Datafi Labs, Inc. (“Datafi,” “we,” “our,” or “us”) is committed to protecting the privacy and security of the personal information entrusted to us by our customers, website visitors, and platform users. This Privacy Policy describes in detail how we collect, use, share, retain, and protect your personal information when you visit our website at datafi.co (the “Site”), use the Datafi platform including Studio, Control Tower, Sentinel, and Orchestrate (collectively, the “Platform”), or otherwise interact with our services (together with the Site and Platform, the “Services”).
By accessing or using any of our Services, you acknowledge that you have read and understood this Privacy Policy. If you are using the Services on behalf of an organization, you confirm that you are authorized to accept this policy on that organization’s behalf.
We collect information through several channels depending on how you interact with our Services. The categories below describe the types of personal information we may collect.
- Account and Profile Information: When you create an account, request a demo, or register for an event, we collect your full name, business email address, company name, job title, department, phone number, and any other information you choose to provide in your profile.
- Contact and Inquiry Information: When you fill out a contact form, subscribe to our newsletter, request documentation, or communicate with our sales or support teams, we collect the information included in your correspondence, including the content of messages, attachments, and metadata.
- Payment and Billing Information: When you purchase a subscription or service, we collect billing name, billing address, purchase order numbers, and payment method details. Payment card information is processed directly by our PCI DSS-compliant third-party payment processors and is not stored on our servers.
- Customer Data: Data that you or your authorized users upload, submit, or transmit through the Platform in connection with your use of the Services (“Customer Data”). Customer Data is processed in accordance with our customer agreements and Data Processing Addendum (DPA).
- Employment and Application Information: If you apply for a position at Datafi, we collect your resume, cover letter, work history, education, references, and any other information you submit as part of the application process.
- Event and Webinar Information: When you register for or attend our webinars, conferences, or other events, we collect registration details including dietary preferences, accessibility requirements, and session interests.
- Usage and Interaction Data: We automatically collect information about how you interact with our Services, including pages and features accessed, search queries within the Platform, clickstream data, session duration, feature adoption patterns, and workflow configurations.
- Device and Browser Information: We collect your IP address, browser type and version, operating system, screen resolution, device type, device identifiers, language preferences, and referring URLs.
- Log Data: Our servers automatically record information including your IP address, access times, pages viewed, system activity, hardware settings, and the request that led you to our Services.
- Location Information: We infer your approximate geographic location based on your IP address. We do not collect precise GPS-based location data.
1.3 Cookies and Similar Technologies
We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your browsing activity, remember your preferences, authenticate sessions, and measure the effectiveness of our marketing campaigns. The types of cookies we use include:
- Strictly Necessary Cookies: Required for the operation of the Services, such as session management and security tokens. These cannot be disabled.
- Functional Cookies: Enable enhanced functionality and personalization, such as remembering your display preferences and form inputs.
- Analytics Cookies: Help us understand how visitors interact with the Site by collecting aggregated, anonymous usage statistics. We use tools such as Google Analytics, which operates under its own privacy policy.
- Marketing Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns across platforms. These are only placed with your consent where required by law.
You can manage your cookie preferences through your browser settings or through the cookie consent banner presented when you first visit our Site. Please note that disabling certain cookies may affect the functionality of the Services.
- Integration Partners: When you connect third-party applications or data sources to the Datafi Platform, we receive information from those services as authorized by your integration configuration.
- Business Data Providers: We may receive firmographic data (company size, industry, revenue range) from trusted business intelligence providers to enrich account profiles and improve our sales outreach.
- Social Media Platforms: If you interact with our social media pages or use social login features, we may receive profile information consistent with the permissions you have granted on those platforms.
- Referral Partners: If a business partner or existing customer refers you to Datafi, we may receive your name and contact information in connection with that referral.
We process your personal information for the following purposes, each supported by a lawful basis under applicable data protection law (such as contractual necessity, legitimate interests, consent, or legal obligation):
2.1 Providing and Operating the Services
- Creating and managing your user account and authenticating access
- Processing, delivering, and maintaining your subscription to the Platform
- Providing technical support, responding to service requests, and troubleshooting issues
- Processing payments, invoicing, and managing billing records
- Communicating with you about your account, service updates, downtime notifications, and security alerts
2.2 Improving and Developing the Services
- Analyzing usage patterns and trends to improve Platform features, performance, and reliability
- Conducting internal research and development, including training and improving our AI and machine learning models using aggregated, anonymized data
- Performing A/B testing and user experience optimization
- Identifying and fixing bugs, errors, and security vulnerabilities
2.3 Marketing and Communications
- Sending newsletters, product announcements, feature updates, and educational content (with your consent where required)
- Delivering targeted advertising and measuring campaign effectiveness
- Inviting you to events, webinars, and surveys
- Personalizing your experience on the Site based on your interests and preferences
2.4 Security and Compliance
- Detecting, preventing, and investigating fraud, unauthorized access, and other malicious activity
- Monitoring for and responding to security threats and incidents
- Enforcing our Terms of Service and other agreements
- Complying with legal obligations, regulatory requirements, court orders, and lawful government requests
- Establishing, exercising, or defending legal claims
We do not sell, rent, or trade your personal information. We share your information only in the following circumstances:
3.1 Service Providers and Processors
We engage trusted third-party companies and individuals to perform services on our behalf, including cloud hosting and infrastructure providers, payment processors, email delivery services, analytics providers, customer support tools, and security monitoring services. These service providers are contractually bound to process your information only as instructed by us, maintain its confidentiality, and implement appropriate security measures.
