← Back to Setta

Privacy Policy

Last updated: April 16, 2026

1. Data Controller

The data controller responsible for your personal data under this policy is TODALE TECHNOLOGIES LTD (operating the Setta AI brand), based in Tel Aviv, Israel. You can reach us at privacy@setta-ai.com for any privacy-related request.

This policy explains what information we collect when you visit setta-ai.com (the "Site"), how we use it, how long we keep it, and your rights.

2. Information We Collect

2.1 Information you provide

If you join the waitlist, we collect your name, title, company, email address, and current monthly Gen-AI spend range. This information is submitted through Formspree and is used solely to contact you about early access and product updates.

2.2 Analytics data

With your consent, we use Google Analytics 4 to understand how visitors use the Site. Google Analytics collects information such as pages visited, time on site, device type, browser type, and a truncated IP address. We use Google Consent Mode v2, so no analytics cookies are set and no identifier is stored before you accept.

3. Cookies and Similar Technologies

We only set analytics cookies if you opt in via our cookie banner. By default (and if you click "Reject") all analytics and marketing cookies are denied. The following cookies and storage keys may be used:

  • _ga, _ga_9L220JLHHP: Google Analytics. Distinguish unique users and sessions. First-party cookies. Expire after up to 2 years. Set only after consent.
  • setta-cookie-consent: localStorage entry that records your consent choice so we don't ask again on your next visit. First-party, no personal data.

Google may set additional cookies as part of its analytics pipeline. A full list is maintained at business.safety.google/privacy.

You can change or withdraw your consent at any time via the link (also available in the site footer). Withdrawal is as easy as giving consent.

4. Global Privacy Control (GPC)

If your browser sends a Global Privacy Control signal, we treat it as an automatic opt-out and do not load analytics cookies. The cookie banner will not be shown.

5. Legal Basis for Processing (GDPR)

For visitors in the EU, EEA, or UK, we process personal data on the following legal bases:

  • Consent (Art. 6(1)(a) GDPR): analytics and marketing cookies.
  • Taking steps at your request (Art. 6(1)(b) GDPR): waitlist signup and subsequent contact about early access.
  • Legitimate interests (Art. 6(1)(f) GDPR): securing the Site, preventing abuse of the waitlist form.

6. International Transfers

Our processors are located outside Israel and the EEA:

  • Google LLC (Google Analytics): United States. Transfers are covered by the EU–US Data Privacy Framework and Google's Standard Contractual Clauses (SCCs).
  • Formspree, Inc.: United States. Transfers are covered by Standard Contractual Clauses.
  • Cloudflare, Inc.: global CDN and DNS for the Site; transfers covered by Standard Contractual Clauses.

We only share personal data with processors bound by written agreements requiring appropriate safeguards.

7. Data Retention

  • Waitlist data: kept for up to 12 months from submission, or until you request deletion, whichever is sooner. If you become a customer or design partner, your contact data may be retained for the duration of that relationship under a separate customer agreement.
  • Google Analytics data: 14 months in our GA4 property.
  • Consent records: stored locally in your browser until you clear them or change your choice.

8. Your Rights

Under the GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction or deletion of your data
  • Withdraw consent at any time
  • Object to processing or request data portability
  • Restrict processing in certain circumstances
  • Lodge a complaint with a supervisory authority (for EU/EEA residents, this is the data protection authority in your country of residence; for UK residents, the ICO)

To exercise any of these rights, email privacy@setta-ai.com. We respond within 30 days.

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on you.

9. California Residents (CCPA / CPRA)

California residents have the right to know what personal information is collected, to request deletion, and to opt out of the sale or sharing of personal information. We do not sell personal information. To exercise your rights, email privacy@setta-ai.com or enable Global Privacy Control in your browser.

10. Security

The Site is served over HTTPS. Waitlist submissions are encrypted in transit. Access to personal data within TODALE TECHNOLOGIES LTD is limited to personnel who need it to operate the service.

11. Changes to This Policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top. For material changes we will post a prominent notice on the Site.

12. Contact

Questions about this policy? Email privacy@setta-ai.com.