risura

Updated: 2026-05-21

Privacy notice

This text describes, in plain language, what personal data Atelier das Entidades collects when you write through this site, what it is used for, how it is handled, and what rights the law guarantees you. Atelier das Entidades is a small research lab in Lisbon — a three-person atelier, with no marketing department.

Who is responsible

Atelier das Entidades is a small lab that studies how AI systems describe companies through language. For the purposes of the General Data Protection Regulation (GDPR / RGPD) and the Portuguese Data Protection Act (Lei n.º 58/2019), the controller of the personal data described below is the operator of the site risura.com. For any privacy question or to exercise a right, write to contacto@risura.com.

What is collected

When you send the contact form, Atelier das Entidades receives:

  • Your name and email — to reply to you by name.
  • The text you write in the request fields: a description of the company or topic, the model answer that raised a doubt, and any additional notes — only what you decide to share.

This data is used only to answer what you asked. You are not added to any mailing list, and your data is not shared with third parties (with the exception of the payment processor described below, where applicable). Atelier das Entidades also keeps the date and time the form was submitted, together with a SHA-256 hash of your IP address plus a salt — this protects the form against automated submissions. The IP address itself is never recorded, nor are browser fingerprints or device metadata.

What is not collected

  • No tracking cookies are used. The analytics tool runs without cookies and stores no per-user identifier.
  • No remarketing pixels, marketing-automation tags, or ad-network trackers are enabled.
  • There is no automated profiling, and no automated decision producing legal effects on you.
  • Personal data is neither sold nor transferred to commercial partners. That is not the revenue model.

Legal basis for processing

Messages sent through the form are processed on the basis of Article 6(1)(b) of the GDPR (steps taken at the request of the data subject prior to entering into a contract). The IP hash, which protects the form against abuse, relies on Article 6(1)(f) of the GDPR (legitimate interest). Payment status data, where it exists, is processed on the contractual basis.

How long data is kept

  • Form messages: kept for the duration of the related work plus 24 months, to preserve the context of the exchange; after that, they are deleted. Messages that do not lead to work are kept for 12 months and then deleted.
  • Payment records: kept for the period required by applicable tax and accounting law, then deleted.
  • IP hashes: kept for 90 days — long enough for abuse protection — then deleted.
  • Email exchanges: kept while the relationship is active, or for 24 months after the last contact — whichever is longer.

Your rights

Under the GDPR and the Portuguese Data Protection Act, you can request access to your data, its rectification, erasure, portability, restriction of processing, or object to it. For any of these requests, write to contacto@risura.com. A reply follows within one month. If you believe the processing does not comply with the law, you have the right to lodge a complaint with the CNPD (the Portuguese data protection authority), or with the supervisory authority of your country of residence.

International transfers

The infrastructure that serves this site is located in European Union (Germany). Where additional processors (email provider) operate outside the European Union, those transfers rely on standard contractual clauses and on the safeguards published by the recipient.

Changes to this notice

This notice is updated when data-processing practices change significantly. The "Updated" date at the top of the page marks the version in force. Substantive changes stay flagged on the site's home page for 30 days, so they are visible to returning visitors.