MAIT LogoBETA

Privacy Policy

How we collect, use, and protect your personal information.

Last Updated: January 2026

Multistrat B.V. ("Multistrat," "we," "us," or "our") respects your privacy and is committed to protecting personal data we process. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you use Multistrat's AI Tool ("MAIT", the "Platform"), our websites (including multistrat.net, m-ait.com), and related services (collectively, the "Services").

If you have any questions or wish to exercise your rights, please contact us at: contact@multistrat.net.

1. Applicability of This Privacy Policy & Our Roles

This Privacy Policy explains how Multistrat processes personal data collected:

  • through our websites,
  • through your use of MAIT (e.g., account login, activity, support interactions),
  • through marketing, sales, or customer engagements, and
  • through other interactions with us.

1.1 Definition of "Customer"

For the purposes of this Privacy Policy, "Customer" refers to the legal entity that contracts with Multistrat for access to MAIT and determines the purposes and means of processing Customer Data. Individuals using MAIT under a Customer account do so on behalf of that Customer. Website visitors or trial users are not Customers unless they have entered into a contractual relationship with Multistrat.

1.2 Controller vs. Processor Roles

When Multistrat is a Data Controller

We act as a Data Controller for personal data we collect and process for our own business purposes, including:

  • Website visitor data
  • User account and profile information
  • Usage analytics and technical logs
  • Marketing, sales, and communication data
  • Event or lead-generation data

This Privacy Policy applies to that processing.

When Multistrat is a Data Processor

Customers use MAIT to upload and process documents (e.g., contracts, annexes, invoices, vendor documents) and to generate analyses using AI features ("Customer Data" or "Content").

For Customer Data:

  • The Customer is the Data Controller, and
  • Multistrat acts as a Data Processor.

Processing is governed by the Customer Agreement (and, where applicable, a Data Processing Addendum). This Privacy Policy does not apply to Customer Data uploaded to or generated within MAIT. Questions regarding Customer Data should be directed to the Customer.

2. Personal Data We Collect

In the course of doing business, providing our Services, and through our website we collect and receive Personal Data in different ways and from different sources. This Personal Data includes:

2.1 Information You Provide

Account & Profile Information

  • Name
  • Email address
  • Phone number (optional)
  • Role/title
  • Organisation name
  • Account credentials (stored securely)
  • Preferences (language, time zone)

Support & Communication Data

  • Messages you send to support
  • Sales/demo communications
  • Survey responses
  • Meeting notes when relevant for support

Event & Marketing Interactions

  • Conference/webinar registrations
  • Contact details provided by you
  • Marketing preferences

2.2 Information We Collect Automatically

Log & Usage Data

  • IP address
  • Device and browser type
  • Dates/times of access
  • Pages viewed and features used
  • Frequency and type of queries submitted
  • Performance and error logs
  • Security/audit logs (access events, file uploads, downloads)

Cookies & Similar Technologies

Used for:

  • Essential operations
  • Security
  • User preferences
  • Analytics (and marketing where legally permitted)

You can manage cookies via browser settings or cookie banners where applicable. For more details about how we use these Cookies and Similar Technologies, your opt-out controls, and other options please visit our Cookie Policy.

Device Information

  • Device identifiers
  • OS version
  • Browser version

The specific Device Information collected will depend on the type of device you use and its settings.

2.3 Information From Third Parties

We may receive data from:

  • Security & fraud prevention vendors
  • CRM and marketing enrichment vendors
  • Advertising platforms
  • Event organisers
  • Channel/referral partners

2.4 Publicly Available Information

We may use publicly available professional or corporate information (e.g., company registry data, public corporate filings) to:

  • Understand industry practices relevant to contract classification
  • Improve non-personal structural extraction models

We do not re-identify anonymised or aggregated data except where required by law or for security.

3. How We Use Personal Data (Controller Role)

Where Multistrat acts as a controller, we use personal data for the following purposes.

3.1 Provide & Maintain the Services

  • Authenticate users
  • Manage accounts
  • Operate dashboards, repositories, and AI features
  • Provide customer support
  • Troubleshoot technical issues

3.2 Improve & Develop MAIT

We may use aggregated, anonymised, or pseudonymised data (e.g., feature usage patterns) to:

  • Improve product performance and accuracy
  • Develop new features
  • Monitor reliability, latency, and capacity

For the avoidance of doubt:

Multistrat does not use Customer Data to train or fine-tune our foundational or general-purpose AI models. Customer Data is processed solely to provide the Services according to the Customer's instructions.

