Talk To Your DataTalk To Your Data

Privacy Policy

Effective Date: 01-08-2025

Last Updated: 07-08-2025

1. INFORMATION WE COLLECT

1.1 Account Information

  • Email address and password (for direct registration)
  • OAuth profile information (when using third-party login providers like GitHub, Google)
  • Organization and team membership details

1.2 Integration Data

  • Connection Credentials: API keys, database credentials, and access tokens for your connected services, securely encrypted and stored via Infisical
  • Metadata: Database schema information, table names, and structural data necessary for query generation
  • Query Logs: Records of queries executed and responses generated to improve service functionality

1.3 Usage Data

  • Chat conversations and AI interactions
  • Feature usage patterns and preferences
  • Technical logs for debugging and performance optimization
  • IP addresses and browser information for security purposes

1.4 Analytics Data

🔍 Analytics Collection Notice

We use PostHog (Europe) to collect anonymous analytics data to improve our service and understand how users interact with our platform.

  • Website Analytics: Anonymous usage data on our public website, including page views, navigation patterns, and user interactions (no personal identification)
  • Product Analytics: For authenticated users within the application, we collect anonymized product usage metrics including:
    • Feature usage patterns and frequency
    • User interface interactions and navigation flows
    • Performance metrics and error tracking
    • Session duration and engagement metrics
  • Technical Information: Browser type, operating system, device characteristics, screen resolution (anonymized)
  • Geographic Data: Country/region-level location data (not precise location)

⚠️ Important Analytics Disclaimers:

  • EU Data Processing: All analytics data is processed within the EU through PostHog EU Cloud to ensure GDPR compliance
  • No Personal Data: We do not track personally identifiable information in our analytics. User identifiers are hashed and anonymized
  • No Database Content: Analytics never capture the content of your queries, database data, or sensitive business information
  • Consent Required: Analytics collection is essential for service operation and requires your consent to use our platform
  • Data Retention: Analytics data is retained for 12 months maximum for service improvement purposes

2. HOW WE USE YOUR INFORMATION

2.1 Service Provision

  • Process your natural language queries and generate database insights
  • Maintain secure connections to your data sources
  • Provide chat history and context for improved user experience
  • Enable team collaboration and organizational features

2.2 Service Improvement

  • Analyze usage patterns to enhance AI model performance
  • Improve query accuracy and response quality
  • Develop new features and integrations
  • Optimize platform performance and reliability

2.3 Communication

  • Send account-related notifications and updates
  • Provide customer support and technical assistance
  • Communicate service changes and new features
  • Process billing and subscription management

3. DATA SHARING AND DISCLOSURE

3.1 Third-Party Service Providers

We share limited data with trusted service providers who assist in delivering our service:

  • AI Service Providers (e.g., OpenAI, Google) - for processing queries and generating responses
  • Infrastructure Providers (e.g., cloud hosting, CDN services) - for platform operation
  • Payment Processors (e.g., Stripe) - for billing and subscription management
  • Security Services (e.g., Infisical) - for secure credential storage
  • Analytics Providers (PostHog Europe) - for anonymous usage analysis and service improvement

3.2 Legal Requirements

We may disclose your information when required by law or to:

  • Comply with legal obligations, court orders, or regulatory requirements
  • Protect our rights, property, or safety, or that of our users
  • Investigate potential violations of our Terms of Service
  • Prevent fraud, security threats, or illegal activities

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

4. DATA SECURITY

4.1 Security Measures

  • Encryption: All data is encrypted in transit (TLS) and at rest (AES-256)
  • Access Controls: Strict authentication and authorization mechanisms
  • Credential Management: Database credentials and API keys are managed through Infisical's secure vault
  • Network Security: Firewalls, VPNs, and network segmentation
  • Regular Audits: Security assessments and vulnerability scanning

4.2 Data Minimization

  • We only access and store data necessary for service functionality
  • Database queries are read-only by default unless explicitly granted write access
  • Personal data in your databases is not copied or stored permanently
  • Query results are cached temporarily for performance optimization

4.3 Incident Response

In the event of a security incident, we will notify affected users within 72 hours as required by GDPR and other applicable laws.

5. YOUR RIGHTS AND CHOICES

5.1 GDPR Rights (EU Residents)

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Export your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdrawal of Consent: Withdraw consent for data processing where applicable

5.2 Account Management

  • Access and update your account information through your dashboard
  • Manage connected integrations and data access permissions
  • Review and delete chat history and query logs
  • Configure data retention preferences

5.3 Analytics Data Collection

📊 Analytics Notice

Analytics data collection is essential for service functionality and improvement. By using our service, you consent to this data collection as described above.

5.4 Communication Preferences

  • Opt out of marketing communications (account-related emails will continue)
  • Configure notification preferences for your account
  • Manage team and organizational communication settings

6. DATA RETENTION

6.1 Retention Periods

  • Account Data: Retained while your account is active and for 30 days after deletion
  • Chat History: Retained for service improvement unless deleted by user
  • Integration Credentials: Deleted immediately upon disconnection or account termination
  • Billing Data: Retained for 7 years for legal and accounting purposes
  • Technical Logs: Retained for 90 days for debugging and security purposes

6.2 Deletion Process

Upon account deletion, we will securely delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes.

7. INTERNATIONAL DATA TRANSFERS

Your data may be transferred to and processed in countries outside the European Economic Area, including the United States, where our service providers operate.

7.1 Safeguards

  • Standard Contractual Clauses (SCCs) with non-EU service providers
  • Adequacy decisions recognized by the European Commission
  • Binding Corporate Rules for multinational service providers
  • Industry-standard security measures regardless of processing location

8. CHILDREN'S PRIVACY

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected such information, we will take steps to delete it promptly.

9. UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated with 2 weeks' notice via email or through our platform.

Your continued use of the service after the effective date of changes constitutes acceptance of the updated Privacy Policy.

10. CONTACT INFORMATION

10.1 Data Protection Officer

For privacy-related inquiries, data protection requests, or concerns about how we handle your information:

Email: team@talktoyourdata.com

10.2 Supervisory Authority

EU residents have the right to lodge a complaint with their local data protection authority if they believe their privacy rights have been violated.

As we are based in Spain, the relevant authority is the Spanish Data Protection Agency (Agencia Española de Protección de Datos - AEPD).

By using our service, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.