AnalityQa

Privacy Policy

Effective April 29, 2026

AnalityQa is an indie project built by two co-founders. This page is the plain-English version of what we collect, why, who we share it with, and how to get rid of it. To request the publishers' full legal identity and postal contact, email privacy@analityqa.com.

1. Who's responsible for your data

The publishers of AnalityQa are the data controllers under the GDPR. For any question about your personal data, write to privacy@analityqa.com.

We don't have a formal Data Protection Officer (DPO) — that's a role GDPR Art. 37 requires only for large-scale or specific types of processing, and we don't fall in that category. Privacy questions land in the founders' inbox directly.

2. What we collect

  • Account: email, name (if you provide one), hashed password, plan, preferences.
  • Content you upload or connect: CSV / Excel files, database connection credentials (encrypted at rest), conversations with the AI, dashboards you create.
  • Usage: usage logs of the Service, quota events, analytics events (only with your consent).
  • Technical: IP address, user-agent string, timestamps, session identifiers.
  • Payment: handled by Stripe — we never see or store card data.

3. Why we use it (legal bases)

  • Performance of the contract: running the Service, handling billing, providing support.
  • Legal obligations: accounting and tax, fraud prevention.
  • Legitimate interest: keeping the Service secure, preventing abuse, improving the product (in aggregate, never on identified individuals).
  • Consent: analytics cookies — you can refuse them without any impact on the Service.

4. Sub-processors

We rely on a small number of trusted sub-processors to deliver the Service (hosting, database, authentication, payment, LLM inference, transactional email). The detailed list — provider names, locations, and purposes — is available on request: email privacy@analityqa.com and we'll send it to you.

If a material change occurs (a new sub-processor handling customer content), we notify existing users by email at least 30 days before it takes effect.

5. Data transfers outside the EU

Some of our sub-processors (in particular our LLM inference providers and hosting edge nodes) are based in the United States. The content you send for AI inference is therefore processed outside the EU. These transfers are covered by the European Commission's Standard Contractual Clauses (SCC) and by contractual commitments from our providers not to use our customers' data to train their models.

6. How long we keep your data

Account data: as long as your account exists. After deletion, permanent erasure within 7 days (a grace window in case you reactivate).

Exceptions for legal obligations:

  • Billing records: kept for the legal accounting retention period applicable to the publishers.
  • Security and access logs: 12 months.

7. Your rights under the GDPR

You have the right to:

  • Access the data we have about you and get a copy — from Settings → Privacy → Export my data.
  • Rectify or complete information that's wrong.
  • Delete your account and the associated data — from Settings → Privacy → Delete my account. 7-day grace period.
  • Object to certain types of processing.
  • Withdraw analytics consent anytime from the cookie banner or settings.
  • Lodge a complaint with the CNIL (French data-protection authority) if you think we're handling your data wrong.

To use any of these rights: privacy@analityqa.com. We respond within 30 days.

8. Cookies

We use strictly necessary cookies (session, language preference) without consent — they're required for the Service to work. With your consent, we also use analytics cookies to understand which pages people read. No advertising cookies. No third-party trackers on your uploaded data.

9. Security

Encryption in transit (TLS 1.2+), encryption at rest of database connection credentials, customer data isolated per workspace, restricted and logged access to production systems. We're a small team — that means fewer people with access to your data, not more.

10. Updates to this policy

We may update this policy. Material changes (new categories of data, new sub-processors processing customer content) will be notified by email at least 30 days before they take effect. Minor edits just refresh the "Effective" date at the top.

11. Contact

Privacy-specific questions: privacy@analityqa.com. General questions: hello@analityqa.com.