DATIRADATIRA
Log inGet Started

Privacy Policy

Last updated: March 10, 2026

1. Introduction

Brightsea Inc. ("Company," "we," "us," or "our") operates DATIRA (accessible at datira.ai) and WebPivotTable (WPT), our data analytics and pivot table solutions (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Please read this Privacy Policy carefully. By accessing or using DATIRA, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last updated" date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates.

2. Information We Collect

2.1 Personal Information You Provide

We may collect personal information that you voluntarily provide when you:

  • Register for an account (name, email address, password)
  • Subscribe to a paid plan (billing information, payment card details processed by our payment processor)
  • Contact us for support (contact information, correspondence content)
  • Participate in surveys, promotions, or other features
  • Create or join an organization within DATIRA

2.2 User Data You Upload

DATIRA allows you to upload, create, store, and process data files and datasets ("User Data"). You retain full ownership of your User Data. We process User Data solely to provide the Service to you and do not access, use, or share your User Data for any other purpose except as described in this Privacy Policy or as required by law.

User Data may include:

  • CSV, Excel, JSON, and other data files you upload
  • Reports, dashboards, and analyses you create
  • Data cleaning configurations and transformations
  • AI-assisted query history and responses

2.3 Automatically Collected Information

When you access the Service, we automatically collect certain information:

  • Device Information: Device type, operating system, browser type and version, unique device identifiers
  • Log Data: IP address, access times, pages viewed, referring URL, actions taken within the Service
  • Usage Analytics: Features used, session duration, interaction patterns, error logs
  • Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities

2.4 Information from Third Parties

We may receive information about you from:

  • Authentication Providers: If you sign in using Google, GitHub, or other OAuth providers, we receive your name, email, and profile picture as authorized by you
  • Payment Processors: Transaction confirmations and limited billing information (we do not store full payment card numbers)
  • Analytics Services: Aggregated usage data from third-party analytics providers

3. How We Use Your Information

We use the information we collect to:

  • Provide and Maintain the Service: Process your data, generate reports, store your files, and deliver the core functionality of DATIRA
  • Process Transactions: Manage subscriptions, process payments, and send billing-related communications
  • Improve the Service: Analyze usage patterns, diagnose technical issues, and develop new features
  • Communicate with You: Send transactional emails, service announcements, security alerts, and (with your consent) marketing communications
  • Provide Customer Support: Respond to inquiries, troubleshoot issues, and assist with your account
  • AI Features: Process your queries to provide AI-powered data analysis, pivot table generation, report building, and dashboard creation
  • Security and Fraud Prevention: Detect, investigate, and prevent fraudulent transactions, abuse, and unauthorized access
  • Legal Compliance: Comply with applicable laws, regulations, legal processes, and governmental requests

4. AI and Machine Learning Features

DATIRA includes AI-powered features that process your data and queries to help you pivot data, generate reports, build dashboards, and perform natural language analytics. When you use these features:

  • Your queries and relevant data context are sent to AI processing services to generate responses
  • We use third-party AI providers (such as OpenAI, Anthropic, or similar services) to power certain AI features
  • Your data may be temporarily processed by these providers to generate responses, subject to their privacy policies and our data processing agreements
  • We do not use your User Data to train general AI models; your data is used only to provide responses to your specific requests
  • AI conversations and suggestions are associated with your account for convenience but can be deleted upon request

You can control AI feature usage through your account settings. Disabling AI features will prevent your data from being processed by AI systems but may limit Service functionality.

5. Data Storage and Security

5.1 Data Storage

Your data is stored on secure cloud infrastructure provided by Amazon Web Services (AWS) in the United States. Free tier users may use browser-based memory mode where data is processed locally and not stored on our servers. Pro and Business tier users utilize server-side storage and compute (powered by DuckDB) for enhanced performance and sharing capabilities.

