← Back to Home

Privacy Policy

Last updated: January 22, 2025

1. Introduction

Data Shepherd ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered data transformation service.

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Display name (optional)
  • Authentication tokens (we use passwordless magic link login -- no passwords are stored)
  • Account preferences and settings

2.2 Payment Information

For paid subscriptions, payment processing is handled by Stripe. We do not store your complete credit card information. Stripe provides us with:

  • Last four digits of your card
  • Card expiration date
  • Billing address
  • Subscription status and history

2.3 Data You Upload

When you use our transformation service, you may upload data files. This data:

  • Is processed solely to perform your requested transformations
  • Is stored temporarily in secure, encrypted storage
  • Is automatically deleted according to your plan's retention policy
  • Is never shared with third parties or used to train AI models

2.4 Usage Information

We automatically collect certain information about your use of the Service:

  • IP address and approximate location
  • Browser type and version
  • Operating system
  • Pages visited and features used
  • Time and date of access
  • Transformation types and frequency

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve our data transformation services
  • Account Management: To create and manage your account, process transactions, and send account-related communications
  • Communication: To respond to inquiries, send service updates, and provide customer support
  • Analytics: To understand how users interact with our Service and identify areas for improvement
  • Security: To detect, prevent, and address technical issues, fraud, and abuse
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

4.1 Service Providers

We work with trusted third-party service providers who assist us in operating the Service:

  • Microsoft Azure: Cloud infrastructure and data processing
  • Stripe: Payment processing
  • Resend: Email delivery
  • Anthropic: AI model provider for generating transformation code

These providers are contractually obligated to protect your information and may only use it to perform services on our behalf.

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Data Security

We implement comprehensive security measures to protect your information:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Strict access controls limit who can access your data
  • Secure Infrastructure: Our services run on Microsoft Azure with enterprise-grade security
  • Regular Audits: We conduct regular security assessments and penetration testing
  • Isolated Processing: Data transformations run in isolated environments

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy:

  • Account Data: Retained while your account is active and for 30 days after deletion
  • Uploaded Files: Retained according to your subscription plan (typically 7-30 days)
  • Transformation Outputs: Available for download for 7 days after creation
  • Usage Logs: Retained for up to 90 days for analytics and troubleshooting
  • Billing Records: Retained for 7 years as required for tax and legal purposes

7. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your account and associated data
  • Export: Request a portable copy of your data
  • Opt-Out: Unsubscribe from marketing communications

To exercise these rights, please contact us at privacy@datashepherd.ai or use the settings in your account dashboard.

7.1 Email Preferences

You can manage your email preferences in your account settings. You may opt out of marketing emails, but we will still send you essential service-related communications (such as security alerts and billing notifications).

8. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience:

  • Essential Cookies: Required for the Service to function (authentication, security)
  • Analytics Cookies: Help us understand how users interact with the Service
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Note that disabling certain cookies may affect Service functionality.

9. International Data Transfers

Our services are hosted in the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

10. Children's Privacy

Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately so we can delete it.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information we collect and how it's used
  • Right to delete your personal information
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your privacy rights

To make a request, contact us at privacy@datashepherd.ai.

12. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation:

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to lodge a complaint with a supervisory authority

Our legal basis for processing your data includes: performance of our contract with you, our legitimate business interests, and your consent where applicable.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Data Shepherd
Privacy Officer
Email: privacy@datashepherd.ai
Support: support@datashepherd.ai