Privacy Policy

Last updated: 26 Aug 2025

This Privacy Policy explains how DeepDataFusion (“DeepDataFusion”, “we”, “our”, “us”) collects, uses, discloses, and protects information in connection with our websites and services, including SuperConsolidator (the “Service”).

1) Who we are (Controller) & contact

Controller: SAFE AI SOLUTIONS.
Contact for privacy: support@deepdatafusion.com

2) Scope

This Policy applies to visitors and users of our Service. By using the Service, you acknowledge this Policy. If you do not agree, please do not use the Service.

3) What we collect

Account data: name, email, organisation, authentication info (via Google OAuth 2.0).
Billing data: handled by Stripe (we do not store card numbers). We receive limited billing metadata (e.g., last 4, brand) for receipts and fraud prevention.
Customer content (“Inputs”): documents/files you upload (PDF, images, text, spreadsheets, etc.) and derived “Outputs” (tables, JSON, exports).
Usage & device data: log files, IP (transient), timestamps, user actions, device/browser info.
Cookies & analytics: essential cookies for security and session; optional analytics (Google Analytics 4) subject to your preferences.
Support data: messages, attachments, and metadata you send to us (support, feedback).

4) Sources of data

Directly from you (account registration, uploads, support).
Automatically via your use of the Service (logs, device data, cookies/analytics).
From third parties you connect (Google OAuth, payment providers).

5) How we use data & legal bases

Provide the Service: process your Inputs to produce Outputs, run features, authenticate users (contract necessity).
Billing & account: process subscriptions, detect fraud, send invoices/receipts (contract; legal obligations).
Security & abuse prevention: monitoring, access controls, incident response (legitimate interests; legal obligations).
Improve & support: troubleshoot, quality, UI/UX research with aggregated/de-identified data (legitimate interests).
Communications: service notices, changes to terms, and—where permitted—product updates/marketing (consent or opt-out as required).

AI-specific commitment: We do not use your private Inputs or Outputs to train our foundation models. We may use aggregated/de-identified statistics to improve reliability and safety.

We do not sell personal data. We disclose only as necessary:

Service providers / subprocessors: e.g., AWS (hosting/storage), Stripe (payments), Google (OAuth/analytics). See our Subprocessors page.
Professional advisers: accountants, auditors, lawyers (confidentiality bound).
Business transfers: merger, acquisition, or asset sale (we’ll notify you of material changes).
Legal: to comply with law, enforce agreements, or protect rights, safety, and security.

7) International transfers

We host primarily in AWS ap-southeast-1. If we transfer personal data across borders, we implement appropriate safeguards (e.g., contractual clauses and technical/organisational measures). Where required, we rely on EU Standard Contractual Clauses (and UK addenda) or obtain consent.

8) Retention

Customer content: retained until you delete it or your account is closed; we may keep limited backups for a short period.
Account & usage logs: typically up to 12 months (shorter for high-volume logs), unless needed for security, audits, or legal obligations.
Billing records: kept for 7 years (or as required by tax/accounting law).
Support tickets: typically up to 24 months.

9) Security

Storage: AWS S3 with server-side encryption at rest (AES-256); data in transit protected by TLS 1.2+.
Access: role-based access controls, logging, least-privilege principles, and secure key management.
Payments: handled by Stripe (PCI DSS Level 1 service provider). We do not store card numbers on our servers.
Incidents: if a data breach affecting your personal data occurs, we will notify you without undue delay in accordance with applicable law.

10) Cookies & analytics

Essential: authentication, security, load balancing, preferences (cannot be disabled).
Analytics (optional): Google Analytics 4 to understand usage and improve the Service; we honour regional controls and your consent choices. You can opt out or adjust preferences via our cookie banner and browser settings.

Your browser may offer Do Not Track or Global Privacy Control signals; where legally required, we honour them.

11) Your privacy rights

Depending on your location and applicable law, you may have rights to:

Access the personal data we hold about you;
Rectify inaccurate data and update your profile;
Delete your personal data (subject to legal exceptions);
Restrict or object to certain processing (e.g., direct marketing);
Port your data to another service;
Withdraw consent (where processing is based on consent);
Appeal important decisions and lodge a complaint with a supervisory authority.

How to exercise your rights: email support@deepdatafusion.com. We may ask for information to verify your identity/authority. If you are a California resident, you may use an authorised agent subject to verification. We will not discriminate against you for exercising your rights.

12) Regional disclosures

Malaysia (PDPA 2010): we process personal data in accordance with the Personal Data Protection Act 2010. You may contact the Personal Data Protection Department (JPDP) for guidance or to raise concerns.
EU/EEA & UK (GDPR/UK GDPR): our legal bases include contract, legitimate interests, consent, and legal obligations; you can lodge a complaint with your local Data Protection Authority.
California (CCPA/CPRA): you have rights to access, delete, correct, know, and opt-out of “sale”/“sharing” for cross-context behavioural advertising; we do not “sell” personal information as defined by CCPA/CPRA.

13) Children

The Service is not intended for individuals under 18. We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us and we will take appropriate action.

14) Your choices

Content control: you can upload, export, and delete your Customer content at any time.
Marketing: unsubscribe via in-email links or by contacting us.
Cookies: use the cookie banner to manage preferences; you may also block cookies in your browser (some features may not work).

15) Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will notify you (e.g., by email, in-app notice, or banner) before they take effect. Your continued use of the Service after the effective date constitutes your acceptance.

Entity & contact. Safe AI Solutions. Contact: support@deepdatafusion.com.

If you have unresolved concerns, you may contact your local data protection authority.