Privacy Policy
Last Updated: January 11, 2026
Effective Date: January 11, 2026
Privacy Commitment: Data Facets Inc. ("Company", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Data Facets platform ("Service"). Please read this Privacy Policy carefully.
2. How We Collect Information
2.1 Direct Collection
We collect information directly from you when you:
- Register for an account
- Input metadata into the Service
- Update your profile or settings
- Contact our support team
- Respond to surveys or feedback requests
- Subscribe to newsletters or communications
2.2 Automatic Collection
We use cookies, log files, and similar technologies to automatically collect usage and device information. See our Cookies section for more details.
2.3 Third-Party Sources
We may receive limited information from third parties, such as:
- Single Sign-On (SSO) providers (if you authenticate via SSO)
- Payment processor (Stripe) - confirmation of payment status only, not card details
- Analytics providers (aggregated usage data)
3. How We Use Your Information
3.1 Service Provision
We use your information to:
- Create and manage your account
- Provide access to the Service and its features
- Process and manage your subscription
- Authenticate your identity
- Store and display your metadata content
- Enable multi-tenant data segregation
3.2 Service Improvement
We use aggregated and anonymized data to:
- Analyze usage patterns and trends
- Improve and optimize the Service
- Develop new features and functionality
- Conduct research and analytics
3.3 Communication
We use your contact information to:
- Send transactional emails (account confirmations, password resets)
- Provide customer support
- Send service announcements and updates
- Send marketing communications (with your consent where required)
- Respond to your inquiries
3.4 Security and Compliance
We use information to:
- Detect, prevent, and address fraud and abuse
- Monitor and enforce compliance with our Terms of Service
- Protect the security and integrity of the Service
- Comply with legal obligations
- Respond to legal requests and prevent harm
3.5 What We Do NOT Do
We do NOT:
- Sell your personal information to third parties
- Share your personal information for third-party advertising purposes
- Use your User Content (metadata) for purposes unrelated to providing the Service
- Profile you for automated decision-making that significantly affects you
4. Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA) or UK, we process your personal data based on the following legal grounds:
| Processing Purpose |
Legal Basis |
| Account creation and service provision |
Performance of contract |
| Payment processing |
Performance of contract |
| Customer support |
Performance of contract / Legitimate interest |
| Service improvements and analytics |
Legitimate interest |
| Marketing communications |
Consent |
| Fraud prevention and security |
Legitimate interest / Legal obligation |
| Legal compliance |
Legal obligation |
| Cookies (non-essential) |
Consent |
5. Information Sharing and Disclosure
5.1 We Share Information With:
Service Providers
We share information with third-party vendors who perform services on our behalf, subject to confidentiality obligations. See Section 6 for details.
Within Your Organization
Information you input into the Service is accessible to other authorized users within your Organization (Tenant) as configured by your administrator.
Legal Requirements
We may disclose information when required to:
- Comply with applicable laws, regulations, or legal processes
- Respond to lawful requests from public authorities
- Protect our rights, privacy, safety, or property
- Enforce our Terms of Service
- Protect against legal liability
Business Transfers
In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you before your information becomes subject to a different privacy policy.
5.2 We Do NOT Share:
- Your User Content with other Tenants (multi-tenant isolation is maintained)
- Your personal information with third parties for their marketing purposes
- Your data with advertisers
6. Third-Party Service Providers
We use the following categories of third-party service providers who may have access to personal information:
| Category |
Purpose |
Data Accessed |
Cloud Infrastructure
(e.g., AWS, Google Cloud, Azure) |
Hosting and data storage |
All Service data |
Payment Processing
Stripe, Inc. |
Process subscription payments |
Payment card data (NOT stored by us), billing address, email |
Analytics
(e.g., Google Analytics, Mixpanel) |
Usage analytics and insights |
Anonymized/aggregated usage data, IP address |
Email Services
(e.g., SendGrid, Mailgun) |
Send transactional and marketing emails |
Email address, name |
Customer Support
(e.g., Zendesk, Intercom) |
Provide customer support |
Name, email, support tickets |
Error Monitoring
(e.g., Sentry, Datadog) |
Monitor application errors |
Error logs, IP address, browser info |
Payment Card Data: We do not collect, store, or have access to your complete payment card information. All payment card data is transmitted directly to and processed exclusively by Stripe. We only receive confirmation of payment status and partial card information (last 4 digits) for display purposes.
7. Data Security
7.1 Security Measures
We implement industry-standard security measures to protect your information, including:
- Encryption of data in transit (TLS/SSL)
- Encryption of data at rest
- Access controls and authentication
- Regular security assessments and audits
- Employee security training
- Incident response procedures
- Multi-tenant data isolation
7.2 No Guarantee
Important: While we take reasonable measures to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data. You use the Service at your own risk.
