Privacy Policy

1.1. Welcome to Dataseka. This Privacy Policy explains how Dataseka (Pty) Limited ("Dataseka", "we", "us", "our") collects, uses, shares, protects, and otherwise processes your Personal Information when you use our website, web application, data analytics platform, and related Business Intelligence services (collectively, the "Platform" or "Services").

1.2. We are committed to protecting your privacy and processing your Personal Information lawfully, transparently, and securely, in accordance with the South African Protection of Personal Information Act, 4 of 2013 ("POPIA"), the European General Data Protection Regulation ("GDPR") where applicable, and other relevant data protection legislation.

1.3. By registering for or using our Platform, you acknowledge that you have read and understood this Privacy Policy. This Policy forms part of our Terms of Service.

1.4. Definitions:

• Personal Information: Means information relating to an identifiable, living, natural person, and where applicable, an identifiable, existing juristic person, including but not limited to the types of information listed in Section 3 below.
• Customer Data: Means data, files, spreadsheets, databases, and information that you upload, store, analyze, or visualize on our Platform.
• Processing: Means any operation or activity concerning Personal Information, including its collection, use, storage, dissemination, modification, or destruction.
• Data Controller: Means the entity that determines the purpose and means of Processing Personal Information (for account information, Dataseka; for Customer Data, typically you).
• Data Processor: Means an entity that processes Personal Information on behalf of a Data Controller.
• Data Subject: Means the person to whom Personal Information relates (in this case, "you", our user or a person whose data appears in Customer Data).

2.1. Dataseka acts as the Data Controller for Personal Information related to your account, platform usage, and administrative functions. For Customer Data that you upload to the Platform, you remain the Data Controller, and Dataseka acts as a Data Processor on your behalf.

2.2. Our designated Information Officer is the Chief Technology Officer (CTO).

2.3. If you have any questions about this Privacy Policy or how we handle your Personal Information, please contact our Information Officer at:

• Email: hello@dataseka.com
• Website: https://dataseka.com

We collect various types of Personal Information necessary to provide our Platform, comply with legal obligations, and manage our services. This includes:

3.1. Account and Contact Information:

• Full name, email address, phone number
• Company name, job title, department
• Business address
• Username and password (encrypted)

3.2. Billing and Payment Information:

• Billing address and company details
• Payment method information (processed securely through third-party payment processors)
• Transaction history and invoices

3.3. Platform Usage Data:

• Login and access logs
• Features used, dashboards created, queries run
• Data upload activity (metadata only, not the content of your data)
• Collaboration and sharing activities
• Dashboard views, report generation, data exports

3.4. Technical Information:

• Internet Protocol (IP) address
• Device information (type, operating system, browser type and version)
• Performance metrics, error logs, diagnostic data
• Cookies and similar tracking technologies

3.5. Customer Data:

• Data files, spreadsheets, databases, and datasets you upload to the Platform
• This may include Personal Information of individuals within your organization or customer base
• For Customer Data, you are the Data Controller, and we process this data solely according to your instructions

3.6. Communications Information:

• Records of your interactions with our support team (emails, chat logs, support tickets)
• Feedback, survey responses, and product reviews
• Comments on community forums or knowledge base articles

4.1. Directly from You: When you create an account, complete your profile, upload data, configure dashboards, or communicate with our support team.

4.2. Automatically: When you use our Platform, we automatically collect Technical Information and Platform Usage Data through cookies, logs, and analytics tools.

4.3. From Third Parties: We may receive information from payment processors, authentication services (e.g., Google OAuth, Microsoft SSO), or public sources for security and fraud prevention purposes.

We process your Personal Information only for specific, explicit, and legitimate purposes, based on valid legal grounds:

We do not sell your Personal Information or Customer Data. We may share information only in the following circumstances:

6.1. With Service Providers (Data Processors): We use trusted third-party service providers to perform functions on our behalf:

• Cloud Infrastructure: Google Cloud Platform for hosting our Platform and storing data securely
• Payment Processors: To handle billing and subscription payments
• Analytics Tools: Google Analytics, Mixpanel to understand platform usage (anonymized data)
• Email Services: For transactional emails and support communications
• Authentication Services: Google OAuth, Microsoft Azure AD for single sign-on

We have contracts requiring these providers to protect your information, use it only for our specified purposes, and comply with applicable data protection laws.

6.2. With Other Platform Users (As You Direct): When you share dashboards, reports, or data with team members or external collaborators through our collaboration features.

6.3. Legal and Regulatory Authorities: When required by law, court order, or regulatory request, or when necessary to protect our rights, prevent fraud, or ensure platform security.

6.4. Professional Advisors: We may share information with lawyers, auditors, or consultants under duties of confidentiality for legal or business advice.

6.5. Business Transfers: If Dataseka undergoes a merger, acquisition, or asset sale, your Personal Information may be transferred, subject to the receiving party maintaining similar privacy commitments.

6.6. With Your Consent: We may share your information with other parties when you have explicitly consented.

7.1. Our Platform is hosted on Google Cloud Platform infrastructure, which may involve data being stored or processed in data centers located outside of South Africa, including in the United States, Europe, and other regions.

7.2. Some of our service providers may also be located outside South Africa, which may result in international data transfers.

7.3. When transferring Personal Information internationally, we implement appropriate safeguards to ensure adequate protection:

• Using cloud providers certified under recognized security and privacy frameworks (e.g., ISO 27001, SOC 2)
• Implementing Standard Contractual Clauses (SCCs) approved by data protection authorities
• Ensuring data is encrypted both in transit and at rest
• Verifying that recipient countries provide adequate data protection levels

7.4. You may choose specific regions for Customer Data storage based on your subscription plan. Please contact us to discuss data residency requirements.

8.1. We implement comprehensive technical and organizational measures to protect the security, confidentiality, and integrity of your Personal Information and Customer Data:

• Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption
• Access Controls: Role-based access controls (RBAC) ensure only authorized personnel can access data on a need-to-know basis
• Authentication: Multi-factor authentication (MFA) available for all accounts; required for admin access
• Infrastructure Security: Hosting on Google Cloud Platform with ISO 27001, SOC 2 Type II, and other security certifications
• Network Security: Firewalls, intrusion detection systems, and regular security monitoring
• Regular Audits: Independent security assessments and penetration testing
• Data Backups: Automated daily backups with geo-redundant storage
• Incident Response: 24/7 security monitoring and documented breach response procedures
• Employee Training: Regular security and privacy training for all staff

8.2. You are responsible for maintaining the confidentiality of your account credentials and securing devices used to access the Platform. Please notify us immediately if you suspect unauthorized access.

8.3. Data Breach Notification: In the event of a data breach likely to result in risk to your rights and freedoms, we will notify affected users and relevant data protection authorities as required by law, typically within 72 hours of becoming aware of the breach.

9.1. We retain your Personal Information only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law.

9.2. Retention periods:

• Account Data: Retained while your account is active and for a reasonable period after closure to facilitate reactivation
• Customer Data: Retained based on your subscription and our Data Processing Agreement; you control when to delete your data
• Billing Records: Retained for 7 years to comply with tax and accounting obligations
• Usage Logs: Retained for 12 months for security and troubleshooting purposes
• Backup Data: Retained for 90 days in secure backups, then permanently deleted

9.3. Upon account termination or deletion request, we will securely delete or de-identify your Personal Information, except where retention is necessary for legal compliance, dispute resolution, or enforcing our agreements.

9.4. You can delete Customer Data at any time through the Platform interface. Deleted data is permanently removed from active systems within 30 days and from backups within 90 days.

You have the following rights regarding your Personal Information. Contact us at hello@dataseka.com to exercise these rights:

10.9. We will respond to requests within 30 days. For complex requests, we may extend this by an additional 30 days with notification.

South African Information Regulator:

• Website: https://inforegulator.org.za/
• Email: POPIAComplaints@inforegulator.org.za
• Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

Users in the European Economic Area may contact their local supervisory authority. Users in other jurisdictions should contact their relevant data protection authority.

12.1. We use cookies and similar technologies to enhance platform functionality, analyze usage, and improve user experience.

12.2. Types of cookies we use:

• Essential Cookies: Required for platform operation, authentication, and security
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how users interact with the Platform
• Performance Cookies: Monitor platform performance and identify issues

12.3. You can control cookie preferences through your browser settings. Note that disabling essential cookies may affect platform functionality.

13.1. Our Platform is designed for business use and is not intended for individuals under 18 years of age.

13.2. We do not knowingly collect Personal Information from children. If we become aware that we have collected information from a child, we will take steps to delete it promptly.

14.1. When you upload Customer Data containing Personal Information to our Platform, you act as the Data Controller, and you are responsible for:

• Ensuring you have a lawful basis to process the Personal Information in Customer Data
• Obtaining necessary consents or permissions from data subjects
• Complying with applicable data protection laws
• Providing appropriate privacy notices to individuals whose data you process
• Responding to data subject rights requests regarding Customer Data

14.2. Our Data Processing Agreement (DPA) details our respective obligations. Please review it carefully.

Our Platform may contain links to third-party websites, integrations, or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any Personal Information.

16.1. We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or industry standards.

16.2. The "Last updated" date at the top indicates when the latest revisions were made.

16.3. We will notify you of material changes via email or prominent notice on our Platform at least 30 days before the changes take effect. Your continued use of our Platform after changes become effective constitutes acceptance of the updated Policy.

16.4. We maintain an archive of previous versions. Contact us if you wish to review a prior version.

If you have questions, concerns, or wish to exercise your rights regarding your Personal Information, please contact us:

• Email: hello@dataseka.com
• Website: https://dataseka.com/contact