PT
EN
Schedule a Demo

Privacy Policy

Introduction

GISTM.ai is a platform developed by Data Riders that uses Artificial Intelligence to assist with compliance to the Global Industry Standard on Tailings Management (GISTM). We value the privacy and security of our users’ and clients’ information. This Privacy Policy explains how we collect, use, store, and protect your personal information and any data provided, in compliance with the Brazilian General Data Protection Law (LGPD – Law No. 13.709/2018). By using our services, you agree to the terms of this policy.

We recognize that our clients (including major mining companies) often handle sensitive and technical data about tailings facilities. Therefore, we are committed to treating all information provided with strict confidentiality, ensuring it is not used for purposes beyond the contracted scope. Our data protection approach provides a level of security and confidentiality equivalent to formal Non-Disclosure Agreements (NDAs), offering peace of mind that your information will not be leaked or improperly accessed.

Personal Data Collected

We only collect the personal data necessary for identifying and contacting the user:

  • Name: used to identify the user/client within our platform and in communications.
  • Email: used to create your account, authenticate access, send service-related communications (e.g., analysis results, technical notifications, or information about free demonstrations), and respond to support requests.

We do not collect other personal data (such as phone numbers, addresses, or sensitive data) unless you voluntarily provide them in communications with us. In general, we aim to minimize data collection, obtaining only the information strictly necessary to deliver our services with quality.

Use of Information

The data collected is used strictly for the following purposes:

  • To provide and improve the services: we use your name and email to create and manage your account, allow access to GISTM.ai, and personalize your user experience. Your email may also be used to send updates about features and collect feedback to improve the platform.
  • Necessary communications: your email may be used to send essential service information, such as maintenance notices, requested reports, confirmations of registration for free demonstrations, or responses to technical support requests.
  • To ensure legal compliance and security: we may process your data as needed to comply with applicable legal or regulatory obligations (e.g., LGPD requirements) and to protect the platform’s security, preventing fraud or unauthorized access.

Important: We do not use your personal data or any content provided to train AI models or for marketing purposes without your explicit consent. All data processing is limited to what is necessary to serve you within the scope of GISTM.ai’s services.

Content and Documents Provided by the User

We understand you may submit documents, technical data, and other confidential information related to tailings facilities and mining operations for analysis on the platform. We are firmly committed to protecting the confidentiality of these materials. Any content you provide (including text, spreadsheets, reports, images, or other uploaded files) will be used exclusively to perform analyses and provide the requested functionalities within GISTM.ai, as contracted or demonstrated.

We will never use the content of your documents for any other purpose. Specifically:

  • We will not share, publish, or disclose your documents or any information contained therein to third parties, except as strictly necessary to provide the contracted service.
  • We do not use your data to train AI algorithms, whether internal or third-party models. We employ AI models configured to neither retain nor use user data in training. For this reason, we do not use services like Deep Seek, which incorporate user data into model training—this practice is incompatible with our confidentiality commitment.
  • We do not extract statistical information or knowledge from your data for any purpose other than delivering the expected service results. Your documents remain your property and under your control; our system acts only as an analysis tool without altering, exposing, or improperly retaining the content you provide.

This commitment ensures that even without a separate NDA, your sensitive information is protected under this Privacy Policy. Our team is aware of the sensitive nature of such data and follows strict confidentiality protocols when handling any client content.

Data Storage and Retention

The data provided on the platform (both personal registration data and documents submitted for analysis) is stored securely on MindStudio.ai’s cloud infrastructure, which uses Amazon S3 for file storage. MindStudio.ai adheres to rigorous enterprise security standards (SOC II certification and GDPR compliance), ensuring enterprise-level protection for stored data. All data is transmitted encrypted between your device and our servers (TLS/SSL protocols) and remains encrypted at rest on the servers, further securing against unauthorized access.

We retain data and documents only as long as necessary. Typically, submitted documents and other user data remain in our systems for up to one (1) month after submission. This ~30-day retention period allows you to use the platform’s features (e.g., review results, generate comparative reports, or continue related analyses). After this period, the data is automatically deleted from our databases and file repositories as a protective and confidentiality measure.

If you request the deletion of certain data before the standard 1-month period, we will honor the request and permanently delete such information in accordance with your right to erasure under LGPD. We may retain data for longer periods only if required by law or specific regulatory obligations—in such cases, we will retain only what is strictly necessary and apply additional protective safeguards.

