1. Information We Collect

We collect and process the following types of information:

• Account Information: Name, email address, company, billing information.
• Data Provided by Vendors: Customer data, reports, or tables shared through DataPorto, which may include personal data.
• Technical Data: IP address, device/browser type, operating system, log data, cookies, and service usage metrics.
• Communications: Records of your correspondence with us (support requests, inquiries).

2. How We Use Information

We process personal data to:

• Provide, operate, and improve DataPorto's services.
• Authenticate users and secure access.
• Process transactions and provide customer support.
• Monitor, audit, and analyze platform activity.
• Comply with legal and regulatory obligations.

We do not sell or rent your personal information.

3. Legal Basis for Processing (GDPR)

If you are located in the EU/EEA, we process your personal data under the following legal bases:

• Performance of Contract: To provide services to our vendor clients.
• Legitimate Interests: To maintain security, improve our platform, and communicate with clients.
• Consent: For optional activities, such as marketing communications.

4. Data Sharing & Subprocessors

We may share personal data with:

• Trusted Service Providers who act as subprocessors (e.g., Snowflake, AWS, Databricks).
• Professional Advisors such as auditors or legal counsel.
• Authorities if required by law or to protect rights and security.

We maintain contracts with all subprocessors to ensure appropriate safeguards.

5. International Transfers

If we transfer personal data outside the EU/EEA, we implement safeguards such as Standard Contractual Clauses (SCCs) or other lawful mechanisms.

6. Data Retention

We retain personal data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce agreements.

Vendors control the retention of their own client/customer data within DataPorto.

7. Your Rights (GDPR and Global Privacy Laws)

If you are an EU/EEA resident, you have the right to:

• Access, correct, or delete your personal data.
• Restrict or object to certain processing.
• Request data portability.
• Withdraw consent at any time (where applicable).

To exercise these rights, contact us at hello@dataporto.com. We will respond in accordance with applicable law.

8. Security

We implement technical and organizational measures to protect personal data, including:

• Encryption in transit and at rest.
• Role-based access controls and MFA.
• Monitoring, logging, and audit trails.
• Regular security testing and reviews.

9. Children's Privacy

DataPorto does not target or knowingly process information from individuals under 16 years old.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or posted on our website.

11. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at: