Last updated: April 2026
Alagna is operated by Alagna SAS, based in Paris, France. This policy explains what personal data we collect, why we collect it, and how we handle it.
If you request access via our website, we collect: your name, work email address, firm name, job title, and any optional notes you provide. We use this information solely to evaluate your request and contact you about access to Alagna.
If you use the Alagna platform, we collect: your email address, name, and firm affiliation (for account creation and authentication); the files and documents you upload to the platform; the conversations you have within the platform; and technical data such as session tokens and usage logs.
Access request data is collected on the basis of legitimate interest: evaluating and responding to enquiries from prospective users. Platform data is collected to perform the contract of providing the service: document analysis, memo generation, and the conversational analytical process that Alagna delivers.
We do not use your data for advertising. We do not sell your data to third parties.
All Alagna infrastructure runs in European data centres:
Access request form submissions are stored in our Supabase database in the EU.
The Alagna platform uses three external AI services to process document text during analysis. These services receive extracted text only — never original uploaded files. None of these services uses your data for model training.
EU-to-US data transfers are covered by each provider's applicable data transfer mechanisms.
Alagna is a multi-tenant platform. Every data record — deals, documents, conversations, files, embeddings — is scoped to a specific firm. Users at one firm cannot access, search, or retrieve data belonging to another firm. Within a firm, access is role-based.
All data is transmitted over TLS (HTTPS). Integration credentials are encrypted with AES-256-GCM. Database storage is protected by infrastructure-level disk encryption. Users authenticate with email, password, and mandatory multi-factor authentication (TOTP). Passwords are hashed with bcrypt; TOTP secrets are encrypted with AES-256-GCM.
A full description of Alagna's security architecture is available in our Data Security Fact Sheet, provided to firms during onboarding.
You can delete individual conversations or entire deals at any time. Deletion cascades to all associated data: messages, documents, chunks, embeddings, and analytics. Firm offboarding removes all firm data with no orphaned records.
Access request form data is retained until the request is resolved and then deleted, unless you become a user, in which case it is superseded by your account record.
If you are in the European Economic Area, you have the right to: access the personal data we hold about you; request correction of inaccurate data; request deletion of your data; object to or restrict processing; request data portability; and withdraw consent where processing is based on consent.
To exercise any of these rights, contact us at contact@alagna.ai. We will respond within 30 days.
The marketing website does not use tracking cookies. The Alagna platform uses strictly necessary cookies for authentication and session management only.
We may update this policy from time to time. Material changes will be communicated to registered users by email. The "last updated" date at the top reflects the most recent revision.
For any questions about this policy or your data, contact: