Privacy Policy

1. Information We Collect

1.1 Information You Provide

Account Information: When you create an account, we collect your name, email address, password, and any optional profile information you choose to provide.

Content and Data: We store and process the datasets, visualizations, stories, and other content you create or upload to our platform. You retain full ownership of this content.

Communications: When you contact our support team or participate in surveys, we collect the information you provide in those communications.

Payment Information: For paid services, our payment processors collect payment card information, billing addresses, and transaction details. We do not store complete payment card information on our servers.

1.2 Information We Collect Automatically

Usage Data: We automatically collect information about how you use our Services, including pages visited, features used, time spent, and interaction patterns.

Device Information: We collect information about the devices you use to access our Services, including IP address, browser type, operating system, and device identifiers.

Log Data: Our servers automatically record information when you use our Services, including request types, timestamps, and error logs.

2. How We Use Your Information

We use your personal information for the following purposes:

2.1 Service Provision

• Provide access to our data storytelling platform and tools
• Process and visualize your data as requested
• Enable publishing and sharing of your data stories
• Provide customer support and respond to your inquiries

2.2 Service Improvement

• Analyze usage patterns to improve our platform and features
• Develop new tools and capabilities
• Optimize performance and fix technical issues
• Conduct research and analytics (using aggregated, non-personal data)

2.3 Communications

• Send important updates about our Services
• Notify you about security issues or policy changes
• Provide educational content and product updates (with your consent)
• Respond to your questions and support requests

2.4 Security and Compliance

• Protect against fraud, abuse, and security threats
• Ensure platform security and prevent misuse
• Comply with legal obligations and enforce our terms
• Investigate and resolve disputes

Our processing of personal information is based on the following legal grounds:

1. Contract performance (to deliver our Services)
2. Legitimate interests (to improve and secure our platform)
3. Legal obligations (to comply with laws and regulations)
4. Consent where applicable (such as for marketing communications and cookies)

3. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We only share your information in the following limited circumstances:

3.1 With Your Consent

We may share your information when you explicitly consent, such as when you choose to publish your data stories publicly or integrate with third-party services.

3.2 Service Providers

We work with trusted third-party service providers who help us operate and improve our Services. These providers are contractually bound to protect your information and may only use it for the specific services they provide to us. See our List of Subprocessors for details.

3.3 Legal Requirements

We may disclose your information when required by law, such as in response to valid legal process, to protect our rights, or to ensure the safety of our users.

3.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

4. Data Security

We implement comprehensive security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

• Encryption: Data is encrypted in transit and at rest using industry-standard protocols
• Access Controls: Strict access controls and authentication requirements
• Infrastructure: Secure cloud infrastructure with regular security audits
• Monitoring: Continuous monitoring for security threats and vulnerabilities
• Staff Training: Regular security training for all employees

For detailed information about our security practices, please see our Security page.

5. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of your personal information
• Rectification: Correct inaccurate or incomplete information
• Erasure: Request deletion of your personal information
• Restriction: Limit how we process your information
• Portability: Receive your data in a machine-readable format
• Objection: Object to certain types of processing
• Withdrawal: Withdraw consent for processing based on consent

To exercise these rights, please contact us at hello@datastory.tech. We will respond to your request within 30 days.

For EU residents, please see our GDPR Compliance page for detailed information about your rights under European data protection law.

6. Data Retention

We retain your personal information only as long as necessary to:

• Provide our Services to you
• Comply with legal obligations
• Resolve disputes and enforce our agreements
• Maintain security and prevent fraud

When you delete your account, we will delete your personal information within 30 days, except for information we are required to retain by law or for legitimate business purposes such as fraud prevention.

7. International Data Transfers

Your information may be processed in countries other than your own, including within the European Union, the United States, and other regions where our service providers operate.

When we transfer personal information internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission and other mechanisms recognized under applicable data protection laws.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your session and keep you logged in
• Remember your preferences and settings
• Analyze how our Services are used to improve performance
• Prevent fraud and enhance security

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our Services. For more details, please see our cookie policy.

9. Children's Privacy

Our Services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately and we will delete such information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. For significant changes, we may also send you an email notification. Your continued use of our Services after changes become effective constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

This Privacy Policy is effective as of the date listed above and replaces any prior privacy policies. If you have any questions about this policy or how we handle your personal information, please don't hesitate to contact us.