Security & Privacy

Your intelligence stays yours.

DESTA handles sensitive competitive intelligence. We built our data architecture around one principle: your data is your data, and the intelligence we generate for you is never shared, aggregated, or used to improve anyone else's experience.

Core Principles

How we think about your data.

Account-isolated by default

Your preferences, priorities, decision context, and briefing history are isolated to your account. We do not pool data across accounts. The intelligence DESTA generates for you is informed only by your inputs and public data sources.

Minimal collection

We collect only what is necessary to build your operating brief: your email, your topic preferences, your priority settings, and your feedback on signal relevance. We do not track browsing behavior, install cookies for advertising, or build shadow profiles.

Transparent sourcing

Every signal in your brief comes from publicly available data sources - news, SEC filings, job boards, press releases, social media, patent databases. DESTA does not use scraped private data, leaked documents, or proprietary databases.

Right to delete

You can delete your account and all associated data at any time. When you delete, we delete - your preferences, your briefing history, your feedback, and any personalization data. No retention period, no archived copies.

What We Collect

Exactly what we store, and why.

Email addressAccount identification and brief delivery.
Topic preferencesTo scope which competitive and market signals are relevant to you.
Priority and mode settingsTo personalize the brief - what to emphasize, what to compress, what to surface.
Signal feedbackWhen you mark a signal as acted-on, too early, or not relevant, DESTA uses that to improve future briefs for your account only.
Briefing historyTo track what has already been surfaced and avoid repeating low-value signals.
Basic analyticsPage views and session data (via privacy-first analytics with no cookies). Used to improve the product, never sold or shared.
AI Learning

How DESTA learns - and what it does not share.

DESTA improves over time by learning from your feedback. When you mark a signal as acted on, DESTA learns that similar signals are high-value for you. When you mark something as not relevant, DESTA learns to filter similar patterns in the future.

This learning is account-specific. Your feedback trains your briefing model, not a shared model. What DESTA learns about your priorities, timing preferences, and decision patterns is never used to influence another user's experience.

We do not train foundation models on your data. DESTA uses large language models to process and prioritize signals, but your account data is used only at inference time - it is not fed back into model training.

Infrastructure

Encryption and access controls.

All data in transit is encrypted via TLS 1.2+. Data at rest is encrypted using AES-256. API access is authenticated via short-lived tokens, and all endpoints require authentication.

Access to production systems is restricted to a small operations team, requires multi-factor authentication, and is logged. We do not share production data with third-party analytics or advertising platforms.

Our infrastructure runs on European data centers with strict data residency policies. We do not transfer personal data outside the EU without appropriate safeguards.

Compliance

GDPR compliance.

DESTA is built with GDPR compliance as a design constraint, not an afterthought. We process personal data under lawful bases (consent and legitimate interest), provide data portability upon request, and honor deletion requests completely.

We do not use personal data for purposes beyond delivering and improving your operating brief. We do not sell data. We do not share data with advertisers. We do not build behavioral profiles for targeting.

If you have questions about how we handle your data, or if you want to exercise your rights under GDPR, contact us at privacy@desta.ai.

What We Do NOT Collect

Lines we do not cross.

  • We do not read your email, calendar, or Slack (internal integrations are a future opt-in feature, not a default).
  • We do not install tracking cookies or use third-party advertising pixels.
  • We do not store payment card information directly - all payment processing is handled by PCI-compliant third parties.
  • We do not collect device fingerprints, IP-based location tracking, or cross-site browsing data.
  • We do not share any account data with other DESTA users, even within the same organization, unless you explicitly configure team sharing.
  • We do not use your data to train or fine-tune shared AI models.

Questions about security or privacy? Reach out to privacy@desta.ai and we will respond within 48 hours. You can also read more about who we are and how we built DESTA.

Your competitors already made their first move today.

Your operating brief is ready.

Start with one operating brief. DESTA will show you what matters, what to ignore, and what to do next - sourced, scored, and built around your decisions.

No credit card required. Your first DESTA brief arrives in minutes.