Last updated: May 2026
Alagna is operated by Alagna SAS, based in Paris, France. This policy explains what personal data we collect, why we collect it, and how we handle it.
If you request access via our website, we collect: your name, work email address, firm name, job title, and any optional notes you provide. We use this information solely to evaluate your request and contact you about access to Alagna.
If you use the Alagna platform, we collect: your email address, name, and firm affiliation (for account creation and authentication); the files and documents you upload to the platform; the conversations you have within the platform; and technical data such as session tokens and usage logs.
Access request data is collected on the basis of legitimate interest: evaluating and responding to enquiries from prospective users. Platform data is collected to perform the contract of providing the service: document analysis, memo generation, and the conversational analytical process that Alagna delivers.
We do not use your data for advertising. We do not sell your data to third parties.
Alagna operates dedicated infrastructure in each region. Your data stays in your jurisdiction.
European firms:
US firms:
Access request form submissions are stored in our Supabase database.
The Alagna platform uses external services to process document text and deliver transactional communications. AI services receive extracted text only — never original uploaded files. Neither AI service uses your data for model training.
EU-to-US data transfers are covered by each provider's applicable data transfer mechanisms.
Alagna is a multi-tenant platform. Every data record — deals, documents, conversations, files, embeddings, and analytics — is scoped to a specific firm. Users at one firm cannot access, search, or retrieve data belonging to another firm. Within a firm, access is role-based. Vector embeddings are scoped to individual deals — there is no shared vector space across firms or across deals.
All data is transmitted over TLS (HTTPS). Integration credentials and MFA secrets are encrypted with AES-256-GCM with per-encryption random initialisation vectors. Document content (extracted text, chunks, embeddings) is protected by Supabase's infrastructure-level disk encryption. Users authenticate with email, password, and mandatory multi-factor authentication (TOTP, RFC 6238). Passwords are hashed with bcrypt. Failed login attempts are rate-limited (5 attempts, then 15-minute lockout).
A full description of Alagna's security architecture is available in our Data Security Fact Sheet, provided to firms during onboarding. Our real-time compliance posture and certification status are available on our Trust Center.
You can delete individual conversations or entire deals at any time. Deletion cascades to all associated data: files, conversations, messages, documents, chunks, embeddings, claims, and analytics. Firm offboarding removes all firm data with no orphaned records.
Access request form data is retained until the request is resolved and then deleted, unless you become a user, in which case it is superseded by your account record.
If you are in the European Economic Area, you have the right under GDPR to: access the personal data we hold about you; request correction of inaccurate data; request deletion of your data; object to or restrict processing; request data portability; and withdraw consent where processing is based on consent.
Regardless of jurisdiction, all Alagna users can request access to, correction of, or deletion of their personal data by contacting privacy@alagna.ai.
To exercise any of these rights, contact us at privacy@alagna.ai. We will respond within 30 days.
The marketing website does not use tracking cookies. The Alagna platform uses strictly necessary cookies for authentication and session management only.
We may update this policy from time to time. Material changes will be communicated to registered users by email. The "last updated" date at the top reflects the most recent revision.
For any questions about this policy or your data, contact: