What we collect, why, and how to delete it.

When you sign up via Google OAuth, we collect your email, name, and avatar. When you upload a file (CSV / XLSX / Google Sheet), we parse it in your browser then store the parsed rows, the AI's dashboard design, the computed numbers, and your chat history in our database. We also keep a row in our LLM telemetry table for every model call (latency, token counts, success / failure) so we can monitor service health and support you when something looks wrong.

Things we explicitly do NOT collect: cookies for advertising, tracking pixels, third-party analytics, location, biometric data.

• Application data (account, uploads, dashboards, chat, payments, telemetry) — Postgres 16 hosted on DigitalOcean in Bangalore, India.
• Files — your raw .xlsx / .csv bytes are parsed client-side; we do not store the original file. We store the parsed rows in our database.
• LLM traffic — column metadata + dashboard config flow to OpenAI and Anthropic under their standard API terms. Neither provider uses API requests for training. We do not log full prompts permanently — only token counts and latency.
• Payments — handled by Razorpay. We see an order ID, an amount, and a signature; we never see your card number.

• You. Always.
• Our engineers for support, RCA, and infrastructure work. We don't read customer data unless you ask us to investigate something (e.g. "my numbers look wrong").
• AI providers (OpenAI, Anthropic) receive column metadata + dashboard config during processing. They do not train on it under their standard API terms.
• Nobody else. We do not sell, share, or rent your data to third parties.

• Delete a dashboard from your workspace → we cascade-delete the rows, config, computed digest, and chat history tied to it.
• Delete your account → email hello@dataeze.ai and we wipe every record tied to your user_id within 7 days.
• Want a copy of everything we hold on you first? Same email — we'll send a JSON export within 7 days.

Data is encrypted in transit (HTTPS). Database access is restricted to our application server and explicitly allow-listed IPs. Authentication is via Google OAuth with NextAuth — we never see or store your Google password. We are a young company; we are not certified to SOC 2 or ISO 27001 yet. If your procurement team requires certified compliance, talk to us about the Enterprise tier and we can negotiate the right controls.

Questions, deletion requests, security disclosures — hello@dataeze.ai. We'll route you to an engineer, not a salesperson.