Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, and organization name when you register or authenticate
• Database Connection Information: Connection parameters necessary to connect to your databases (credentials are processed but not stored beyond the session unless you opt for saved connections)
• Query History: Natural language prompts and generated SQL queries to improve service quality
• Support Communications: Information you provide when contacting support

1.2 Information Collected Automatically

• Usage Data: Features used, query patterns (anonymized), error logs, and performance metrics
• Device Information: Browser type, operating system, JupyterLab version
• Log Data: IP address, access times, and diagnostic information

1.3 Information from Third-Party Integrations

When you connect the Service to third-party platforms (such as Notion or Slack), we may receive:

• Authentication tokens and identifiers
• Workspace or organization identifiers
• Limited profile information as authorized by you

2. How We Use Your Information

We use the collected information to:

• Provide, maintain, and improve the Service
• Process and execute your text-to-SQL queries
• Personalize your experience and improve query accuracy
• Respond to your inquiries and provide customer support
• Send administrative communications about the Service
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations

3. Data Sharing and Disclosure

We do not sell, rent, or share your personal information with third parties for marketing purposes.

We may share information in the following circumstances:

• Service Providers: With trusted third-party providers who assist in operating our Service, subject to confidentiality agreements
• Legal Requirements: When required by law, legal process, or governmental request
• Protection of Rights: To protect our rights, privacy, safety, or property, and that of our users
• Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified of any such change)

4. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this policy. Specifically:

• Account Information: Retained for the duration of your account and up to 30 days after deletion request
• Query History: Retained for up to 90 days unless you request earlier deletion
• Usage Analytics: Anonymized data may be retained indefinitely for service improvement
• Database Credentials: Not retained beyond the active session unless you enable saved connections

5. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

5.1 Access, Correction, and Portability

You have the right to access, correct, or request a copy of your personal data in a portable format.

5.2 Deletion

You may request deletion of your personal data. We will comply unless we have a legal obligation to retain the data.

5.3 Opt-Out

You may opt out of non-essential data collection and marketing communications at any time.

5.4 How to Exercise Your Rights

To exercise any of these rights, contact us at info@signalpilot.ai. We will respond to your request within 30 days.

6. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit (TLS 1.2 or higher) and at rest (AES-256)
• Secure authentication mechanisms including OAuth 2.0
• Regular security assessments and vulnerability testing
• Access controls and audit logging

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

7. Third-Party Services and Integrations

The Service may integrate with third-party platforms including Notion, Slack, and various database providers. Each third-party service has its own privacy policy, and we encourage you to review them:

• Notion Privacy Policy
• Slack Privacy Policy

We are not responsible for the privacy practices of third-party services.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses approved by relevant authorities.

9. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected and how it is used
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) including:

• Right to access, rectify, or erase your personal data
• Right to restrict or object to processing
• Right to data portability
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority

Our legal basis for processing includes: performance of contract, legitimate interests, and consent where applicable.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Effective Date" above. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at: