Privacy Policy
Last updated: May 2026
Responsible Party:
Philipp Senn, datemydata
Operator / controller
8037 Zurich, Switzerland
1. Data Collected and Purpose
Account Data
Email address, name. Purpose: Contract fulfillment, authentication.
Usage Data
Analysis queries (as text), project metadata, usage statistics (anonymized). Purpose: Service provision, improving response quality.
Payment Data
Processed exclusively via Stripe or PayPal. datemydata does not store complete card data or PayPal account information.
Connection Parameters
Host, port, database name, encrypted credentials. Purpose: Establishing database connections configured by the user.
No full copy of live databases
For live database connections, datemydata does not import complete table contents. Individual query results, answer artifacts, exports and intentionally published answer snapshots may be stored while needed for history, export, sharing, security or legal obligations.
2. Legal Basis
Processing based on: Art. 6(1)(b) GDPR (contract fulfillment), (c) (legal obligation), (f) (legitimate interests — security, fraud prevention).
3. Data Sharing with Third Parties
Data is only shared as necessary for the service:
| Recipient | Purpose | Basis | Location |
| Stripe Inc. | Payment processing | Contract fulfillment | USA (SCCs) |
| PayPal (Europe) S.à r.l. | Payment processing | Contract fulfillment | Luxembourg (EU) |
| Anthropic PBC | AI processing (temporary) | Contract fulfillment | USA (SCCs) |
| OpenAI, L.L.C. | AI processing (temporary) | Contract fulfillment | USA (SCCs) |
| Google LLC | AI processing (temporary) | Contract fulfillment | USA / EU depending on service configuration |
| Supabase Inc. | Database hosting | Contract fulfillment | EU (Frankfurt) |
| Resend Inc. | Email delivery | Contract fulfillment | USA (SCCs) |
| Railway Corp. | Server hosting | Contract fulfillment | EU |
| Axiom | Security and operational logs | Legitimate interest | USA (SCCs) |
SCCs = EU Standard Contractual Clauses (GDPR Art. 46)
4. Retention Period
| Data Category | Retention |
| Account Data | Until account deletion |
| Project Metadata | Until project deletion |
| Chat History | Until manual deletion or account deletion |
| Query results and answer artifacts | Until deletion of the message, conversation, project or account; public answer snapshots until expiry or revocation |
| Connection Parameters | Until data source removal |
| Uploaded Files | 24h after indexing |
| Log Data (Metadata) | 30 days rolling |
| Backup Data | 7 days |
Upon account deletion: complete deletion of all personal data within 30 days (except legal retention obligations, e.g., accounting: 10 years).
5. Data Subject Rights (GDPR Art. 15–22)
Users have the following rights:
- Access (Art. 15): What data is being processed?
- Rectification (Art. 16): Correction of inaccurate data
- Erasure (Art. 17): Right to be forgotten
- Restriction (Art. 18): Restrict processing
- Data Portability (Art. 20): Data in machine-readable format
- Objection (Art. 21): Object to processing
- Complaint: Right to lodge a complaint with the competent data protection authority
Requests to: info@datemydata.com
6. Cookies and Tracking
datemydata uses only technically necessary cookies (session management, CSRF protection). No marketing tracking, no third-party analytics without consent.
7. Changes
Material changes to this policy will be communicated to users by email.