Privacy Policy
Last updated: May 8, 2026
1. Information we collect
We collect information you provide directly (name, work email, company, payment details at checkout) and information generated by your use of the Service (API request logs, pipeline configurations, usage metrics, IP addresses, and browser/device metadata for security purposes).
2. How we use your data
We use collected data to: (a) deliver and operate the Service; (b) process payments and calculate usage-based billing; (c) send transactional communications (invoices, alerts, security notices); (d) maintain platform security and investigate abuse; (e) improve reliability and product quality using aggregated, anonymized telemetry.
We do not sell your personal data to third parties.
3. Third-party service providers
We share data with the following categories of sub-processors who act on our instructions:
- Stripe — payment processing and subscription management
- Neon / PostgreSQL — cloud database hosting
- Resend — transactional email delivery
- Cloudflare — CDN, edge compute, and DDoS protection
- Vercel — application hosting and deployment
- Render — backend API hosting
- Upstash — Redis-based rate limiting and caching
- Sentry — error monitoring and crash reporting (may contain request metadata)
4. Cookies and tracking
We use essential session cookies required for authentication and security. We do not use third-party advertising or tracking cookies. Disabling cookies will prevent you from logging into the dashboard.
5. Data retention
Account data is retained for the duration of your subscription plus 90 days after cancellation, after which it is deleted from production systems. Billing records and audit logs are retained for 7 years as required by financial regulations. Anonymized usage aggregates may be retained indefinitely.
6. Data security
All data in transit is encrypted via TLS 1.2+. API keys are stored only as peppered SHA-256 hashes. Passwords are stored using bcrypt. Access to production systems is restricted by role-based controls and audit-logged. For full security controls, see our Security page.
7. GDPR / CCPA rights
Depending on your location, you have the right to: access a copy of your personal data; correct inaccurate data; request deletion ("right to erasure"); restrict or object to processing; receive your data in a portable format; and opt out of sale (we do not sell data).
To exercise any of these rights, use our contact form. We will respond within 30 days.
8. Data breach notification
In the event of a data breach affecting your personal information, we will notify affected users by email within 72 hours of becoming aware of the breach, as required by GDPR Article 33. The notice will describe the nature of the breach, data affected, and steps we are taking to remediate it.
9. Children's privacy
The Service is not directed at individuals under 16. We do not knowingly collect personal data from children. If we become aware that a child has provided us personal data, we will delete it promptly.
10. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-app notice at least 14 days in advance. Continued use of the Service after the effective date constitutes acceptance.
11. Data controller
The data controller for personal data processed through the Service is DataVibe. For GDPR purposes, you may contact us at [email protected] or via our contact form. We will respond to data requests within 30 days.