Privacy Policy - DataAgents

At DataAgents ("we", "us", or "our"), we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share information when you use our services.

1. Information We Collect

a. Account and Tenant Information

We collect your name, email address, company information, and user role when you sign up. We also store tenant metadata such as company name, configuration templates, and default destination preferences.

b. Usage Data

We record actions performed through the DataAgents assistant (e.g., "create dashboard", "train model"), as well as logs, events, and system activity for analytics, security, and debugging.

c. Source and Destination Data

We store connection configurations (e.g., hostnames, API tokens, sync schedules) for data ingestion and export. Metadata such as table names, schemas, and profiles may be analyzed to support automation.

d. Generated Content

This includes automatically generated SQL, Python scripts, dashboards, and machine learning models produced during the use of our services.

e. Support Data

We collect communications with our support team, including error reports and feedback, to improve service quality.

2. Data Controlled by You

When you connect third-party systems such as Google Ads, you remain the data controller of that information. DataAgents acts solely as a data processor, accessing your data only to perform authorized actions (e.g., analytics, reporting, or forecasting) within your workspace. We never use this data to build advertising profiles or share it outside your tenant.

3. Purpose Limitation - How We Use Your Data

We process personal data only for specified, explicit, and legitimate purposes:

• Service Delivery: To provide, maintain, and improve the DataAgents platform.
• Data Processing: To automate data engineering and analytics tasks as part of our core service.
• Security and Reliability: To ensure platform security, prevent fraud, and maintain system reliability.
• Communication: To communicate important updates, service changes, or respond to inquiries.
• Legal Compliance: To comply with legal obligations, including tax, accounting, and regulatory requirements.
• Service Improvement: To train and fine-tune internal models using anonymized and non-sensitive logs only.

4. Data Retention

• User-generated data: Retained for the duration of your active subscription. Upon termination, data is retained for 30 days then securely deleted.
• System logs and sync history: Retained for up to 90 days for operational and security purposes.
• Billing and payment records: Retained for 7 years as required by tax regulations.
• Audit logs: Retained for 3 years for compliance and security monitoring.
• Support communications: Retained for 2 years after the support case is closed.

5. Data Sharing and Sub-Processors

We do not sell your data. We only share data with:

• Cloud hosting providers: Google Cloud Platform (GCP) securely processes and stores data. GCP maintains SOC 2 Type II, ISO 27001, and HIPAA certifications.
• AI/ML service providers: LLM providers (OpenAI, Anthropic, Google Gemini) for AI-powered features. These providers do not use your data to train models.
• Payment processors: Stripe processes payment information. We do not store payment card details.
• Analytics providers: PostHog (with your consent) for product analytics.
• Third-party services: Services explicitly configured by you (e.g., BigQuery, S3, Snowflake).
• Legal authorities: Only if required by law.

6. Security

We enforce encryption at rest and in transit, strict role-based access control, and complete tenant isolation. All AI-generated actions are schema-validated to prevent injection or unauthorized access.

7. International Data Transfers

Your data may be processed in France or in other countries where our cloud providers operate. We ensure appropriate safeguards through data processing agreements and secure transfer mechanisms.

8. Your Rights

You have the right to:

• Access, correct, or delete your data.
• Export your tenant's configurations and generated outputs.
• Object to certain types of data processing, such as marketing communications.

To exercise these rights, contact us at [email protected].

9. Use of Google User Data

DataAgents' use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We only use Google Ads API data to retrieve performance metrics for analytics, forecasting, and automated reporting on behalf of our customers. No write operations, campaign modifications, or data reselling are performed.

10. Updates to This Policy

We may update this Privacy Policy periodically. Significant changes will be communicated through your dashboard or by email. All updates take effect immediately upon publication.

11. Contact Information