Data Controller: Gitogi Srl, Piazza IV Novembre 4, 20124 Milano — VAT No. 14288420962
Last updated: 1 March 2026
In compliance with EU Regulation 2024/1689 (AI Act), in particular Article 50 on transparency, this page describes how gitogi uses artificial intelligence systems on its website.
1. AI Systems in Use
gitogi uses two artificial intelligence-based systems:
1.1 AI Assistant (Chatbot)
The chatbot on this website is a generative artificial intelligence system based on Large Language Models (LLMs). It is not a human.
- Purpose: to provide information about gitogi services, answer general questions about AI governance, and direct visitors to the most relevant resources.
- Technology: third-party language models (OpenAI, Anthropic), integrated via the Vercel AI SDK with retrieval-augmented generation (RAG) over the website's content.
- Data residency: conversations are stored on servers within the European Union (Supabase Postgres, Frankfurt). Messages are sent to AI providers (OpenAI/Anthropic) for response generation, subject to their respective data processing agreements.
- Retention: conversations are automatically deleted after 90 days.
- Lead extraction: messages are automatically scanned using pattern matching (regex) to extract voluntarily provided contact data (email, phone number). This data is associated with the conversation for commercial follow-up purposes.
1.2 Automated Lead Scoring
We use an automated scoring system to classify contacts based on their level of interest and relevance. This system falls within the category of automated profiling under Article 22 of the GDPR.
- Purpose: to prioritise contacts that show greater interest in our services, in order to provide more timely and relevant follow-up.
- How it works: the score is based exclusively on behavioural signals: email type (professional vs. free), declared profession, firm size, assessment completion, guide downloads, and newsletter subscription.
- What we do NOT consider: age, gender, ethnicity, sexual orientation, political or religious opinions, health status, or any other sensitive data (Art. 9 GDPR).
- Algorithm: deterministic rule-based, not a machine learning model. Each signal has a fixed, documented, and verifiable weight.
- Versioning: each version of the algorithm is uniquely identified (currently v1.0.0) and every calculation is recorded in the AI audit log.
2. Scoring Algorithm Transparency
In compliance with AI Act Art. 12 (record-keeping) and Art. 50 (transparency), we publicly document how the algorithm works:
| Signal | Points | Rationale |
|---|
| Professional email | +10 | Indicates a professional context |
| Target profession (accountant, lawyer, labour consultant) | +20 | Ideal customer profile for the service |
| Firm with more than 5 people | +15 | Greater AI impact potential |
| Assessment completed | +25 | Strong signal of interest |
| Guide downloaded | +10 (max 3) | Informational interest |
| Active newsletter subscription | +10 | Ongoing engagement |
3. Limitations and Potential Errors
3.1 Chatbot
- Responses are generated automatically and may contain inaccuracies or hallucinations. They do not replace professional advice.
- The chatbot does not have access to confidential data or internal systems. It responds exclusively based on the public content of the website.
- It does not retain context across different sessions (unless the user is authenticated).
3.2 Lead Scoring
- The score reflects only the observed digital signals and not the actual quality of the potential client.
- A low score does not result in the refusal of any service. All contacts receive a response regardless of their score.
- The system may overestimate or underestimate a user's actual level of interest.
4. Your Rights
In compliance with the GDPR (Art. 15-22) and the AI Act, you have the right to:
- Know whether you have been profiled and with what score (Art. 15 GDPR).
- Request an explanation of the assigned score and the criteria used (Art. 22 GDPR).
- Contest the score and request a human review. The sales team can always override the automated score.
- Object to automated profiling (Art. 21 GDPR).
- Request the deletion of all your data (Art. 17 GDPR).
To exercise these rights, write to info@gitogi.com or use the Your Data page.
5. Human Oversight
All gitogi AI systems operate under human supervision:
- The chatbot is an informational tool. No commercial decisions are made automatically based on the chatbot's responses.
- Lead scoring is a prioritisation aid. The sales team always evaluates every contact independently of the score.
- Every calculated score is recorded in the AI audit log with anonymised inputs, outputs, and algorithm version, in compliance with Art. 12 of the AI Act.
6. AI Providers and Data Localisation
| Provider | Use | Data Sent | Legal Basis for Transfer |
|---|
| OpenAI (USA) | Chatbot — response generation; text embeddings for RAG vector search | Conversation messages; user queries for vectorisation | SCCs + DPA |
| Anthropic (USA) | Chatbot — alternative provider | Conversation messages | SCCs + DPA |
| Supabase (Frankfurt, EU) | Database, RAG embeddings | All structured data | Data within EU |
7. Technical Documentation
In compliance with the AI Act, we maintain the following documentation:
- DPIA (Data Protection Impact Assessment) for the lead scoring system
- AI Model Card with a description of the algorithm, features used, performance metrics, and known limitations
- Audit log of every scoring calculation with anonymised inputs, outputs, and model version
To request a copy of this documentation, contact info@gitogi.com.
8. Updates
This disclosure is updated whenever we modify the AI systems in use or their purposes. Significant changes are communicated via the newsletter and published on this page.
9. Contact
For any questions about the use of artificial intelligence on gitogi.com: