Privacy Policy

1. Information We Collect

We collect information you provide directly and information collected automatically:

Information you provide:

• Account information: name, email address, password (hashed, never stored in plain text)
• Profile information: avatar, display name (optional)
• Payment information: billing details processed and stored by our payment provider (Dodo Payments) — we do not store raw card data
• Communications: messages you send to our support team

Information collected automatically:

• Usage data: pages visited, features used, dashboard views, click events
• Device information: browser type, operating system, screen resolution
• Log data: IP address, access timestamps, referring URLs
• Cookies: session cookies required for authentication; no third-party advertising cookies

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process transactions and send billing-related communications
• Send transactional emails (account confirmations, password resets, billing alerts)
• Respond to support requests and feedback
• Monitor and analyze usage patterns to improve the product
• Detect, prevent, and address technical issues and abuse
• Comply with legal obligations

We do not use your data for advertising, and we do not sell your personal information to any third party.

3. Google Sheets Data

When you connect a Google Sheet, DataRich requests read-only access to that specific spreadsheet via Google OAuth. Regarding this data:

• We access only the spreadsheets you explicitly connect — not your entire Google Drive
• We cache a copy of your sheet data on our servers solely to render your dashboards and support auto-refresh
• Cached data is tied to your account and is not accessible to other users
• We do not analyze, sell, or share your spreadsheet contents with any third party
• You can revoke our access at any time via your Google Account security settings
• Upon account deletion, all cached sheet data is permanently deleted within 30 days

Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

4. Data Retention

• Account data: Retained while your account is active. Deleted within 30 days of account closure.
• Dashboard configurations: Deleted upon account closure or when you delete a dashboard.
• Cached sheet data: Deleted within 30 days of account closure or when the connected dashboard is deleted.
• Billing records: Retained for 7 years as required by US financial regulations.
• Server logs: Retained for up to 90 days for security and debugging purposes.

5. Cookies & Tracking

We use cookies and similar technologies to operate the Service. Specifically:

• Authentication cookies: Required to keep you logged in. These are session cookies managed by Supabase Auth.
• Preference cookies: Store lightweight UI preferences (optional).

We do not use third-party advertising cookies, tracking pixels, or behavioral retargeting. You can disable cookies in your browser settings, though this will prevent you from logging in.

6. Third-Party Services

We use the following third-party services to operate DataRich. Each has its own privacy policy:

• Supabase — database, authentication, and file storage (supabase.com/privacy)
• Google OAuth / Sheets API — account login and spreadsheet access (policies.google.com/privacy)
• Vercel — hosting and serverless compute (vercel.com/legal/privacy-policy)
• Dodo Payments — payment processing (dodopayments.com/privacy)
• Upstash — Redis caching for auto-refresh jobs (upstash.com/trust/privacy.pdf)

We only share data with these providers to the extent necessary to operate the Service.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and associated data
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to certain types of processing

California residents (CCPA): You have the right to know what personal information we collect, to request deletion, and to opt out of the sale of your personal information. We do not sell personal information. To exercise your rights, contact us at privacy@datarich.io.

8. Data Security

We implement industry-standard security measures to protect your information, including encryption in transit (TLS/HTTPS), encrypted storage of OAuth tokens, hashed passwords, and row-level security policies on our database. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. Children's Privacy

The Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately at privacy@datarich.io and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by sending an email to your registered address at least 30 days before the change takes effect. The "Last updated" date at the top of this page will always reflect the most recent revision. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

11. Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy, please contact us: