Privacy Policy Statement

Last Updated:  2026-02-01

1. Introduction and Scope

This Privacy Policy describes how we process data when you use our Data Quality Engine. Unlike traditional SaaS platforms, we operate on a Stateless Processing Model. We prioritize the security of your data by minimizing our footprint and ensuring you maintain full ownership of your information.

2. Data We Process

We distinguish between two types of information:  
  • Customer Relationship Data: Contact information and billing details used to manage your account.
  • Customer Content (The Data for Processing): This includes any datasets provided by you for remediation, quality analysis, or transformation. This typically includes structured numerical and categorical data such as:
    • Financial & Transactional Data: Transaction values, currency types, and billing metadata.
    • Industrial & Operational Data: Sensor telemetry, energy consumption metrics, and utility usages.
    • Identity & Firmographic Data: Contact information, company details, and professional identifiers.
  • Payment Processing: We use Stripe to handle all payments. We do not store your full credit card or bank account details on our servers. Your information is sent directly to Stripe, whose use of your data is governed by their Privacy Policy (Stripe.com/privacy). We share only necessary transaction data (e.g., billing address, email, and amount) with Stripe to process your subscription and prevent fraud.
Note: We do not "collect" or "store" customer data in a traditional sense: the data is processed exclusively within an isolated, volatile compute environment. All datasets reside only in temporary memory (RAM) or ephemeral scratch space for the duration of the remediation. No persistent copies or backups are created, and all data traces are purged from the environment immediately upon final Customer Certification or session termination.

3. Stateless Processing & Zero-Retention

Our architecture is designed to be Stateless:
  • No Disk Persistence: All Customer Content is processed within an isolated, non-persistent compute environment. The system is architected to ensure that no data is written to permanent storage, backups, or long-term databases. Data resides only in ephemeral, volatile structures (such as RAM or temporary cache) for the minimum duration required to complete the compute run.
  • Instant Session Termination: Once results are certified or rejected via the User Interface, the processing session is terminated, and all associated memory buffers and cache are cleared. We do not retain staging backups or temporary files.
  • Anonymized Telemetry: We retain minimal, anonymized Process Telemetry (e.g., algorithm execution logs and transaction metadata). This telemetry contains no PII and is retained solely for auditability, billing, and dispute resolution.

4. No Training on Customer Data

We strictly warrant that Customer Content is never used to train or improve our machine learning models, AI agents, or any global datasets. Your proprietary data remains yours, and our models are session-based or pre-trained on non-customer data.

5. Data Security

We implement enterprise-grade security controls:
  • Encryption: We use industry-standard encryption (TLS 1.3) to protect data in-transit. Because we utilize a Zero-Retention architecture, there is no data-at-rest to encrypt within our processing environment.
  • Isolation: Each customer run occurs in a logically isolated environment.
  • Access Control: We apply the Principle of Least Privilege (PoLP); our team cannot access your raw Customer Content during the processing run unless explicitly authorized for support.

6. Data Subject Rights (GDPR/CCPA)

As a B2B service provider, we act as a Data Processor/Remediator. If you are an individual whose data is contained within a customer's dataset, please contact the respective data controller (our customer) to exercise your rights. Because our engine operates as a stateless conduit, we physically lack the technical capability to retrieve, identify, or provide copies of processed data once a session has been certified and concluded.
Your Rights: Regardless of your location, you have the right to access, correct, or request the deletion of your personal data. Users in the EU, UK, and Canada have specific rights to data portability and to object to certain processing. To exercise these rights or manage your data, please visit our Customer Portal or contact us at [Your Support Email].

7. Third-Party Disclosures

We do not sell, rent, or trade your data. We only share data with sub-processors (e.g., AWS) necessary to provide our infrastructure, all of whom are bound by strict Data Processing Addendums (DPAs).
  • Mobile Information: Notwithstanding any other provision in this Policy, no mobile phone numbers or SMS opt-in consent data will be shared with third parties or affiliates for marketing or promotional purposes.

8. Terms of Service

  • Subscriptions: By choosing a plan, you authorize us to charge your payment method automatically at the start of each period. You can cancel any time via the Customer Portal.
  • International Transfers: For payments made via Faster Payments (UK) or PAD (Canada), you are responsible for ensuring the full invoiced amount is received. Any currency conversion fees from your local bank are the responsibility of the remitter. All fees are non-refundable.