3.3 Communicate With You

  • Provide onboarding and administrative messages
  • Send security or service alerts
  • Provide updates or information about MAIT
  • Send marketing communications (with opt-out option)

3.4 Security, Fraud Prevention & Compliance

  • Detect and prevent fraud or abuse
  • Investigate security incidents
  • Enforce our Terms of Service and acceptable use policies
  • Comply with laws and lawful requests

3.5 Research & Analytics

We may use aggregated or de-identified data to:

  • Analyse service usage
  • Support product and business strategy
  • Produce non-personal insights

No re-identification is attempted unless legally required.

4. Who We Share Personal Data With

Multistrat does not sell personal data.

We may share personal data with the following categories.

4.1 Affiliates

For support, engineering, or business operations, under confidentiality obligations.

4.2 Subprocessors & Service Providers

We use trusted third parties to support the Services, which may include:

  • Cloud hosting providers (e.g., AWS)
  • Authentication and identity tools
  • Email and communication tools
  • Customer support platforms
  • Monitoring, analytics, and logging services
  • Optional AI inference models (e.g., Gemini or similar), depending on customer configuration

These vendors may process personal data as part of providing services to Multistrat. We maintain an up-to-date Subprocessor List, which is incorporated into our DPA and provided to customers on request.

4.2.1 Use of Third-Party AI Model Providers

Certain MAIT features use third-party AI model providers to generate results based on your prompts. In these cases, limited personal data may be processed by these providers strictly under our instructions and under contractual safeguards. These providers act solely as subprocessors and may not use the data for their own purposes.

While Multistrat conducts due diligence and imposes contractual controls, the use of external AI models inherently involves technical behaviours that Multistrat does not fully control (such as model errors or non-deterministic outputs). These characteristics are inherent to third-party AI systems and are not unique to MAIT.

4.3 Authorities & Legal Compliance

We may disclose data where required to:

  • Comply with laws or legal processes
  • Respond to regulators or law enforcement
  • Protect the rights, property, or safety of Multistrat, our Customers, or others

4.4 Business Transfers

If Multistrat undergoes a merger, acquisition, financing, or sale, personal data may be disclosed during due diligence or transferred as part of the transaction under confidentiality.

5. International Data Transfers

Multistrat is headquartered in the Netherlands, but personal data may be processed:

  • In India
  • In countries where our cloud infrastructure operates
  • By subprocessors located outside the EEA (including the US and India)

Whenever personal data is transferred outside the EU, we use appropriate safeguards, such as:

  • EU Standard Contractual Clauses (SCCs)
  • Other lawful transfer mechanisms where required

We apply encryption, strict access controls, and organisational measures to protect data transferred internationally.

6. Cookies & Similar Technologies

We use cookies to:

  • Enable essential functionality
  • Enhance security
  • Remember preferences
  • Perform analytics
  • Support marketing where legally permitted

You can adjust your cookie preferences via your browser or cookie banner (where applicable). Refer to our Cookie Policy for more information.

7. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy or as required by law.

Examples:

  • Account Data - retained for the duration of the account and an additional 90 days for administrative/legal purposes.
  • Usage Logs - retained for a period necessary for security, performance analysis, and troubleshooting.
  • Marketing Data - retained until you unsubscribe and for 90 days thereafter to maintain suppression lists.

Backup data is deleted according to our standard backup lifecycle. Where a Customer Agreement specifies different retention, that agreement prevails.

8. Minors

The Services are intended for professional use only. We do not knowingly collect personal data from children under 16. If you believe a child has provided us data, please contact us so we can delete it.

9. Your Rights

Depending on your jurisdiction, you may be entitled to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion
  • Restrict or object to processing
  • Data portability
  • Withdraw consent

To exercise rights: contact@multistrat.net

10. Security

We use technical and organisational measures designed to protect personal data, including:

  • Encryption of data in transit & at rest
  • Access controls and least-privilege policies
  • Optional multi-factor authentication (MFA)
  • Logging & monitoring
  • Network security and segmentation
  • Regular security assessments and testing
  • Role based access control (RBAC)

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do:

  • We will update the "Last Updated" date;
  • Where legally required, we will notify you before changes take effect.

12. How to Contact Us

Email: contact@multistrat.net