Privacy Policy Statement

Last Updated:  2026-02-01

1. Introduction and Scope

This Privacy Policy describes how we process data when you use our Data Quality Engine. Unlike traditional SaaS platforms, we operate on a Stateless Processing Model. We prioritize the security of your data by minimizing our footprint and ensuring you maintain full ownership of your information.

2. Data We Process

We distinguish between two types of information:  
  • Customer Relationship Data: Contact information and billing details used to manage your account.
  • Customer Content (The Data for Processing): This includes any datasets provided by you for remediation, quality analysis, or transformation. This typically includes structured numerical and categorical data such as:
    • Financial & Transactional Data: Transaction values, currency types, and billing metadata.
    • Industrial & Operational Data: Sensor telemetry, energy consumption metrics, and utility usages.
    • Identity & Firmographic Data: Contact information, company details, and professional identifiers.
  • Payment Processing: We use Stripe to handle all payments. We do not store your full credit card or bank account details on our servers. Your information is sent directly to Stripe, whose use of your data is governed by their Privacy Policy (Stripe.com/privacy). We share only necessary transaction data (e.g., billing address, email, and amount) with Stripe to process your subscription and prevent fraud.
Note: We do not "collect" or "store" this data in a traditional sense; it is processed exclusively in volatile memory (RAM) within an isolated compute environment. No persistent copies are created, and all data is purged from memory upon final Customer Certification or session termination.

3. Stateless Processing & Zero-Retention

Our architecture is designed to be Stateless:
  • No Disk Persistence: Customer Content is held in volatile RAM only for the duration required to complete the compute run. No data is written to disk or permanent storage during the processing lifecycle.
  • Instant Session Termination: Once results are certified or rejected via the User Interface, the processing session is terminated, and all associated memory buffers are cleared. We do not retain staging backups or temporary files.
  • Anonymized Telemetry: We retain minimal, anonymized Process Telemetry (e.g., algorithm execution logs and transaction metadata). This telemetry contains no PII and is retained solely for auditability, billing, and dispute resolution.

4. No Training on Customer Data

We strictly warrant that Customer Content is never used to train or improve our machine learning models, AI agents, or any global datasets. Your proprietary data remains yours, and our models are session-based or pre-trained on non-customer data.

5. Data Security

We implement enterprise-grade security controls:
  • Encryption: We use industry-standard encryption (TLS 1.3) to protect data in-transit. Because we utilize a Zero-Retention architecture, there is no data-at-rest to encrypt within our processing environment.
  • Isolation: Each customer run occurs in a logically isolated environment.
  • Access Control: We apply the Principle of Least Privilege (PoLP); our team cannot access your raw Customer Content during the processing run unless explicitly authorized for support.

6. Data Subject Rights (GDPR/CCPA)

As a B2B service provider, we act as a Data Processor/Remediator. If you are an individual whose data is contained within a customer's dataset, please contact the respective data controller (our customer) to exercise your rights. Because our engine operates as a stateless conduit, we physically lack the technical capability to retrieve, identify, or provide copies of processed data once a session has been certified and concluded.
Your Rights: Regardless of your location, you have the right to access, correct, or request the deletion of your personal data. Users in the EU, UK, and Canada have specific rights to data portability and to object to certain processing. To exercise these rights or manage your data, please visit our Customer Portal or contact us at [Your Support Email].

7. Third-Party Disclosures

We do not sell, rent, or trade your data. We only share data with sub-processors (e.g., AWS) necessary to provide our infrastructure, all of whom are bound by strict Data Processing Addendums (DPAs).
  • Mobile Information: Notwithstanding any other provision in this Policy, no mobile phone numbers or SMS opt-in consent data will be shared with third parties or affiliates for marketing or promotional purposes.

8. Terms of Service

  • Subscriptions: By choosing a plan, you authorize us to charge your payment method automatically at the start of each period. You can cancel any time via the Customer Portal.
  • International Transfers: For payments made via Faster Payments (UK) or PAD (Canada), you are responsible for ensuring the full invoiced amount is received. Any currency conversion fees from your local bank are the responsibility of the remitter. All fees are non-refundable.