3.2 Business Partners
We may share information with channel partners, resellers, or technology partners in connection with joint product offerings, co-marketing activities, or integration support, but only with your consent or as necessary to deliver a service you have requested.
3.3 Professional Advisors
We may disclose information to our attorneys, auditors, accountants, and insurers as necessary for them to provide professional services to us.
3.4 Legal and Regulatory Obligations
We may disclose your information when we believe in good faith that disclosure is required or permitted by law, regulation, legal process, or governmental request, or when necessary to protect the rights, property, or safety of Datafi Labs, Inc., our users, or the public.
3.5 Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, asset sale, or similar corporate transaction, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information via email or a prominent notice on our Site.
3.6 With Your Consent
We may share your information in other circumstances where you have given us explicit consent to do so.
4. Data Retention
We retain your personal information for as long as reasonably necessary to fulfill the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements. Specific retention periods vary based on the type of data and purpose:
- Account Data: Retained for the duration of your active account and for up to 12 months following account closure, unless a longer retention period is required by law.
- Customer Data: Retained in accordance with the terms of your customer agreement and DPA. Upon termination, Customer Data is made available for export for 30 days, after which it is securely deleted.
- Transaction and Billing Records: Retained for a minimum of 7 years to comply with tax and financial reporting obligations.
- Marketing Preferences: Retained until you withdraw your consent or unsubscribe.
- Log and Usage Data: Generally retained for up to 24 months for analytics and security purposes, then aggregated or anonymized.
- Job Applicant Data: Retained for 24 months following the conclusion of the hiring process, unless you request earlier deletion.
When personal information is no longer needed, we securely delete it using industry-standard data destruction methods or irreversibly anonymize it so that it can no longer be associated with you.
5. Data Security
We implement comprehensive technical and organizational security measures designed to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include but are not limited to:
- Encryption: All data in transit is protected with TLS 1.3. Data at rest is encrypted using AES-256 with keys managed through a dedicated key management service featuring automatic rotation.
- Access Controls: Role-based access control (RBAC) with least-privilege principles, multi-factor authentication (MFA) for all employees and administrative accounts, and single sign-on (SSO) support for enterprise customers.
- Infrastructure Security: Our Platform is hosted on enterprise-grade cloud infrastructure within SOC 2 Type II certified data centers, with network segmentation, firewalls, intrusion detection and prevention systems, and DDoS mitigation.
- Security Testing: Regular penetration testing by independent third parties, automated vulnerability scanning, code security reviews, and a formal bug bounty program.
- Employee Training: All employees undergo security awareness training upon hiring and annually thereafter, with role-specific training for personnel who handle sensitive data.
- Incident Response: A formal incident response plan with defined roles, escalation procedures, and post-incident review processes.
For more details on our security practices and compliance certifications, please visit our Security page.
6. Your Rights and Choices
Depending on your location and applicable law, you may have certain rights regarding your personal information. We are committed to respecting and facilitating these rights.
6.1 Rights Under GDPR (European Economic Area, United Kingdom, and Switzerland)
If you are located in the EEA, UK, or Switzerland, you have the right to:
- Access: Request a copy of the personal information we hold about you.
- Rectification: Request correction of inaccurate or incomplete personal information.
- Erasure: Request deletion of your personal information where there is no compelling reason for continued processing.
- Restriction: Request that we restrict the processing of your personal information in certain circumstances.
- Portability: Receive your personal information in a structured, commonly used, machine-readable format and transmit it to another controller.
- Objection: Object to processing based on legitimate interests or for direct marketing purposes.
- Withdraw Consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.
- Lodge a Complaint: File a complaint with your local data protection supervisory authority.
We process personal information under the following legal bases: performance of a contract, legitimate business interests (such as improving our Services and preventing fraud), compliance with legal obligations, and consent.
6.2 Rights Under CCPA / CPRA (California Residents)
If you are a California resident, you have the right to:
- Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources of collection, our business purposes for collecting it, and the categories of third parties with whom we share it.
