AnalityQa

Privacy Policy

Effective April 19, 2026

1. Data controller

AnalityQa AI processes the personal data collected through the Service. Contact: privacy@analityqa.com.

2. Data we collect

  • Account: email, name, hashed password, plan, preferences.
  • Content: uploaded files, database connections (credentials encrypted at rest), conversations, dashboards.
  • Usage: Service usage logs, quota events, analytics events (with consent).
  • Technical: IP address, user-agent, timestamps, session identifiers.
  • Payment: handled by our PCI-DSS certified payment processor; we do not store any card data.

3. Purposes and legal bases

  • Performance of the contract: providing the Service, billing, support.
  • Legal obligations: accounting, fraud prevention.
  • Legitimate interest: security, abuse prevention, product improvement.
  • Consent: analytics cookies — declinable without impact on the Service.

4. Sub-processors

We rely on sub-processors to deliver the Service, in the following categories:

  • Hosting, database and authentication.
  • Code execution in isolated sandboxes.
  • Payment processing (PCI-DSS certified provider).
  • Large language model (LLM) providers: content sent for inference is not used to retrain the models.
  • Transactional email delivery, analytics and technical monitoring.

The detailed list of sub-processors and their locations is available on request at privacy@analityqa.com.

5. Retention

Account data: as long as the account exists. After deletion, permanent erasure within 7 days (grace period), except for legal obligations (billing: 10 years, security logs: 12 months).

6. Your rights

You can at any time:

  • Access your data and obtain a copy — from Settings → Privacy → Export my data.
  • Rectify or complete your information.
  • Delete your account — from Settings → Privacy → Delete my account. 7-day grace period.
  • Withdraw your analytics consent at any time from the banner or settings.

Contact: privacy@analityqa.com.

7. Cookies

We use strictly necessary cookies (session, language preference) and, with your consent, analytics cookies. No advertising cookies.

8. Security

Encryption in transit (TLS 1.2+), encryption at rest of database connection credentials, customer data isolation, restricted and logged access to production systems.

9. Updates

This policy may be updated; material changes will be notified to you by email 30 days before they take effect.