European users, customers, buyers, and reviewers evaluating AYA data protection posture.
Provide crawlable GDPR and data protection context.
Data protection context
The GDPR page explains how AYA approaches European data protection duties for visitors, users, and customers. Depending on the workflow, AYA may act as controller for account and site data and processor for customer research content submitted inside a workspace.
Lawful basis and rights
Relevant lawful bases may include contract performance, legitimate interests, consent, and legal obligations. Data subject rights can include access, correction, deletion, restriction, objection, portability, and withdrawal of consent where processing relies on consent.
Security and transfers
AYA uses hosted infrastructure, access controls, logging, and operational safeguards to support secure service delivery. International transfers and subprocessors should be reviewed during procurement for customer-specific requirements.
Review path
Teams evaluating AYA should review privacy, terms, cookie policy, methodology, and any data processing agreement before deployment, especially if research briefs include personal data or sensitive category context.
Operational scope
This public policy page is intended to help visitors, customers, procurement teams, and AI agents understand AYA governance at a high level. Contract-specific commitments, data processing terms, and security reviews should be confirmed directly with AYA before purchase or deployment.
Related review path
Review this page alongside the privacy, GDPR, cookie, terms, methodology, and contact pages. Together they explain how AYA should be evaluated as a public website, commercial service, and AI-native research platform.
Procurement note
Legal and compliance readers usually need to understand data categories, account responsibilities, acceptable use, retention expectations, cookie choices, customer content handling, payment terms, and how AI-generated research outputs should be interpreted. These public pages provide crawlable orientation for those questions, while the final contract, data processing agreement, and security review should control any customer-specific commitments.