Databaset

Legal

Privacy Policy

How we handle account data, API usage, and the memory content you store through our platform.

Effective January 1, 2026 · Last reviewed June 2026

1. Introduction

Databaset ("we", "us", "our") operates databaset.com and related services including app.databaset.com and docs.databaset.com. This Privacy Policy explains what we collect, how we use it, who we share it with, and your rights. We built Databaset for developers who store end-user context in AI applications. You remain the controller of your users' data; we act as a processor when we store memories on your behalf.

2. Information We Collect

Account information

  • Name, email, and organization when you create an account
  • Billing address and plan tier (payment cards handled by Stripe; we never store full card numbers)
  • Support tickets and email correspondence

Usage data

  • API request counts, memory store/recall volumes, and error rates
  • Dashboard activity: searches, exports, and configuration changes
  • Feature flags and onboarding progress

Memory data (your application content)

  • Text submitted via memory.store() and related SDK methods
  • Associated userId, appId, metadata, and timestamps
  • Vector embeddings derived from your text for semantic search
  • We do not read memory content for advertising, resale, or model training

Technical data

  • IP address, user agent, and approximate region for abuse prevention
  • Request logs retained 30 days for security and debugging
  • Cookies and local storage for authentication sessions only

3. How We Use Information

  • Operate, maintain, and improve the Databaset API and dashboard
  • Process billing, send invoices, and notify you of usage limits
  • Respond to support requests and security incidents
  • Detect fraud, abuse, and violations of our Terms of Service
  • Publish aggregated, anonymized usage statistics (never your memory content)
  • We never sell personal data or memory content to third parties
  • We never use your stored memories to train foundation models

4. Data Storage & Security

We apply industry-standard controls across infrastructure and application layers:

  • Data encrypted at rest with AES-256
  • TLS 1.3 for data in transit
  • API keys stored as one-way SHA-256 hashes
  • Per-user memory isolation enforced at the database layer
  • Regular dependency patching and annual third-party security reviews
  • SOC 2 Type I audit planned for H1 2026 (Enterprise customers notified first)

5. Data Retention

  • Active memories: retained while your account is active and you do not delete them
  • Deleted memories: purged from primary storage within 30 days; backups within 7 days
  • Account data after cancellation: retained 90 days for export, then deleted
  • Server logs: 30 days
  • Billing records: 7 years where required by tax law

6. Sharing Your Data

We share data only with subprocessors required to run the service:

  • Supabase (PostgreSQL hosting and authentication)
  • Stripe (payment processing)
  • Upstash (rate limiting and caching)
  • Cloudflare (CDN and DDoS protection)
  • We do not share data with ad networks or data brokers
  • A current subprocessor list is available on request at app@databaset.com

7. Your Rights

Depending on your location, you may have the following rights. EU/UK residents have GDPR rights; California residents have CCPA rights.

  • Access: request a copy of account and memory data you control
  • Export: download memories via API or dashboard export
  • Deletion: delete individual memories or your entire account
  • Correction: update inaccurate account information
  • Restriction and objection: contact us to limit certain processing
  • Data portability: receive data in a machine-readable format
  • To exercise rights: app@databaset.com (we respond within 30 days)

8. Cookies

  • Session cookies for dashboard authentication (essential)
  • Theme preference stored in localStorage (functional)
  • No third-party advertising or cross-site tracking cookies
  • Marketing site analytics are privacy-preserving and cookieless where possible

9. Children's Privacy

Databaset is not directed at children under 13 (or 16 in the EU where applicable). We do not knowingly collect personal information from children. If you believe a child has provided data, contact app@databaset.com and we will delete it.

10. Changes to This Policy

Material changes are announced by email at least 30 days before they take effect. The effective date at the top of this page will be updated. Continued use after the effective date constitutes acceptance.

11. Contact Us

Data protection inquiries: app@databaset.com · General: app@databaset.com · Registered address available on request for Enterprise contracts.