Data handling
Short version: we store your data in your region, we do not train anything on it, and you can delete it at any time and we propagate that deletion.
Where uploaded data lives
Uploaded CSVs, materialized dataset CSVs, and Bronze records live in our Postgres database and object storage, in the region you selected at sign-up. Everything is encrypted at rest with AES-256 and in transit with TLS 1.2+.
Access controls
Every record is org-scoped. RBAC inside the app gates admin actions (integrations, autonomy settings, billing) to the organization's admins. Platform engineers access your data only with written authorization and an audited session.
Deletion
Deleting a source or a dataset propagates to every derived artifact: Bronze records, materialization outputs, cached schemas, dataset-source join rows, and any track records that reference the deleted analysis. Permanent deletion lands within 24 hours.
Training
We do not train any ML or LLM models on your data. The only LLM calls in the product are the Dataset Agent and (optionally) the email Drafter — both are scoped to a single request and we do not persist prompt contents beyond the immediate run.
Retention
Materialized dataset CSVs auto-delete after 30 days of inactivity (configurable for Enterprise). Source credentials are held until the connection is removed. Audit logs are kept for 12 months.
Sub-processors
- Neon / Supabase — managed Postgres.
- Resend — transactional + track-record email.
- Anthropic / OpenAI — Dataset Agent + Drafter LLM calls, scoped to the immediate request.
- Sentry — error aggregation; PII is scrubbed at the ingest boundary.
- Vercel — application hosting + CDN.
Questions or takedowns
Email privacy@hunter-seeker.net. We respond within two business days.