Privacy Policy

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly to us, including:

• Account Information: Name, email address, password, company name, and billing information when you create an account.
• Profile Information: Professional title, industry, and preferences you choose to provide.
• Content Data: Data you upload to create dashboards, including spreadsheets, CSV files, and connected data sources.
• Communications: Information you provide when you contact us for support or feedback.

1.2 Information Collected Automatically

When you use our service, we automatically collect:

• Usage Data: Features used, dashboards created, time spent, and interaction patterns.
• Device Information: IP address, browser type, operating system, and device identifiers.
• Log Data: Access times, pages viewed, and referring URLs.
• Cookies and Tracking: Information collected through cookies, pixels, and similar technologies. See our Cookie Policy for details.

1.3 Information from Third Parties

We may receive information from third-party services you connect, including:

• QuickBooks, Stripe, HubSpot, and other integrated platforms
• Google Sheets and other data sources you authorize
• Authentication providers (e.g., Google Sign-In)

2. How We Use Your Information

We use the information we collect to:

• Provide Services: Create dashboards, generate insights, and deliver the features you request.
• Process Transactions: Handle billing, payments, and subscription management.
• Improve Our Service: Analyze usage patterns, fix bugs, and develop new features.
• Communicate: Send service updates, security alerts, and support messages.
• Marketing: With your consent, send promotional communications (you can opt out anytime).
• Legal Compliance: Comply with legal obligations and protect our rights.

3. Data Sharing and Disclosure

We do not sell your personal information. We may share information in these circumstances:

3.1 Service Providers

We share data with trusted third parties who assist in operating our service:

• Cloud Infrastructure: Railway, AWS, or similar providers for hosting
• Payment Processing: Stripe for secure payment handling
• Authentication: Clerk for user authentication
• AI Processing: Anthropic for AI-powered features
• Analytics: Privacy-focused analytics providers

All service providers are contractually bound to protect your data and use it only for specified purposes.

3.2 Client Portals

When you share dashboards via client portals, the data visible in those dashboards becomes accessible to anyone with the portal link. You control what data is shared.

3.3 Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect the rights, safety, or property of Dashboard AI, our users, or others.

3.4 Business Transfers

If Dashboard AI is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

4. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
• Access Controls: Strict role-based access controls limit who can access your data.
• Infrastructure Security: Our infrastructure is hosted on SOC 2 compliant platforms.
• Monitoring: Continuous security monitoring and intrusion detection.
• Incident Response: Documented incident response procedures for security events.

For more details, see our Security page.

5. Data Retention

We retain your data as follows:

• Account Data: Retained while your account is active and for 30 days after deletion.
• Dashboard Data: Retained while your account is active; deleted within 30 days of account closure.
• Usage Logs: Retained for 90 days for security and debugging purposes.
• Billing Records: Retained for 7 years as required by law.

You can request data deletion at any time by contacting privacy@dashboard-ai.co.

6. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate personal data.
• Deletion: Request deletion of your personal data.
• Portability: Request your data in a portable format.
• Objection: Object to processing of your personal data.
• Withdrawal of Consent: Withdraw consent where processing is based on consent.

To exercise these rights, contact us at privacy@dashboard-ai.co.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by relevant authorities.

8. HIPAA Compliance

For customers who use Dashboard AI to process Protected Health Information (PHI), we offer Business Associate Agreements (BAAs) and implement additional safeguards required by HIPAA.

Contact us at compliance@dashboard-ai.co to request a BAA.

Our HIPAA compliance measures include:

• Administrative, physical, and technical safeguards
• Audit logging of all PHI access
• Encryption of PHI at rest and in transit
• Access controls and authentication requirements
• Employee training on HIPAA requirements

9. Children's Privacy

Dashboard AI is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If we learn we have collected information from a child under 16, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date.

For significant changes, we will provide additional notice via email.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

For data protection inquiries in the EU, you may also contact your local Data Protection Authority.