Last Updated: March 26, 2025
At GigaSoft GmbH, we are committed to protecting your personal data and respecting your privacy. We specialize in blockchain and AI development, and build our products and services with privacy-by-design and privacy-by-default principles in mind. This Privacy Policy explains what information we collect, how we use and safeguard it, the legal bases for processing, and your rights. We adhere to the European Union's General Data Protection Regulation (GDPR) and other applicable data protection laws, ensuring transparency and accountability in all our data practices.
Types of Data Collected (Personal and Technical)
We collect different types of information, broadly categorized as personal data and technical data:
Personal Data: Information that identifies you as an individual or relates to an identifiable person. This may include your name, email address, telephone number, job title, company name, mailing address, account login credentials, and any other information you provide to us (for example, data you enter into forms, or content of messages you send via our chat interfaces). We do not intentionally collect sensitive personal data (such as racial or ethnic origin, political opinions, health information, etc.) unless it is necessary and you have explicitly provided it or consented.
Technical Data: Information automatically collected about your device and usage of our services. This includes data such as your IP address, browser type and version, device identifiers, operating system, referral URLs, time and date of site visits, and cookies or similar tracking technologies. Technical data also encompasses usage statistics about how you interact with our websites, applications, and chat interfaces (e.g. pages visited, features used, time spent). This information does not directly identify you by name, but may be linked to your device or a unique identifier.
Legal Basis for Processing Data
We only collect and process personal data when we have a valid legal basis under the GDPR. Depending on the context, our processing of your data relies on one of the following grounds:
Contractual Necessity: When processing is necessary to perform a contract with you or to take steps at your request before entering into a contract. For example, if you use our services or platform, we process your data to provide those services, support your account, and fulfill our contractual obligations.
Consent: We will ask for your consent to process your personal data for specific purposes when required. For instance, we seek consent before sending you marketing emails or when collecting data through non-essential cookies. You have the right to withdraw your consent at any time (see Your Rights Under GDPR below). We will only continue processing your data for that purpose if another legal basis applies.
Legitimate Interests: We may process your data when it is in our legitimate business interests to do so, and those interests are not overridden by your privacy rights. This can include improving and securing our products and services (e.g., analyzing usage to enhance user experience or using minimal analytics to troubleshoot issues), preventing fraud, safeguarding our IT infrastructure, or communicating with you as a business client. When relying on legitimate interests, we carefully consider and balance any potential impact on your rights.
Legal Obligation: In some cases, we need to process personal data to comply with a legal or regulatory obligation. For example, we may retain invoicing information for tax law compliance, or disclose data if required by a court order, applicable law, or governmental authority.
(Note: If another legal basis such as "vital interests" (protecting someone's life) or "public interest" were to apply, we would only process data on such basis in exceptional circumstances.)
How We Collect and Use Data
We collect personal data about you through various channels, and we use it for specific, limited purposes in line with privacy by design.
Data Collection Methods: We gather information in the following ways:
Directly from You: You may provide personal data directly to us when you interact with our websites, products, or services. For example, when you fill out online forms, create an account, sign up for newsletters, communicate with us via email or customer support, or enter information into an AI-driven chat interface, we collect the data you choose to give us.
Through Our Applications and Services: If you use our software applications, platforms, or blockchain/AI solutions, we may collect data as part of providing those services. This can include user input into our applications, transaction data on our platform, or files and content you choose to upload.
Automated Technologies: As you navigate or use our website or apps, we automatically collect technical data (described above) via cookies, server logs, and other similar technologies. For instance, our system may log your interactions or usage patterns to help us understand system performance and improve the user experience.
Third-Party Sources: In general, we collect data directly from you, but in some cases we might receive information about you from third parties. For example, if you log in to our service via a third-party authentication provider (like a single sign-on service), or if a business partner provides your details for a demo request, we will obtain data from those sources. Any third-party data will only be used in accordance with this Privacy Policy and applicable law.
Purposes of Use: We use the collected data to operate, maintain, and improve our services, always applying the principle of data minimization. Specifically, your information is used for:
Providing and Improving Services: We process data to deliver the services or products you have requested. This includes using data to create and manage user accounts, enable core features of our blockchain and AI applications, and personalize your experience. We also analyze usage data and feedback to understand how our services are used so we can improve functionality, performance, and user experience.