Data Security and Confidentiality

We implement administrative, technical, and physical security measures to protect your data against unauthorized access, misuse, or improper disclosure. This includes restricted access controls, encryption, system monitoring, and internal compliance policies. Only authorized personnel on our team can access stored data, and only for service-related purposes. Specifically, only the platform’s responsible director and designated AI engineers have permission to access user data—and even then, only when necessary for system maintenance, technical support, or essential improvements. All internal data access is logged and monitored to ensure compliance with this policy and applicable law.

Our team and any directly involved service providers are bound by strict confidentiality agreements. Any authorized individual accessing the data is legally and contractually obligated to maintain absolute confidentiality, subject to disciplinary and legal measures in case of breach. We reiterate that we treat your confidential data with the same care as under a formal NDA—we will not disclose it or allow unauthorized third-party access under any circumstances.

In the event of a security incident or breach compromising personal data, we will follow legal procedures, including notifying you within the legal timeframe and informing the relevant authorities as required by LGPD. We will also promptly take corrective measures to mitigate potential impacts.

Data Sharing with Third Parties

GISTM.ai does not sell, share, or commercialize your personal data or documents with third parties for independent purposes. We also do not transfer your data to partners or suppliers for their own use. Third-party access to your information occurs only in the following limited and necessary situations:

  • Infrastructure and processing providers: We use trusted cloud services to host the platform and store data (e.g., MindStudio.ai and Amazon Web Services). These providers act as data processors on behalf of GISTM.ai, following our instructions and contractually bound to our data protection standards and applicable legislation.
  • Legal requirements: If required by law, court order, or competent authority request, we may disclose strictly necessary information to comply with legal obligations. In such cases, you will be informed (when permitted by law) about which data was shared and why.
  • Corporate transfers: In the event of a merger, acquisition, corporate restructuring, or sale of all or part of the platform’s business, data may be transferred to the successor entity under the terms of this policy. Should such a transfer occur, users will be notified of any significant changes regarding their data, with the opportunity to request deletion if desired.

Outside of these cases, no other sharing occurs. In particular, we do not transfer your data to other clients, government agencies (unless legally required), or external AI services for model training. Your trust is paramount to us, and we guarantee your data remains under our control and protection.

Data Subject Rights

In compliance with LGPD, you have several rights regarding your personal data that we process. We fully respect these rights and provide means for you to exercise them easily. Your key rights include:

  • Confirmation and access: right to request confirmation of whether we process your personal data and to access it, including requesting a copy of the information we hold about you.
  • Rectification: right to correct or update incomplete, inaccurate, or outdated personal data (e.g., updating your name or contact email if necessary).
  • Erasure: right to request deletion of personal data collected in certain circumstances—for example, data processed based on your consent or no longer necessary for the described purposes. You may request deletion of submitted documents or your account at any time, and we will proceed unless there is a legal reason requiring retention.
  • Objection and withdrawal of consent: you may object to certain processing activities lacking an appropriate legal basis or withdraw your consent where processing relies solely on it.
  • Portability: upon express request, we will provide you or a designated third party with a report of your personal data in a structured and commonly used format, subject to trade and industrial secrets as per regulations.
  • Review of automated decisions: while GISTM.ai uses AI to assist in analyses, we do not make decisions affecting your rights solely based on automated processing of personal data. Nonetheless, you have the right to request human review of any such decision if it arises.

To exercise any of these rights or to ask questions about your personal data, please contact us at hi@datariders.com.br. We will respond as soon as possible and within legal timeframes. We may request additional information to verify your identity before fulfilling the request, to prevent fraud.

Contact and General Provisions

If you have any questions, comments, or requests regarding this Privacy Policy or the processing of your data, please contact us at hi@datariders.com.br. We are available to clarify any issues and assist you in exercising your rights.

This Privacy Policy is effective as of its publication date and may be updated periodically, especially to reflect changes in our data processing practices or to ensure legal compliance. If we make significant changes, we will notify users via registered contact channels or through a notice on the platform. We recommend reviewing this document from time to time to stay informed about how we protect your information.

By continuing to use GISTM.ai after changes are published, you are deemed to have acknowledged and agreed to the updated terms. If you do not agree with the revised terms, we ask that you discontinue using our services and contact us for possible actions, such as deleting your data.

Last update: July 2025

Linkedin-in Youtube
Copyright © 2025 - Data Riders. All rights reserved.

Select your language

Schedule a Demo

Thank you for your interest!

One of our consultants will be in touch with you soon.

FECHAR
Your registration was successfully completed!
CLOSE