Privacy Policy

At d8a, we value your privacy and are committed to protecting your personal information. This Privacy Policy outlines how we collect, use, and safeguard your data when you use our Software-as-a-Service (SaaS) platform.

By using d8a, you consent to the practices described in this Privacy Policy. If you do not agree with any part of this policy, please refrain from using d8a.

1. Information We Collect

1.1 Personal Information

When you create an account or use certain features of d8a, we collect:

• Name and email address
• Billing and payment information
• Company information and job title
• Support and communication records

1.2 Platform Usage Data

We collect data about how you use d8a, including:

• Login times and frequency
• Features accessed and configuration settings
• Technical information (IP address, browser type, device information)
• Platform performance and error logs

1.3 Cookies and Similar Technologies

d8a uses cookies and similar tracking technologies to enhance your experience and gather information about your usage patterns on our platform.

1.4 Important Distinction: Your Website/App Data

We are NOT a processor of personal data collected on your websites or applications. d8a serves as analytics infrastructure that routes your website/app data directly to your specified data warehouse. We do not access, process, or store the personal data of your website visitors or app users.

For EU users who want to ensure their data sovereignty, you should choose a hosting location in Europe through our Cloud offering or install our self-hosted version.

2. How We Use Your Information

2.1 Service Provision

We use your personal information to:

• Provide, maintain, and improve d8a’s services
• Process payments and manage your account
• Provide customer support and respond to inquiries
• Ensure platform security and prevent fraud

2.2 Communications and Marketing

• Service Communications: Important updates, security alerts, and service announcements
• Marketing Communications: With your explicit consent, we may send you promotional content about d8a features, partner offers, and industry insights
• Subscription Management: You can unsubscribe from marketing communications at any time while maintaining service-related communications

2.3 Analytics and Improvement

We use aggregated and anonymized data for analytical and statistical purposes to improve our service.

3. Data Sharing and Disclosure

• d8a will not sell, rent, or lease your personal information to third parties.

• We may share your information with trusted service providers who assist us in operating and maintaining d8a, including:

  • Payment processors
  • Cloud infrastructure providers
  • Customer support tools
  • Email service providers

  All such providers are bound by confidentiality obligations and data processing agreements.

• We may disclose your information if required by law or when we believe such action is necessary to protect our rights or comply with legal proceedings.

• In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4. Data Security

• d8a implements industry-standard security measures including encryption, access controls, and regular security audits to protect your personal information from unauthorized access, loss, misuse, or alteration.
• We follow security frameworks appropriate for HIPAA and GDPR requirements.
• While we implement robust security measures, no method of data transmission over the internet or electronic storage is entirely secure. We cannot guarantee absolute security but commit to promptly addressing any security incidents.

5. Your Rights and Choices

5.1 GDPR Rights (EU Users)

If you are in the European Union, you have the right to:

• Access your personal data
• Correct inaccurate personal data
• Delete your personal data (subject to legal retention requirements)
• Restrict processing of your personal data
• Data portability
• Object to processing based on legitimate interests

5.2 All Users

• Account Access: View and update your account information through your dashboard
• Marketing Preferences: Unsubscribe from marketing communications
• Data Deletion: Request deletion of your account and associated data

5.3 Exercising Your Rights

Contact us at privacy@d8a.tech to exercise any of these rights. We will respond within 30 days.

6. Data Retention

• Account Data: Analytics configurations and account data are retained while your account is active and deleted within 30 days of account cancellation.
• Personal Information: Email addresses, billing information, and support records may be retained for up to 12 months after account cancellation for business and legal purposes.
• Legal Requirements: Some data may be retained longer where required by law, including financial records and audit trails.

7. Third-Party Links

d8a may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these websites. Please review their privacy policies before using them.

8. Children’s Privacy

d8a is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected such information, please contact us immediately at privacy@d8a.tech.

9. Subprocessors

We engage the following categories of subprocessors to provide our services:

Infrastructure and Hosting

• Google Cloud Platform (GCP) — Cloud infrastructure and hosting (EU regions available)

Payment Processing

• Stripe, Inc. — Payment processing and billing

Communication and Support

• SendGrid (Twilio) — Email delivery services
• Google Workspace — Internal and external communication
• Slack Technologies — Internal communication (for support purposes)

Analytics and Monitoring

• Sentry — Error monitoring and performance tracking

All subprocessors are contractually bound to maintain the same level of data protection as outlined in this Privacy Policy and are subject to data processing agreements.

We will provide 30 days’ notice before adding new subprocessors or making material changes to existing subprocessor arrangements. EU customers may object to new subprocessors and terminate their agreement if suitable alternatives cannot be found.

10. Technical and Organizational Measures

10.1 Access Controls

• Multi-factor authentication for all administrative accounts
• Role-based access control with principle of least privilege
• Regular access reviews and deprovisioning procedures
• Encrypted authentication tokens and API keys

10.2 Data Encryption

• Data encrypted in transit using TLS 1.3
• Data encrypted at rest using AES-256 encryption
• Database encryption with customer-managed keys available
• End-to-end encryption for data pipeline communications

10.3 Infrastructure Security

• ISO 27001 and SOC 2 Type II compliant infrastructure
• Regular vulnerability assessments and penetration testing
• Network segmentation and firewall protection
• Intrusion detection and prevention systems
• Automated security monitoring and incident response

10.4 Data Minimization and Retention

• Automated data retention policies
• Regular data purging procedures
• Data anonymization and pseudonymization where applicable
• Minimal data collection principles

10.5 Personnel Security

• Background checks for employees with data access
• Regular security awareness training
• Signed confidentiality agreements
• Segregation of duties for critical operations

10.6 Incident Response

• 24/7 security monitoring
• Documented incident response procedures
• Breach notification within 72 hours (GDPR compliance)
• Regular security incident drills and testing

10.7 Business Continuity

• Regular data backups with encryption
• Disaster recovery procedures tested quarterly
• Geographic data redundancy
• Service level agreements for availability

10.8 Compliance and Auditing

• Regular internal security audits
• Compliance with HIPAA, GDPR, and SOC 2 standards
• Detailed audit logs and monitoring

11. International Data Transfers

• Your information may be transferred to and processed in countries other than your country of residence, including the United States.
• We implement appropriate safeguards, including Standard Contractual Clauses, to ensure your data is protected during international transfers.

12. Changes to this Privacy Policy

• We may update this Privacy Policy from time to time. Material changes will be communicated via email and posted on our website.
• The “Last updated” date will be revised accordingly, and continued use of our service constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us at:

• Email: privacy@d8a.tech
• Data Protection Officer: dpo@d8a.tech