Giselle

Giselle Privacy Policy

Publication Date:
Effective Date:

ROUTE06 respects your privacy and is committed to protecting your personal information. This privacy policy outlines how we collect, use, and disclose your information for its provision of Giselle, which is a generative AI-based service that enables no-code development of agents and workflows (the “Service”), and your use of the Service and the website (https://giselles.ai/, the “Website”). This policy also explains your options regarding the use of your personal information, including how you can object to certain uses of your information and how you can access and update certain information. For the avoidance of doubt, the privacy policy on ROUTE06’s corporate site (https://route06.com/terms/privacy-policy) does not apply to the Service.

1. Personal information we collect

a. We collect information when you provide it to us, when you use the Service or the Website, and when other sources provide it to us, as further described below.

Personal information you provide:

  • Email Address
    • ⅰ. When you sign up for an account for the Service, we will ask you to provide your email address.
    • ⅱ. When you subscribe to our newsletter, we will ask you to provide your email address.
  • Payment Information
    • Our payment processor, Stripe, processes and stores the payment information you provide such as a credit card number, issuing bank, expiry date, and security codes.
  • User Content
    • We may collect personal information that is contained in prompts you submit, files you upload, and the generated content, through your use of the Service.
  • Communication Information
    • If you contact us to seek support or information, we may collect your name, contact details, and the content of any messages you send.

Personal information we receive automatically from your use of the Service:

  • Log Data

    • Your internet browser automatically transmits whenever you visit the Website. The log data includes your Internet Protocol (IP) address, browser type and settings, the date and time of your request, and your interactions with the Website.

  • Usage Data

    • We may automatically collect information about your use of the Service, including the types of content you view or interact with, the features you utilize, actions you take, as well as your time zone, country, access dates and times, user agent and version, type of computer or mobile device, network connection, IP address, and similar details.

  • Device Information
    This includes the name of the device, operating system, and browser you are using. The information collected may vary depending on the type of device and its settings.

  • Cookies
    We use cookies to operate and administer the Service and improve your experience. A cookie is a small piece of data that websites you visit transfer to your computer for identification purposes. Cookies can track your activity on the Website, helping us understand your preferences and enhance your browsing experience. They are also used for tasks like remembering your login credentials for the Service. If you prefer not to receive cookies, you can turn them off entirely or set your computer to alert you whenever cookies are in use. To do this, you need to adjust your browser settings (such as Chrome, Safari, Firefox, Edge, or others). There are also software solutions available to help manage cookies. Please note, however, that disabling cookies may limit certain features and functionality of the Service.

Information from other sources:

  • Social Media Account Information

    We may receive personal information linked to your social media accounts from third-party authorized providers, such as Google, Microsoft, and GitHub.

b. We also collect, use, and share aggregated or de-identified information such as statistical or demographic data for any purpose. Such data could be derived from your personal information but is not considered personal information in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. We will maintain and use de-identified information in anonymous or de-identified form, and we will not attempt to reidentify the information, unless required by law. In addition, if we combine or connect aggregated data or de-identified data with your personal information so that it can directly or indirectly identify you, we will treat the combined data as personal information which will be used in accordance with this privacy policy.

c. We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

2. How we use personal information

a. We may only use personal information for the following purposes:

  • To provide, administer, maintain, and/or analyze the Service;
  • To improve the Service and conduct research;
  • To communicate with you; including to send you information about the Service and events;
  • To develop new products and services;
  • To prevent fraud, criminal activity, or misuse of the Service, and to protect the security of our IT systems, architecture, and networks; and
  • To comply with legal obligations and legal processes and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.

b. We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

3. Disclosure of personal information

a. We may disclose your information to the following categories of third parties:

  • Vendors and Service Providers

    We may work with third-party service providers who offer services related to website development, application development, hosting, payments, maintenance, marketing, advertising, and other services for the Website and Service. We permit certain third parties to access and process your personal information when necessary for them to deliver their services to us or to you.

  • Analytics Services

    We may allow analytics services to access personal information to help us better understand how the Website and the Service are used and to gain insights into user preferences.

b. We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We may disclose personal information and any other information about you to government or law enforcement officials or private parties if, in our discretion, we believe it is necessary or appropriate to respond to legal requests (including court orders, investigative demands, and subpoenas), to protect the safety, property, or rights of ourselves, consumers, or any other third party, to prevent or stop any illegal, unethical, or legally actionable activity, or to comply with law.

c. We may also disclose personal information to third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets; to third parties with whom you engage to facilitate your purchase or use of your services such as your product integrator; or to businesses controlling, controlled by, or under common control with us. If a change happens to our business, and you are a European resident, then the new owner of your personal information may use your personal information in the same way as set out in this privacy policy or may contact you to obtain consent for new uses.

4. International data transfers

All information processed by ROUTE06 may be transferred, processed, and stored anywhere in the world, which may have data protection laws different from those in your jurisdiction. When we undertake such transfers, we endeavor to safeguard your information in accordance with the requirements of applicable laws, including the General Data Protection Regulation.

5. Your Rights

a. Depending on location, individuals may have certain statutory rights in relation to their personal information. For example, you may have the right to:

  • Access your personal information and information relating to how it is processed;
  • Delete your personal information from our records;
  • Rectify or update your personal information;
  • Transfer your personal information to a third party (right to data portability);
  • Restrict how we process your personal information;
  • Withdraw your consent—where we rely on consent as the legal basis for processing at any time;
  • Object to how we process your personal information; and
  • Lodge a complaint with your local data protection authority.

b. You can exercise the rights above through your account. If you are unable to exercise your rights through your account, please submit your request to support@giselles.ai.

c. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

d. If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to make a complaint at any time to the supervisory authority for data protection issues in the country in which you reside. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority so, please contact us in the first instance.

6. Data retention

a. We retain your information we receive as described in this privacy policy for as long as you use the Service or as necessary to fulfill the purposes for which it was collected, provide the Service, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

b. To determine the appropriate retention period for personal information, we consider thevolume, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information, and whether we can achieve those purposes through other means, as well as the applicable legal, regulatory, tax, accounting, or other requirements.

7. Security measures

We implement the following security measures to prevent any divulgence, loss, or corruption of personal information and to appropriately manage your personal information:

  • Organizational security measures:

    • A Personal Information Manager responsible for processing personal information has been appointed.
    • Authorized staff and the scope of their authorization are clearly defined.
    • A communication system is established to report any actual or potential violations of laws, regulations, or company rules to the Personal Information Manager.
    • Regular self-assessments, audits by other departments, and external organizations are conducted to ensure proper processing of personal information.

  • Administrative security measures:

    • Regular training is provided for employees to understand key points in processing personal information.
    • A personal information confidentiality clause is included in our Workplace Rules.

  • Physical security measures:

    • Staff entry and exit are controlled, and restrictions are placed on devices in areas where personal information is processed to prevent unauthorized access.
    • Measures are taken to prevent the theft or loss of devices, electronic media, and paper documents containing personal information.
    • Measures are implemented to prevent unauthorized disclosure of personal information during the transportation of devices and electronic media on or off company premises.

  • Technical security measures:

    • Access controls limit the number of holders of access rights and the scope of their authorization.
    • Information systems processing personal information are protected from unauthorized access and malicious software.

Our legal bases for processing your personal information include:

Performance of a contract: We process your personal information to provide and maintain the Service. When we process Account Information, Content, and Technical Information solely to provide the Service to you, this information is necessary for us to provide the Service. Without this information, we may be unable to deliver the Service to you.

Legitimate interests: We process your personal information to protect the Service from abuse, fraud, or security risks, and to develop, improve, or promote the Service, including training our models. This processing may include Account Information, Content, Social Information, and Technical Information. Refer to our instructions on how to opt out of the use of your information for model training.

Consent: We seek your consent to process your personal information for specific purposes that we communicate to you. You have the right to withdraw your consent at any time.

Compliance with legal obligations: We process your personal information to comply with applicable laws or to protect our, our affiliates’, users’, or third parties’ rights, safety, and property.

9. Additional information for U.S. residents

a. The following table provides additional information about the categories of personal information we collect and how we disclose that information. You can read more about the personal information we collect in “Personal information we collect” above, how we use personal information in “How we use personal information” above, and how we retain personal information in “Data retention” above:

Category of personal information Disclosure of personal information
Identifiers, such as your name, contact details, IP address, and other device identifiers Service Providers, including but not limited to payment service providers, domain name service providers, computing service providers, database providers, error-tracing service providers, monitoring service providers, community management providers, and customer support platform providers
Commercial Information, such as your transaction history N/A
Network Activity Information, such as Content and how you interact with the Service Service Providers, such as monitoring service providers
Geolocation Data Service Providers, such as monitoring service providers
Your account login credentials and payment card information (sensitive personal information) Service Providers, such as payment service providers

b. To the extent provided for by local law and subject to applicable exceptions, individuals may have the following privacy rights in relation to their personal information:

  • The right to know information about our processing of your personal information, including the specific pieces of personal information that we have collected from you;
  • The right to request deletion of your personal information;
  • The right to correct your personal information; and
  • The right to be free from discrimination relating to the exercise of any of your privacy rights.

Exercising your rights: To the extent applicable under local law, you can exercise privacy rights described in this section by submitting a request through your account or to support@giselles.ai.

Verification: In order to protect your personal information from unauthorized access, change, or deletion, we may require you to verify your credentials before you can submit a request to know, correct, or delete personal information. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional personal information and proof of residency for verification. If we cannot verify your identity, we will not be able to honor your request.

Authorized agents: You may also submit a rights request through an authorized agent. If you do so, the agent must present signed written permission to act on your behalf and you may also be required to independently verify your identity and submit proof of your residency with us. Authorized agent requests can be submitted to support@giselles.ai.

Appeals: Depending on where you live, you may have the right to appeal a decision we make relating to requests to exercise your rights under applicable local law. To appeal a decision, please send your request to support@giselles.ai.

c. We do not “sell” personal information or “share” personal information for cross-contextual behavioral advertising (as those terms are defined under applicable local law). We also do not process sensitive personal information for the purposes of inferring characteristics about a consumer.

10. Changes to the privacy policy

We may update this privacy policy from time to time. When we do, we will post an updated version on this page, unless another type of notice is required by applicable law.

Contact us:

If you have any questions about our privacy practices or this privacy policy, please contact us at:

ROUTE06, Inc.
Marunouchi Kitaguchi Building 9F, 1-6-5 Marunouchi, Chiyoda-ku, Tokyo, Japan support@giselles.ai

Enacted and effective October 1, 2024