1. Introduction
DataStory ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered analytics intelligence platform.
2. Information We Collect
2.1 Information You Provide
We collect information you provide directly:
Account information (name, email address, password)
Company information (company name, website)
Payment information (processed securely by our payment providers)
Communications with our support team
Preferences and settings within the platform
2.2 Data from Connected Sources
When you connect third-party platforms to DataStory, we collect and process:
Google Analytics 4: Website traffic, user behavior, conversions, demographics
Facebook Ads: Ad performance metrics, audience insights, campaign data
Google Ads: Campaign performance, keyword data, conversion metrics
Shopify: Sales data, product performance, customer behavior
Google Search Console: Search performance, keyword rankings, indexing data
Social Media (Instagram, TikTok): Engagement metrics, audience demographics, content performance
2.3 Automatically Collected Information
We automatically collect:
Usage data (features used, time spent, interaction patterns)
Device information (browser type, operating system, IP address)
Log data (access times, pages viewed, errors)
Cookies and similar technologies (see Cookie Policy below)
3. How We Use Your Information
We use your information to:
Provide the Service: Process and analyze your data using AI (GPT-4) to generate insights
Deliver Reports: Send automated reports via email, Slack, and WhatsApp
Chat Interface: Enable natural language queries about your data
Improve Our Service: Analyze usage patterns to enhance features and user experience
Customer Support: Respond to your questions and troubleshoot issues
Security: Detect and prevent fraud, abuse, and security incidents
Communications: Send service updates, security alerts, and marketing (with consent)
Compliance: Meet legal obligations and enforce our terms
4. AI Processing and OpenAI
DataStory uses OpenAI's GPT-4 to analyze your data and generate insights. When processing your data:
We send aggregated and anonymized data to OpenAI's API
OpenAI does not use data sent via API to train their models (per OpenAI's API terms)
We implement data minimization principles, sending only necessary information
All data transmission is encrypted in transit
We do not share personally identifiable information with OpenAI
Data Sharing and Disclosure
We share your information only in these circumstances:
5.1 Service Providers
We work with third-party service providers:
Cloud hosting providers (AWS, Google Cloud)
Payment processors (Stripe)
Email delivery services
AI processing (OpenAI)
Analytics and monitoring tools
5.2 Legal Requirements
We may disclose information if required by law, court order, or government request.
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
5.4 What We Don't Do
We never:
Sell your personal data to third parties
Share your analytics data with competitors or advertisers
Use your data to train AI models for other customers
6. Data Security
We implement industry-standard security measures:
Encryption in transit (TLS 1.3) and at rest (AES-256)
OAuth 2.0 for secure third-party authentication
Regular security audits and penetration testing
Access controls and least-privilege principles
SOC 2 compliance (Type II)
Secure data centers with physical security
Regular backups with encrypted storage
7. Data Retention
We retain your data as follows:
Active accounts: Data retained while your account is active
Canceled accounts: Data deleted 30 days after cancellation
Analytics data: Retained for up to 13 months for historical comparisons
Logs and security data: Retained for 90 days
Financial records: Retained for 7 years for tax and legal compliance
You can request immediate data deletion by contacting support.
8. Your Rights and Choices
You have the right to:
Access: Request a copy of your personal data
Correction: Update inaccurate or incomplete information
Deletion: Request deletion of your data (right to be forgotten)
Export: Download your data in a portable format
Opt-out: Unsubscribe from marketing emails
Revoke consent: Disconnect third-party integrations at any time
Object: Object to processing for legitimate interests or direct marketing
To exercise these rights, contact us at info@datastory.sh or through your account settings.
9. Cookies and Tracking
We use cookies and similar technologies:
Essential cookies: Required for authentication and security
Functional cookies: Remember your preferences and settings
Analytics cookies: Understand how you use our service
Marketing cookies: Deliver relevant ads (with consent)
You can control cookies through your browser settings. Note that disabling essential cookies may affect functionality.
10. International Data Transfers
DataStory operates globally. Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:
Standard Contractual Clauses approved by the EU Commission
Data Processing Agreements with all service providers
Adequacy decisions where applicable
11. Children's Privacy
DataStory is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately
12. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
Right to know what personal information is collected
Right to know if personal information is sold or disclosed
Right to say no to the sale of personal information (we don't sell data)
Right to access your personal information
Right to deletion of personal information
Right to non-discrimination for exercising your rights
13. GDPR Compliance (European Users)
For users in the European Economic Area (EEA), UK, and Switzerland, we comply with GDPR requirements. Our legal basis for processing includes:
Contract performance: Processing necessary to provide the Service
Consent: For marketing communications and optional features
Legitimate interests: For service improvement and security
Legal obligations: For compliance with laws
14. Changes to Privacy Policy
We may update this Privacy Policy periodically. We will notify you of material changes via:
Email notification to your registered email address
Prominent notice within the Service
Update to the "Last Updated" date at the top of this page
Continued use of DataStory after changes constitutes acceptance of the updated policy.
15. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your data:
Email: info@datastory.sh
Data Protection Officer: info@datastory.sh
We aim to respond to all inquiries within 30 days.
🎉 50% OFF This Black Friday on all plans — power up your agency reporting.