← Back to Home

Privacy Policy

Last Updated: October 23, 2025

1. Introduction

DataStory ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered analytics intelligence platform.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly:

  • Account information (name, email address, password)
  • Company information (company name, website)
  • Payment information (processed securely by our payment providers)
  • Communications with our support team
  • Preferences and settings within the platform

2.2 Data from Connected Sources

When you connect third-party platforms to DataStory, we collect and process:

  • Google Analytics 4: Website traffic, user behavior, conversions, demographics
  • Facebook Ads: Ad performance metrics, audience insights, campaign data
  • Google Ads: Campaign performance, keyword data, conversion metrics
  • Shopify: Sales data, product performance, customer behavior
  • Google Search Console: Search performance, keyword rankings, indexing data
  • Social Media (Instagram, TikTok): Engagement metrics, audience demographics, content performance

2.3 Automatically Collected Information

We automatically collect:

  • Usage data (features used, time spent, interaction patterns)
  • Device information (browser type, operating system, IP address)
  • Log data (access times, pages viewed, errors)
  • Cookies and similar technologies (see Cookie Policy below)

3. How We Use Your Information

We use your information to:

  • Provide the Service: Process and analyze your data using AI (GPT-4) to generate insights
  • Deliver Reports: Send automated reports via email, Slack, and WhatsApp
  • Chat Interface: Enable natural language queries about your data
  • Improve Our Service: Analyze usage patterns to enhance features and user experience
  • Customer Support: Respond to your questions and troubleshoot issues
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Communications: Send service updates, security alerts, and marketing (with consent)
  • Compliance: Meet legal obligations and enforce our terms

4. AI Processing and OpenAI

DataStory uses OpenAI's GPT-4 to analyze your data and generate insights. When processing your data:

  • We send aggregated and anonymized data to OpenAI's API
  • OpenAI does not use data sent via API to train their models (per OpenAI's API terms)
  • We implement data minimization principles, sending only necessary information
  • All data transmission is encrypted in transit
  • We do not share personally identifiable information with OpenAI

5. Data Sharing and Disclosure

We share your information only in these circumstances:

5.1 Service Providers

We work with third-party service providers:

  • Cloud hosting providers (AWS, Google Cloud)
  • Payment processors (Stripe)
  • Email delivery services
  • AI processing (OpenAI)
  • Analytics and monitoring tools

5.2 Legal Requirements

We may disclose information if required by law, court order, or government request.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5.4 What We Don't Do

We never:

  • Sell your personal data to third parties
  • Share your analytics data with competitors or advertisers
  • Use your data to train AI models for other customers

6. Data Security

We implement industry-standard security measures:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • OAuth 2.0 for secure third-party authentication
  • Regular security audits and penetration testing
  • Access controls and least-privilege principles
  • SOC 2 compliance (Type II)
  • Secure data centers with physical security
  • Regular backups with encrypted storage

7. Data Retention

We retain your data as follows:

  • Active accounts: Data retained while your account is active
  • Canceled accounts: Data deleted 30 days after cancellation
  • Analytics data: Retained for up to 13 months for historical comparisons
  • Logs and security data: Retained for 90 days
  • Financial records: Retained for 7 years for tax and legal compliance

You can request immediate data deletion by contacting support.

8. Your Rights and Choices

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate or incomplete information
  • Deletion: Request deletion of your data (right to be forgotten)
  • Export: Download your data in a portable format
  • Opt-out: Unsubscribe from marketing emails
  • Revoke consent: Disconnect third-party integrations at any time
  • Object: Object to processing for legitimate interests or direct marketing

To exercise these rights, contact us at privacy@datastory.com or through your account settings.

9. Cookies and Tracking

We use cookies and similar technologies:

  • Essential cookies: Required for authentication and security
  • Functional cookies: Remember your preferences and settings
  • Analytics cookies: Understand how you use our service
  • Marketing cookies: Deliver relevant ads (with consent)

You can control cookies through your browser settings. Note that disabling essential cookies may affect functionality.

10. International Data Transfers

DataStory operates globally. Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the EU Commission
  • Data Processing Agreements with all service providers
  • Adequacy decisions where applicable

11. Children's Privacy

DataStory is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to say no to the sale of personal information (we don't sell data)
  • Right to access your personal information
  • Right to deletion of personal information
  • Right to non-discrimination for exercising your rights

13. GDPR Compliance (European Users)

For users in the European Economic Area (EEA), UK, and Switzerland, we comply with GDPR requirements. Our legal basis for processing includes:

  • Contract performance: Processing necessary to provide the Service
  • Consent: For marketing communications and optional features
  • Legitimate interests: For service improvement and security
  • Legal obligations: For compliance with laws

14. Changes to Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes via:

  • Email notification to your registered email address
  • Prominent notice within the Service
  • Update to the "Last Updated" date at the top of this page

Continued use of DataStory after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data:

Email: privacy@datastory.com
Data Protection Officer: dpo@datastory.com
Address: [Your Company Address]
Phone: [Your Phone Number]

We aim to respond to all inquiries within 30 days.

See DataStory in Action

Schedule a personalized demo and discover how DataStory can transform your analytics workflow

Request a Demo

30-minute personalized walkthrough

Request Demo

Or start your free trial — no demo needed

Start Free Trial

What you'll see in the demo:

  • Connect your analytics platforms in minutes
  • AI-powered insights tailored to your business
  • Multi-channel delivery to Slack, WhatsApp, and email
  • Custom reports and automated scheduling
  • Team collaboration and white-label options
  • Q&A with our product experts

Perfect for teams evaluating analytics solutions or planning to scale their data operations.