Communication: We use contact information (like your email or phone) to communicate with you regarding service updates, responses to inquiries or support requests, and administrative messages (such as confirming transactions or notifying you of changes to our terms or policies). If you subscribe to our newsletter or marketing updates, we will send you news about GigaSoft’s products or events, but only with your consent (and you can opt out at any time).
AI Chat Interactions: If you engage with our AI-powered chat interfaces or support chat, we use the information you provide to generate appropriate responses and assist you. Chat transcripts may be stored temporarily to ensure service quality, train or improve our AI models, and to address any issues, but we take care to anonymize or pseudonymize personal identifiers in these records whenever feasible.
Security and Fraud Prevention: We may use data (including technical logs and user account information) to monitor for and prevent fraudulent activities, cyber-attacks, and other malicious or illegal activities. This helps us keep our platforms secure for all users. For example, IP addresses may be used to detect suspicious login attempts, and usage patterns might help us identify and block bots or unauthorized access.
Compliance with Law and Enforcement: Where necessary, we process personal data to comply with legal obligations or respond to lawful requests from public authorities. For instance, we may need to verify your identity to meet Know-Your-Customer (KYC) requirements for certain blockchain-related services, or retain and provide certain information to law enforcement if required by law.
Research and Development: To innovate and refine our blockchain and AI technologies, we may use data in an aggregated or de-identified form. In line with privacy-by-design, any analytics or research involving personal data is performed using the minimal amount of identifiable information necessary, and wherever possible we use anonymized datasets. This research helps us develop new features while respecting your privacy.
We will not use your personal data for purposes that are incompatible with the ones listed above without asking for your permission. If we intend to process your data for a new purpose, we will provide you with information about that purpose and, if required, seek your consent.
Data Storage and Security
We take the security of your data seriously and implement a range of measures to protect it. Personal data collected by GigaSoft GmbH is stored on secure servers, typically located in the European Union. In all cases, we ensure that appropriate safeguards and security standards are in place, in accordance with GDPR requirements and industry best practices.
We employ physical, technical, and organizational controls to prevent unauthorized access, loss, or misuse of personal data. These security measures include:
Encryption: Personal data is encrypted both in transit (using SSL/TLS or similar protocols when you access our websites and services) and at rest (when stored in databases or backups). This means your information is scrambled to protect it from unauthorized viewing.
Access Control: We restrict access to personal data strictly to authorized personnel who need it to perform their job duties (for example, support or development team members). Our staff are bound by confidentiality obligations and trained in data protection.
Pseudonymization: Wherever feasible, we replace identifying information with artificial identifiers. For example, in our blockchain solutions we avoid storing plain personal data on any immutable ledger. Instead, we might store a cryptographic hash or reference that does not by itself reveal your identity, ensuring that data on the blockchain remains privacy-preserving by design.
Data Minimization and Anonymization: We limit the personal data we store to only what is necessary for the stated purposes. When full data is not required, we use anonymized or aggregated information. If personal data is no longer needed, we either securely delete it or anonymize it so that it can no longer be linked to an individual.
Network Security: We use firewalls, intrusion detection systems, and regular security monitoring to guard our IT systems. Our infrastructure is kept updated with security patches and undergoes periodic vulnerability assessments.
Regular Audits and Testing: We periodically review our security policies and practices. This includes conducting data protection impact assessments for new projects (especially those involving personal data, in line with privacy-by-design) and testing our systems for security weaknesses. In the unlikely event of a data breach, we have an incident response plan to promptly mitigate the issue and notify affected parties and regulators as required by law.
We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. For example, we may keep your account information while your account is active and for a reasonable period thereafter, or retain certain transaction records to comply with financial regulations. When personal data is no longer needed, we ensure it is securely erased or permanently de-identified.