5.2 Security Measures

We implement industry-standard security measures to protect your information:

  • Encryption at Rest: All stored data is encrypted using AES-256 encryption via AWS Key Management Service (KMS)
  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
  • Access Controls: Strict role-based access controls limit internal access to user data
  • Server-Side Compute: For shared reports, raw data is processed server-side; viewers only receive aggregated results, never raw data
  • Regular Audits: We conduct periodic security assessments and vulnerability testing
  • Secure Development: Our development practices follow OWASP guidelines and include code review and security testing

5.3 Data Retention

We retain your personal information and User Data for as long as your account is active or as needed to provide services. When you delete your account, we will delete or anonymize your data within 30 days, except where we are required to retain data for legal compliance, dispute resolution, or fraud prevention.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information in the following circumstances:

6.1 With Your Consent

When you share reports or dashboards via public links, with specific users, or within your organization, the shared content becomes accessible to those recipients according to your sharing settings.

6.2 Service Providers

We share data with trusted third-party service providers who assist us in operating the Service:

  • Cloud Infrastructure: Amazon Web Services (AWS) for hosting and data storage
  • Payment Processing: Stripe for payment processing (we do not store your full card details)
  • AI Services: OpenAI, Anthropic, or similar providers for AI-powered features
  • Email Services: Transactional email providers for service communications
  • Analytics: Privacy-respecting analytics services to understand usage patterns

All service providers are bound by data processing agreements and are prohibited from using your data for purposes other than providing services to us.

6.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Subpoenas, court orders, or other legal processes
  • Requests from government authorities
  • To protect the rights, property, or safety of Brightsea Inc., our users, or the public
  • To investigate potential violations of our Terms of Service

6.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

7. Your Rights and Choices

7.1 Account Information

You may access, update, or delete your account information at any time through your account settings. You can also request a copy of your personal data by contacting us.

7.2 Data Portability

You can export your User Data (reports, data sources, configurations) at any time in standard formats. We support export of your data to facilitate migration to other services.

7.3 Data Deletion

You can delete individual reports, data sources, or your entire account. Upon account deletion, we will delete your data within 30 days, except where retention is required for legal compliance.

7.4 Communications Preferences

You may opt out of marketing communications by clicking "unsubscribe" in any marketing email or updating your preferences in account settings. You cannot opt out of transactional communications related to your account or the Service.

7.5 Cookies

Most web browsers accept cookies by default. You can usually modify your browser settings to decline cookies, but this may affect your ability to use certain features of the Service.

7.6 Do Not Track

We do not currently respond to Do Not Track signals. We will update this policy if we adopt a Do Not Track standard in the future.

8. Regional Privacy Rights

8.1 European Economic Area (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal Basis: We process your data based on: (a) your consent, (b) performance of a contract, (c) compliance with legal obligations, or (d) our legitimate interests
  • Right to Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Request limited processing of your data
  • Right to Object: Object to processing based on legitimate interests
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

For international data transfers, we rely on Standard Contractual Clauses approved by the European Commission and other appropriate safeguards.

8.2 California (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request disclosure of personal information collected, sources, purposes, and third parties with whom it is shared
  • Right to Delete: Request deletion of personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at support@brightsea.ca. We will respond to verifiable consumer requests within 45 days.

8.3 Canada (PIPEDA)

If you are located in Canada, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). You have the right to access, correct, and withdraw consent for the collection and use of your personal information. Contact our Privacy Officer at support@brightsea.ca to exercise these rights.

9. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately at support@brightsea.ca, and we will take steps to delete such information.

10. International Data Transfers

Brightsea Inc. is headquartered in Canada. Your information may be transferred to, stored, and processed in the United States or other countries where our service providers are located. These countries may have different data protection laws than your country of residence.

When we transfer data internationally, we implement appropriate safeguards, including:

  • Standard Contractual Clauses approved by relevant authorities
  • Data Processing Agreements with all service providers
  • Encryption of data in transit and at rest
  • Compliance with applicable data protection frameworks

11. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our Service.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may also send you an email notification.

Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Brightsea Inc.

Privacy Inquiries and Data Requests:
Email: support@brightsea.ca

Sales Inquiries:
Email: sales@brightsea.ca

We will respond to all privacy-related inquiries within 30 days, or sooner as required by applicable law.