7.3 Your Security Responsibilities
You are responsible for:
- Maintaining the confidentiality of your account credentials
- Ensuring authorized users within your organization follow security best practices
- Promptly notifying us of any suspected unauthorized access
- Maintaining backups of your User Content
8. Data Retention
8.1 Retention Periods
We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law:
| Data Type |
Retention Period |
| Account information |
Duration of active account + 30 days after termination |
| User Content (metadata) |
Duration of active account + 30 days for export after termination |
| Transaction records |
7 years (for legal/tax compliance) |
| Support correspondence |
3 years from last interaction |
| Usage logs |
12 months (aggregated data may be retained longer) |
| Marketing preferences |
Until you withdraw consent |
8.2 Deletion
After the retention period expires, we will delete or anonymize your information, except where retention is required by law or for legitimate business purposes (e.g., resolving disputes, enforcing agreements).
9. International Data Transfers
9.1 Data Location
Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from your country.
9.2 Transfer Safeguards
When we transfer personal data from the EEA, UK, or Switzerland, we use appropriate safeguards, including:
- Standard Contractual Clauses approved by the European Commission
- Reliance on the EU-US Data Privacy Framework (for participating US organizations)
- Consent where appropriate
9.3 Your Consent
By using the Service, you consent to the transfer and processing of your information as described in this Privacy Policy.
10. Your Privacy Rights
Depending on your location, you may have certain rights regarding your personal information:
10.1 General Rights
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal information, subject to legal requirements
- Portability: Request a copy of your data in a portable format
- Opt-out: Opt out of marketing communications at any time
10.2 Exercising Your Rights
To exercise these rights, please contact us at privacy@datafacets.com. We will respond within the timeframe required by applicable law (typically 30 days).
10.3 Verification
We may need to verify your identity before processing your request to protect your privacy and security.
11. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
11.1 Right to Know
You have the right to request information about:
- Categories of personal information collected
- Sources of personal information
- Purposes for collecting personal information
- Categories of third parties with whom we share personal information
- Specific pieces of personal information collected about you
11.2 Right to Delete
You have the right to request deletion of your personal information, subject to certain exceptions.
11.3 Right to Correct
You have the right to request correction of inaccurate personal information.
11.4 Right to Opt-Out of Sale/Sharing
We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
11.5 Right to Non-Discrimination
We will not discriminate against you for exercising your privacy rights.
11.6 Categories of Personal Information
In the past 12 months, we have collected the following categories of personal information:
- Identifiers (name, email, IP address)
- Commercial information (subscription and payment history)
- Internet activity (usage data, browsing history within the Service)
- Professional information (job title, company)
- Inferences drawn from the above
11.7 Contact for California Residents
To exercise your California privacy rights, email us at privacy@datafacets.com or submit a request through your account settings.
Do Not Sell or Share My Personal Information: We do not sell or share personal information. If you still wish to submit a "Do Not Sell" request, please contact us at the email above.
12. European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):
12.1 Your GDPR Rights
- Right of Access: Obtain confirmation of processing and a copy of your data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion ("right to be forgotten")
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests or for direct marketing
- Rights Related to Automated Decision-Making: We do not use automated decision-making with legal or similarly significant effects
12.2 Data Controller
Data Facets Inc. is the data controller for personal information collected through the Service.
12.3 Supervisory Authority
You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.
12.4 Contact
For GDPR-related inquiries, contact our Data Protection Officer at dpo@datafacets.com.
13. Cookies and Tracking Technologies
13.1 What Are Cookies
Cookies are small text files placed on your device when you visit our Service. We use cookies and similar technologies (web beacons, pixels, local storage) to collect information and improve the Service.
13.2 Types of Cookies We Use
| Type |
Purpose |
Duration |
| Essential |
Required for Service functionality (authentication, security) |
Session or up to 1 year |
| Functional |
Remember preferences and settings |
Up to 1 year |
| Analytics |
Understand usage patterns and improve Service |
Up to 2 years |
| Marketing |
Deliver relevant communications (with consent) |
Up to 1 year |
13.3 Managing Cookies
You can control cookies through:
- Our cookie consent banner (where displayed)
- Your browser settings
- Third-party opt-out tools (e.g., NAI, DAA)
Disabling cookies may affect Service functionality.
13.4 Do Not Track
See Section 15 for our Do Not Track policy.
For more details, see our Cookie Policy.
14. Children's Privacy
The Service is not intended for individuals under 18 years of age (or the age of legal majority in their jurisdiction). We do not knowingly collect personal information from children.
If we learn that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us at privacy@datafacets.com.
15. Do Not Track Signals
Some browsers include a "Do Not Track" (DNT) feature that signals websites not to track users. There is currently no uniform standard for responding to DNT signals. At this time, our Service does not respond to DNT browser signals. However, you can manage tracking through our cookie settings and by adjusting your browser preferences.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons.
16.1 Notification of Changes
If we make material changes, we will:
- Update the "Last Updated" date at the top of this policy
- Provide notice through the Service or via email
- For significant changes, seek your consent where required by law
16.2 Review
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes constitutes acceptance of the updated policy.