Data Sharing with Third Parties
We value your privacy and do not sell or rent your personal data to third parties. We only share your data with third parties in a few specific situations, and always under strict conditions to protect your information. These scenarios include:
Service Providers (Processors): We may share personal data with trusted third-party service providers who perform services on our behalf and under our instructions. These include, for example, cloud hosting providers, IT infrastructure services, analytics service providers, email delivery services, or customer support tools. When we engage such providers, we ensure they are bound by data protection agreements so that your data remains protected. They are not allowed to use your data for any purposes other than delivering the contracted service to us.
Business Partners: If GigaSoft collaborates with partner companies or subcontractors in delivering a service or project you signed up for, your data may be shared with them only as needed for that project. For instance, if we co-develop a solution with an affiliate or jointly organize an event, we might share registration information. In all cases, we require partners to adhere to appropriate confidentiality and data protection standards.
Legal Compliance: We might disclose personal data to third parties (such as courts, law enforcement or regulatory authorities) when required to do so by law or legally binding order. For example, if a court order or government subpoena compels us to provide information, or to enforce our terms of service or protect our rights, we will comply after verifying the request is legitimate. Wherever possible and legally permissible, we will inform you of such disclosure.
Corporate Transactions: In the event that GigaSoft GmbH goes through a business transition, such as a merger, acquisition by another company, or sale of all or part of our assets, personal data may be transferred to the successor entity as part of the transaction. If such a transfer occurs, we will ensure the receiving party is bound to respect your personal data in a manner consistent with this Privacy Policy. We will also notify you (for example, via email or a notice on our website) if your data will become subject to a new privacy policy.
With Your Consent: In any other situation not covered above, if we need to share your personal data with a third party, we will do so only with your explicit consent. You will have the opportunity to opt-in to such data sharing and we will explain the purpose and the third party involved at that time.
We strive to keep all data processing within the European Economic Area (EEA). If we ever need to transfer your personal data to a country outside the EEA (for example, using a cloud provider based in the U.S.), we will ensure appropriate safeguards are in place as required by GDPR. This means we will only transfer data to countries deemed to have adequate data protection laws, or use approved mechanisms such as Standard Contractual Clauses or binding corporate rules to contractually ensure your data receives an equivalent level of protection as it does in the EU.
Cookies and Analytics
Our websites and online services use cookies and similar tracking technologies to provide a smooth user experience and to help us understand how our services are being used. A cookie is a small text file that is stored on your device when you visit a website. We use both our own (first-party) and third-party cookies, as described below:
Essential Cookies: These cookies are necessary for the website or service to function properly. They enable core features such as security, network management, and accessibility. For example, we might use a session cookie to keep you logged in as you navigate through a secure area of our site. Without these cookies, certain services or features may not be available. Because they are essential, these cookies are used without requiring your consent.
Analytics Cookies: We use analytic tools to collect information about how visitors use our website or applications. For instance, these cookies might track which pages are visited, how long users stay, and which links are clicked. This information is aggregated and does not directly identify you. We use it to improve our website’s content and performance. In line with our privacy-by-design approach, we use privacy-friendly analytics solutions (and may self-host analytics tools) to minimize data sharing with third parties. Where required by law, we will ask for your consent before setting analytics cookies on your device, and you can withdraw consent at any time.
No Advertising Cookies: We do not use advertising or marketing cookies that track you across different sites, nor do we allow third-party ad networks to collect information about you through our platform. GigaSoft’s goal is to protect user privacy, so we refrain from invasive tracking. You will not see targeted ads based on data from our services.
When you first visit our website, you will be presented with a cookie notice or banner (if applicable) giving you the option to accept or reject non-essential cookies. You can also manage your cookie preferences at any time through your browser settings. Most web browsers allow you to refuse new cookies, delete existing cookies, or be notified when new cookies are set. Please note, however, that disabling certain cookies may impact the functionality of our services (for example, you might not be able to stay logged in or some preferences might not be saved). We may also use other technologies similar to cookies, like web beacons or local storage, for the purposes outlined above. Any use of such technologies will be for the legitimate purposes of ensuring service functionality and gaining insights to improve our products, in compliance with applicable privacy rules.