- Delete: Request deletion of your personal information, subject to certain legal exceptions.
- Correct: Request correction of inaccurate personal information we maintain about you.
- Opt Out of Sale or Sharing: Datafi does not sell personal information and does not share personal information for cross-context behavioral advertising.
- Non-Discrimination: Exercise your privacy rights without receiving discriminatory treatment from us.
- Limit Use of Sensitive Personal Information: Direct us to limit the use and disclosure of sensitive personal information to what is necessary to perform the Services.
In the preceding 12 months, we have collected the categories of personal information described in Section 1 of this policy. We have not sold personal information. We may disclose personal information for business purposes to the categories of recipients described in Section 3.
6.3 Rights Under Other Jurisdictions
If you are located in Brazil (LGPD), Canada (PIPEDA), Australia (Privacy Act 1988), or other jurisdictions with applicable data protection legislation, you may have similar rights. We will honor your requests in accordance with applicable local law.
6.4 How to Exercise Your Rights
To submit a rights request, please email us at [email protected] with the subject line “Privacy Rights Request.” We will verify your identity before processing your request using the information associated with your account. We aim to respond to all verified requests within 30 days (or within the timeframe required by applicable law). If we need additional time, we will notify you of the extension and the reasons.
You may also designate an authorized agent to submit a request on your behalf. We may require the agent to provide proof of authorization and verify your identity directly.
6.5 Marketing Opt-Out
You can unsubscribe from marketing emails at any time by clicking the “unsubscribe” link in any marketing email, or by contacting us at [email protected]. Please note that even after opting out of marketing communications, you will continue to receive transactional and service-related emails that are essential to your use of the Services.
7. International Data Transfers
Datafi Labs, Inc. is headquartered in Renton, Washington, United States. If you access our Services from outside the United States, your personal information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.
When we transfer personal information from the European Economic Area, United Kingdom, or Switzerland to countries that have not received an adequacy determination, we rely on the following safeguards:
- Standard Contractual Clauses (SCCs): We enter into European Commission-approved Standard Contractual Clauses with our data processors and sub-processors located outside the EEA.
- Data Processing Addendum: Enterprise customers may execute our DPA, which incorporates SCCs and supplementary measures, including encryption, access controls, and transfer impact assessments.
- UK International Data Transfer Addendum: For transfers from the UK, we execute the UK Addendum to the EU SCCs as approved by the UK Information Commissioner’s Office.
We conduct transfer impact assessments to evaluate the legal framework in the receiving country and implement supplementary measures where necessary to ensure an essentially equivalent level of data protection.
8. Children’s Privacy
Our Services are designed for business use and are not directed to individuals under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect, solicit, or maintain personal information from anyone under the age of 16. If we become aware that we have inadvertently collected personal information from a child under the applicable age, we will take prompt steps to delete that information. If you believe that a child has provided us with personal information, please contact us immediately at [email protected].
9. Third-Party Links and Integrations
Our Services may contain links to third-party websites, applications, or services that are not operated or controlled by Datafi. This Privacy Policy does not apply to those third-party properties. We encourage you to review the privacy policies of any third-party services you access through our Platform. We are not responsible for the privacy practices of third parties.
When you connect third-party data sources or applications to the Datafi Platform through our integration capabilities, the data exchanged is governed by both this Privacy Policy and the privacy policy of the respective third-party provider. You are responsible for reviewing and accepting the terms of any third-party integration you configure.
10. Do Not Track Signals
Some web browsers transmit “Do Not Track” (DNT) signals to websites. Because there is no universally accepted standard for how to respond to DNT signals, our Site does not currently respond to DNT browser signals. However, you can manage your tracking preferences through the cookie management tools described in Section 1.3 above.
11. Data Processing Addendum
For enterprise and business customers, we offer a Data Processing Addendum (DPA) that governs the processing of Customer Data in compliance with GDPR, CCPA, and other applicable data protection regulations. The DPA includes Standard Contractual Clauses, descriptions of our technical and organizational security measures, and sub-processor disclosures. To request a copy of our DPA, please contact [email protected].
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:
- Post the updated Privacy Policy on this page with a revised “Effective date”
- Notify you by email (using the email address associated with your account) if the changes materially affect how we process your personal information
- Provide a summary of key changes for your convenience
We encourage you to review this Privacy Policy periodically. Your continued use of the Services after the effective date of any updated Privacy Policy constitutes your acknowledgment of the revised terms.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: [email protected]
- Legal Entity: Datafi Labs, Inc.
- Mailing Address: 314 Williams Ave South #1245, Renton, WA 98057, United States
For matters related to data processing agreements, sub-processor lists, or compliance certifications, please contact [email protected].