← Back to DataInsight

Privacy Policy

Last updated: May 15, 2025

1. Data We Collect

DataInsight is designed with a data-minimization-first philosophy. We only collect the minimum information necessary to provide our service:

  • Account Information: Username, email (for verification), and hashed password. We never store passwords in plain text.
  • Usage Logs: Login/logout timestamps, user ID, device ID hash (SHA-256). We do not store raw device identifiers, IP addresses (beyond session), or full phone numbers.
  • Action Logs: Key actions such as file uploads, AI feature usage counts. No file content is stored on our servers.
  • AI Configuration: Model settings (API key, base URL, model name) stored encrypted in the database. API keys are never exposed to other users.

2. Data We Do NOT Collect

  • Your uploaded data files — All spreadsheet data is processed in your browser and never sent to our servers unless you explicitly use AI features.
  • Dashboard configurations — Stored locally in your browser only.
  • Custom metrics, alerts, or templates — Stored locally in your browser only.
  • Browsing history or tracking pixels — We do not use analytics trackers from third parties.

3. AI Feature Data Handling

When you use AI-powered features (Smart Insights, AI Q&A, NL2Dashboard, etc.), your data is temporarily sent to the AI model provider you configured. This data:

  • Is transmitted over encrypted connections (TLS 1.3)
  • Is not stored by DataInsight after the AI response is returned
  • Is subject to the AI provider's own privacy policy
  • We track only metadata: function type, model name, token counts, and latency for cost management

4. Your Rights (GDPR / CCPA)

Under applicable data protection regulations, you have the right to:

  • Access — Request a copy of all data we hold about you (available in Settings → Data Compliance)
  • Deletion — Request complete erasure of your account and all associated data
  • Portability — Export your data in machine-readable format (JSON)
  • Objection — Opt out of usage tracking at any time (Settings → Data Compliance)
  • Rectification — Update your account information at any time

5. Data Retention

  • Activity logs: Automatically deleted after 90 days
  • Form collection data: 72-hour TTL with 24-hour advance warning
  • Account data: Retained until account deletion is requested
  • AI usage metadata: Retained for 12 months for cost analysis, then auto-deleted

6. Data Security

  • All data in transit is encrypted via TLS 1.3
  • Passwords are hashed using bcrypt (cost factor 12)
  • Device IDs are stored as SHA-256 hashes only
  • API keys are stored encrypted in the database
  • Row-level security policies prevent cross-user data access

7. Contact

For privacy-related inquiries, contact us through the in-app support or email privacy@datainsight.app