Last updated: March 19, 2026
Account Information: When you create an account, we collect your name, email address, and authentication credentials via our third-party authentication provider (Clerk).
Data You Upload: Files you upload (CSV, Excel) are stored securely on our servers. We do not access, read, or analyze your data except as required to provide the service.
Usage Data: We collect anonymized usage metrics (page views, feature usage, error rates) to improve the service. We do not sell this data.
Your uploaded data is used solely to provide the AI Analyst service — executing queries, generating charts, and producing insights. SQL generation uses only your schema (column names and types) — no row data is transmitted. Insight generation computes aggregate statistics (totals, averages, distributions) on our servers across all result rows, then sends those pre-computed numbers plus up to 50 sample rows to our AI providers to generate the executive summary, key findings, and KPI cards. KPI values are derived from our server-side computation, not from the AI's interpretation of a sample. Your full dataset is never transmitted to any third party.
We use AI models from OpenAI and Anthropic. Two AI calls are made per query: (1) SQL generation — receives only your schema (column names, types, and distinct value samples for low-cardinality columns, no row data); (2) Insight generation — receives pre-computed aggregate statistics computed on our servers from all result rows, plus up to 50 sample rows for entity context, to produce the executive summary, key findings, and KPI cards. KPI numbers are accurate because they are calculated from your full result set on our servers before anything is sent to the AI. Your full dataset is never transmitted. OpenAI and Anthropic operate under zero-data-retention API policies and maintain SOC 2 Type II certifications.
All data in transit is encrypted using TLS. All data at rest is encrypted using AES-256 by our cloud infrastructure providers (Railway for the database, Cloudflare R2 for file storage). Your uploaded files are stored in isolated per-user paths in cloud storage and are not accessible by other accounts. Database connector credentials are encrypted at the application level before being stored.
Dataset deletion: You may delete any uploaded dataset at any time from the My Data page. Deletion is immediate and permanent.
Account deletion: There is currently no self-serve account deletion flow. To request deletion of your account and all associated data, email support@agenticanalyst.io. We will process the request and permanently remove your data within 30 days.
We use the following third-party services, each with its own privacy policy:
We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. We do not sell your information to advertisers.
Depending on your location, you may have rights regarding your personal data, including the right to access, correct, delete, or export it. To submit a request, email support@agenticanalyst.io with your request and we will respond as soon as we are able. Note that we are an early-stage company and do not currently have automated tooling for these requests — all requests are handled manually.
We may update this privacy policy from time to time. We will notify you of significant changes via email or in-app notification.
For privacy inquiries: support@agenticanalyst.io