Your Rights Under GDPR
As a user of our services and a data subject under the GDPR, you have various rights regarding your personal data. GigaSoft GmbH is committed to honoring these rights. You may exercise any of the following rights by contacting us (see the Contact Information section below). Please note that these rights are subject to certain conditions and exceptions under the law:
Right to Access: You have the right to request confirmation of whether we process personal data about you, and if so, to access that data. Upon request, we will provide a copy of your personal data that we hold, along with information about how we use it, in accordance with GDPR Article 15.
Right to Rectification: If any of your personal data that we hold is inaccurate or incomplete, you have the right to ask us to correct or update it. We will promptly make the necessary corrections to ensure we have accurate, up-to-date information.
Right to Erasure: Also known as the "right to be forgotten," this right allows you to request that we delete your personal data. You can do so, for example, if the data is no longer needed for the purposes it was collected, if you have withdrawn your consent and no other legal basis for processing applies, or if you believe we are unlawfully processing your data. We will honor valid erasure requests and also take steps to inform any third parties processing the data on our behalf (where applicable) that you have requested deletion.
Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain circumstances. For instance, if you contest the accuracy of your data, you can ask us to restrict processing while we verify the information. Similarly, if you object to our processing based on legitimate interests, or if you need us to preserve data for the establishment, exercise, or defense of legal claims, we will restrict processing your data to only store it and not use it for other purposes until the issue is resolved.
Right to Data Portability: You have the right to obtain the personal data you provided to us in a structured, commonly used, machine-readable format and to have that data transmitted to another controller where technically feasible. This right applies when the processing is based on your consent or a contract and carried out by automated means. We will assist with data portability requests by providing your data in a CSV or similar format.
Right to Object: You may object to our processing of your personal data when such processing is based on our legitimate interests or on the performance of a task in the public interest. If you raise an objection, we will review the reasons and unless we have a compelling legitimate ground to continue processing (or the processing is needed for legal claims), we will stop processing your data. Importantly, you have an absolute right to object at any time to the use of your personal data for direct marketing purposes. If you object to marketing, we will cease using your data for that purpose immediately.
Right Not to be Subject to Automated Decisions: If we ever use personal data to make purely automated decisions that have legal or similarly significant effects on you (for example, an AI system making a decision without human involvement), you have the right not to be subject to such decisions unless it is necessary for a contract, authorized by law, or you have given explicit consent. In practice, GigaSoft does not currently make impactful decisions about individuals using only automated processing. However, should this change, you will have the right to request human intervention, to express your point of view, and to contest the decision.
Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, and it will not affect processing of your personal data done on other lawful grounds. Once consent is withdrawn, we will stop the related processing activities that were based on consent.
Right to Lodge a Complaint: If you believe that we have not complied with data protection laws or have infringed your rights, you have the right to lodge a complaint with a supervisory data protection authority. You may do this in the EU Member State where you reside, where you work, or where the alleged infringement occurred. For example, in Germany the responsible authority would be the state Data Protection Authority. We would, however, appreciate the chance to address your concerns directly before you approach a regulator, so we encourage you to contact us first with any complaint and we will do our best to resolve it.
We will not usually charge a fee for you to exercise these rights. If your requests are unfounded or excessive (for example, repetitive requests), the GDPR permits us to charge a reasonable fee or refuse to act, but we will inform you of our reasoning in such cases. We will respond to all legitimate requests as soon as possible, and within the timeframe required by law (generally within one month, extendable if necessary under certain circumstances).
Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us.
For security and verification purposes, we may ask you to verify your identity when you contact us regarding your rights or personal data. This is to ensure that we do not disclose information to the wrong person or delete data at the request of someone impersonating you.
Updates to this Privacy Policy
We may update or revise this Privacy Policy from time to time to reflect changes in our practices or to ensure compliance with legal requirements. When we make changes, we will post the updated policy on our website and update the "Last Updated" date at the top of this document. If the changes are significant, we may also notify you by additional means, such as sending an email notification or providing a prominent notice on our site or within our application.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Continuing to use our websites or services after a Privacy Policy update constitutes acceptance of the revised terms to the extent permitted by law. If we ever need to use your personal data for a new purpose not originally stated, we will contact you beforehand and, if necessary, request your consent.
Thank you for trusting GigaSoft GmbH with your personal data. We are dedicated to safeguarding your privacy and delivering secure, reliable services built with privacy-by-design.