← Back to Analytica

Legal

Privacy Policy

Effective date: May 21, 2026

1. Introduction

Analytica ("Analytica", "we", "us", or "our") provides a conversational analytics platform that lets you connect data sources, chat with your data, and build dashboards. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights and choices you have.

By creating an account or using Analytica, you agree to the practices described here. If you do not agree, please do not use the service.

2. Our Privacy Commitments

We've built Analytica around a few clear commitments about how we treat your data:

  • We never sell your data. Not to advertisers, not to data brokers, not to anyone.
  • We never use your private content to train generalized AI models. Your chats, uploads, and connected-source data are processed to answer your questions — not to improve a model that other customers will use.
  • AI providers are bound by the same rule. The model providers we rely on (e.g., Anthropic, OpenAI) act as our processors under contract and are restricted from training on your content.
  • We use what you grant — and nothing more. When you connect Google Sheets or another service, we only read the specific data needed to fulfill your request, in line with Google's Limited Use requirements.
  • Internal access is strictly limited. Only authorized personnel may access your data, and only when necessary — for example, to resolve a support issue you've raised, investigate abuse, or comply with law. All such access is logged.
  • You stay in control. You can delete conversations, files, connected sources, and your entire account at any time.

We are honest about what we can't promise: because Analytica processes your data on our servers to generate analyses and visualizations, our systems necessarily handle (read, store, and transmit) the content you give us. We do not offer end-to-end encryption today. The commitments above describe the guardrails we put around that processing.

3. Information We Collect

We collect the following categories of information:

a. Account information

When you sign up, we collect your name, email address, password (stored as a salted hash), and any profile details you choose to provide. If you sign in using a third-party provider (such as Google), we receive your basic profile information from that provider.

b. Chat content and uploads

Analytica stores the messages you send, the responses generated, conversation history, files you upload (including spreadsheets, CSVs, and other documents), and the dashboards and visualizations you create. This content is associated with your account so the product can function across sessions.

c. Connected data sources and OAuth tokens

When you connect a third-party service (for example, Google Sheets via OAuth), we receive and store access tokens, refresh tokens, and the scopes you grant. We use these tokens solely to read the specific data you ask Analytica to analyze. We do not use Google user data, or data from any other connected provider, to train generalized AI models. Analytica's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

d. Usage data and cookies

We automatically collect technical and usage information when you use Analytica, including IP address, browser type, device identifiers, pages viewed, features used, referring URLs, and timestamps. We use cookies and similar technologies (such as local storage) to keep you signed in, remember your preferences, and measure product usage.

e. Communications

If you contact us for support or feedback, we keep a record of the message and your contact details so we can respond and improve the service.

4. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Analytica service;
  • Process your chat messages and uploaded data to generate analyses, visualizations, and dashboards;
  • Authenticate you, secure your account, and detect or prevent fraud and abuse;
  • Communicate with you about your account, updates, security alerts, and support requests;
  • Improve product quality, fix bugs, monitor performance, and develop new features;
  • Comply with legal obligations and enforce our terms.

We do not sell your personal information or your uploaded data. We do not use your private content to train foundation models that serve other customers.

5. AI and Third-Party Model Providers

Analytica uses large language models to interpret your queries and generate responses. To do this, the content of your prompts, relevant excerpts of your connected data, and conversation context may be sent to model providers we rely on (for example, Anthropic, OpenAI, or similar). These providers act as our processors and are contractually restricted from using your content to train their models.

6. How We Share Information

We share information only in the following limited circumstances:

  • Service providers. Cloud hosting, database, authentication, email delivery, analytics, and AI model providers who process data on our behalf under written agreements.
  • At your direction. When you connect a third-party service or choose to export or share content.
  • Legal and safety. When required by law, legal process, or to protect the rights, property, or safety of Analytica, our users, or others.
  • Business transfers. In connection with a merger, acquisition, financing, or sale of assets, with appropriate confidentiality protections.

7. Data Retention

We retain your account information, conversations, and uploaded content for as long as your account is active or as needed to provide the service. You can delete individual conversations or files at any time from within the product. When you delete your account, we delete or anonymize your personal information within a reasonable period, except where we are required to retain it for legal, tax, accounting, or fraud-prevention purposes.

OAuth tokens for connected services are deleted when you disconnect the provider or revoke access from the provider's account settings.

8. Data Security

We take the security of your information seriously and apply layered administrative, technical, and physical safeguards. The measures we maintain include:

a. Encryption

  • All traffic between your browser and Analytica is encrypted in transit using TLS 1.2 or higher.
  • Databases and object storage that hold your data are encrypted at rest.
  • Sensitive credentials — including OAuth access and refresh tokens for connected services — are encrypted before being written to storage.
  • Account passwords are never stored in plain text; they are stored as salted, one-way hashes using industry-standard algorithms.

b. Access controls

  • Production systems require strong authentication for personnel and follow a principle of least privilege — employees only receive access necessary for their role.
  • Administrative actions and access to customer data are logged and reviewable.
  • We do not access your conversations, uploaded files, or connected-source data for any purpose other than operating the service, providing support you have requested, investigating abuse, or complying with law.

c. Infrastructure

  • Analytica runs on reputable cloud infrastructure providers whose physical data centers and network operations are independently certified (e.g., SOC 2, ISO 27001).
  • Customer data is logically isolated, and environments (production, staging, development) are separated.

d. Software security

  • We monitor our dependencies for known vulnerabilities and apply security patches promptly.
  • Code changes are reviewed before deployment, and sensitive changes follow stricter review and testing requirements.
  • We use automated tooling to detect common classes of vulnerability (e.g., injection, authentication, and access-control issues) in our code.

e. Monitoring and incident response

  • We monitor for suspicious activity, abuse, and abnormal access patterns.
  • We maintain an incident response process for security events. In the event of a confirmed personal-data breach that is likely to result in a risk to your rights, we will notify affected users and applicable regulators without undue delay, in accordance with applicable law.

f. Backups and disaster recovery

  • We maintain encrypted backups of production data with limited retention to allow recovery in the event of accidental loss or corruption.

g. Your role in keeping data safe

Security is a shared responsibility. Please use a strong, unique password, keep your sign-in credentials confidential, sign out of shared devices, and notify us immediately at privacy@analytica.app if you believe your account has been compromised or you notice suspicious activity.

No method of transmission over the internet or method of electronic storage is 100% secure. While we use commercially reasonable measures to protect your information, we cannot guarantee absolute security.

9. Your Choices and Rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you;
  • Correct inaccurate or incomplete information;
  • Delete your account and associated personal information;
  • Export a copy of your data;
  • Object to or restrict certain processing, or withdraw consent where processing is based on consent.

You can exercise most of these rights from within Analytica's settings, or by contacting us at privacy@analytica.app. We will respond within a reasonable timeframe consistent with applicable law.

10. International Data Transfers

Analytica is operated from, and processes data in, jurisdictions that may be different from where you live. By using the service, you understand that your information may be transferred to, stored in, and processed in countries with data-protection laws that differ from your own. Where required, we use appropriate safeguards (such as standard contractual clauses) for international transfers.

11. Children

Analytica is not directed to children under 16 and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, please contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Effective Date" at the top of this page and, where appropriate, by sending you a notice within the product or by email. Your continued use of Analytica after the changes take effect constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us at privacy@analytica.app.