Privacy Policy

We collect account and identity data such as name, work email, company, login credentials, and role information. We also process customer content and business data that you upload, connect, or generate inside the platform, plus support records, billing details, audit trails, API usage, IP address, browser information, device identifiers, and security telemetry needed to operate the service.

When GDPR applies, we process personal data under one or more lawful bases, including performance of a contract, legitimate interests in securing and improving the service, compliance with legal obligations, and consent where consent is specifically requested. When LGPD applies, processing may rely on execution of a contract, regular exercise of rights, legitimate interest, legal or regulatory obligation, fraud prevention and security, and consent when required by law or by the specific feature.

We use personal data to create and secure accounts, authenticate users, provide customer support, deliver billing and contractual communications, monitor performance, prevent abuse, comply with legal requirements, and improve the platform. We use customer business data only to provide the requested analytics, dashboarding, AI, automation, and platform administration features under the customer instructions expressed through product configuration and user actions. We do not sell personal data or use customer datasets for third-party advertising.

We use carefully selected subprocessors and service providers for hosting, storage, payments, observability, email delivery, and AI functionality. This may include Google Cloud Platform, Stripe, email infrastructure providers, OpenTelemetry-compatible observability tooling, and external or local language-model providers configured by the customer or by Iara Data. We require appropriate contractual, security, and confidentiality commitments from these providers.

Personal data may be processed in Brazil, the European Union, the United States, and other jurisdictions where Iara Data or its subprocessors operate. When cross-border transfers are required, we use contractual, organizational, and technical safeguards designed to support GDPR and LGPD requirements, including access controls, encryption, and applicable transfer mechanisms.

We keep personal data only for as long as needed to provide the service, comply with contractual commitments, resolve disputes, enforce agreements, maintain security records, and satisfy legal or regulatory obligations. Account records, billing records, and audit logs may be retained for statutory periods. Customer data deletion and retention windows depend on the plan, workspace configuration, backup cycles, and legal hold requirements.

We apply technical and organizational measures appropriate to the sensitivity of the data, including encryption in transit and at rest, tenant isolation, authentication controls, role-based access restrictions, logging, monitoring, backup procedures, and incident response processes. No system can be guaranteed to be completely secure, but we continuously review and improve our controls.

Depending on the applicable law and the service relationship, you may have rights to confirm processing, access your personal data, correct inaccurate or incomplete information, request portability, request anonymization, blocking, or deletion, obtain information about sharing, withdraw consent where consent is the legal basis, object to certain processing, and request review of decisions based solely on automated processing where applicable. Requests related to customer-controlled data may need to be handled by the relevant customer acting as controller.

Our website and platform may use cookies, local storage, and similar technologies to maintain sessions, remember preferences, secure authentication flows, measure reliability, and improve the user experience. Where legally required, we will request consent before enabling non-essential technologies. Browser settings may allow you to manage or disable some of these technologies, but doing so can affect functionality.

For privacy requests or questions about this policy, contact privacy@iaradata.com. For general inquiries, contact hello@iaradata.com. If local law requires a data protection contact or representative for a specific service arrangement, the applicable customer contract or order form may identify that role.