TESSERAITESSERAI
Back

Privacy Policy

Last updated: March 22, 2026

§1. Data Controller

The controller of personal data of users of the TESSERAI platform is ARTECH CONSULT SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, ul. Rzeczna 10, 89-200 Nakło nad Notecią, Poland, NIP: 5542999451 (hereinafter: the "Controller").

For matters concerning the protection of personal data, you may contact the Controller electronically at: kontakt@tesserai.pro or in writing at the registered address above.

§2. Scope of Data Collected

The Controller collects and processes the following personal data of TESSERAI platform users:

  • identification and contact data: first name, last name, e-mail address;
  • subscription and credit purchase data: payment history, billing information;
  • platform usage data: conservation projects, documentation, photographs of heritage objects;
  • technical data: IP address, browser type, operating system, access logs;
  • activity data: session history, use of AI features, conversation history with the assistant.

§3. Purposes and Legal Bases for Processing

a) Performance of a contract (Art. 6(1)(b) GDPR)

Data is processed for the purpose of providing TESSERAI platform services, including managing user accounts, fulfilling subscriptions, processing credit purchases, and granting access to all platform features.

b) Compliance with legal obligations (Art. 6(1)(c) GDPR)

Data is processed to fulfil obligations arising from applicable law, in particular tax and accounting regulations.

c) Legitimate interests (Art. 6(1)(f) GDPR)

Data may be processed to ensure platform security, detect misuse, pursue or defend against legal claims, and for analytical purposes aimed at improving our services.

d) User consent (Art. 6(1)(a) GDPR)

In the case of sending marketing communications — solely on the basis of the user's voluntary consent, which may be withdrawn at any time.

§4. Recipients of Data

Personal data of users may be disclosed to the following categories of recipients:

  • payment service providers (Stripe Inc.) — to the extent necessary to process payments;
  • cloud infrastructure and hosting providers — to the extent necessary to deliver the services;
  • AI service providers (Anthropic PBC) — to the extent necessary to process queries via the AI assistant;
  • public authorities — solely on the basis of applicable law and within the limits it defines.

The Controller does not sell users' personal data to third parties.

§5. Transfer of Data Outside the EEA

Due to the use of services provided by entities established outside the European Economic Area (including Anthropic PBC and Stripe Inc.), personal data may be transferred to third countries. Such transfers are carried out with appropriate safeguards as required by the GDPR, in particular standard contractual clauses approved by the European Commission.

§6. Data Retention Periods

Personal data is retained for the following periods:

  • account data — for the duration of the contract and up to 90 days after its termination;
  • billing data and financial documents — for 5 years, in accordance with tax regulations;
  • project and conservation documentation data — for the duration of platform use and 30 days after account deletion;
  • technical logs — for up to 12 months.

§7. User Rights

Users of the TESSERAI platform have the following rights in connection with the processing of their personal data:

  • right of access — the right to obtain information about the data being processed;
  • right to rectification — the right to correct inaccurate data;
  • right to erasure — the right to request deletion of data (the "right to be forgotten");
  • right to restriction of processing — the right to request that processing of data be restricted;
  • right to data portability — the right to receive data in a structured, machine-readable format;
  • right to object — the right to object to processing based on legitimate interests;
  • right to lodge a complaint — the right to submit a complaint to the President of the Personal Data Protection Office (UODO) in Poland, or to the supervisory authority competent in your country of residence.

To exercise any of the above rights, please contact the Controller at kontakt@tesserai.pro.

§8. Data Security

The Controller applies appropriate technical and organisational measures to protect personal data, including encryption of data in transit (TLS), encryption of data at rest, access controls, and regular security audits. Data relating to conservation documentation and projects is stored in accordance with the principle of minimum access privilege.

§9. Cookies

The TESSERAI platform uses cookies only to the extent necessary for the operation of the service (session cookies, authentication cookies). The Controller does not use cookies for tracking users for advertising purposes. Users may manage cookies through their browser settings.

§10. Automated Decision-Making and Profiling

The TESSERAI platform uses artificial intelligence (AI) to assist conservators — in particular, to generate suggestions regarding condition assessment, treatment planning, and documentation creation.

AI does not make any binding decisions. All suggestions generated by the system are purely advisory and require verification and approval by the user (the conservator).

The platform does not carry out profiling of users within the meaning of Article 22 of the GDPR that would produce legal effects or similarly significantly affect users.

§11. Changes to this Privacy Policy

The Controller reserves the right to amend this Privacy Policy. Users will be informed of material changes by e-mail or via a notice displayed on the platform. The current version of the Privacy Policy is always available at tesserai.pro/privacy.

§12. Contact

For questions regarding this Privacy Policy or the processing of personal data, please contact us:

ARTECH CONSULT Sp. z o.o.

ul. Rzeczna 10, 89-200 Nakło nad Notecią, Poland

NIP: 5542999451

E-mail: kontakt@tesserai.pro