident.

Want to see it on your site?

Start free: connect your sources and index up to 100 indexable contents (some can be products), with 100 conversations per month.

https://

By entering the domain, you authorize AISA to analyze publicly accessible content of the indicated site to generate an initial assistant configuration. Do not enter URLs containing restricted areas or data not intended for publication.

No credit card · Live on the web in 10 minutes · WhatsApp as an add-on