Back to DataInsight

Privacy Policy

Last Updated: May 18, 2026

1. Data We Collect

DataInsight is designed with a data-minimization-first philosophy. We only collect the minimum information necessary to provide our service:

  • Account Information: Username, email (for verification), and hashed password. We never store passwords in plain text.
  • Usage Logs: Login/logout timestamps, user ID, device ID hash (SHA-256). We do not store raw device identifiers, IP addresses (beyond session), or full phone numbers.
  • Action Logs: Key actions such as file uploads, AI feature usage counts. No file content is stored on our servers.
  • Advertising Conversion Events: We use Google Ads conversion measurement to understand whether registration and purchase-related actions came from our ads. Conversion events may include event time, page context, browser/device signals, and Google identifiers where available, but do not include your uploaded spreadsheet content.
  • AI Configuration: Model settings (API key, base URL, model name) stored encrypted in the database. API keys are never exposed to other users.

2. Data We Do NOT Collect

  • Your uploaded data files — All spreadsheet data is processed in your browser and never sent to our servers unless you explicitly use AI features.
  • Dashboard configurations — Stored locally in your browser only.
  • Custom metrics, alerts, or templates — Stored locally in your browser only.
  • Browsing history unrelated to DataInsight — We do not collect your browsing activity outside our service.

3. AI Feature Data Handling

When you use AI-powered features (Smart Insights, AI Q&A, NL2Dashboard, etc.), your data is temporarily sent to the AI model provider you configured. This data:

  • Is transmitted over encrypted connections (TLS 1.3)
  • Is not stored by DataInsight after the AI response is returned
  • Is subject to the AI provider's own privacy policy
  • We track only metadata: function type, model name, token counts, and latency for cost management

4. Your Rights (GDPR / CCPA)

Under applicable data protection regulations, you have the right to:

  • Access — Request a copy of all data we hold about you (available in Settings → Data Compliance)
  • Deletion — Request complete erasure of your account and all associated data
  • Portability — Export your data in machine-readable format (JSON)
  • Objection — Opt out of usage tracking at any time (Settings → Data Compliance)
  • Rectification — Update your account information at any time

5. Data Retention

  • Activity logs: Automatically deleted after 90 days
  • Form collection data: 72-hour TTL with 24-hour advance warning
  • Account data: Retained until account deletion is requested
  • AI usage metadata: Retained for 12 months for cost analysis, then auto-deleted
  • Advertising conversion data: Retained according to Google Ads measurement settings and applicable law

6. Data Security

  • All data in transit is encrypted via TLS 1.3
  • Passwords are hashed using bcrypt (cost factor 12)
  • Device IDs are stored as SHA-256 hashes only
  • API keys are stored encrypted in the database
  • Row-level security policies prevent cross-user data access

7. Third-Party Services

We use infrastructure, AI, payment, and advertising measurement providers to operate and improve DataInsight, including Supabase, user-configured AI model providers, payment processors, and Google Ads conversion measurement. These providers process data under their own terms and privacy policies.

8. Cookies and Similar Technologies

We use essential cookies or local storage for authentication and preferences. We may also use Google advertising tags to measure ad conversions. You can control cookies through your browser settings, but disabling essential storage may prevent login or core features from working.

9. Contact

For privacy-related inquiries, contact us through the in-app support or email support@datainsight.app