Privacy Policy

Effective April 16, 2026 · Version 1.0 · Databasin LLC · 707 Spirit 40 Park Drive, Ste. 120, Chesterfield, Missouri 63005 · info@databasin.co

Terms of Service → Data Use Agreement →

1. About this Policy

Databasin LLC ("Databasin," "we," "our," or "us") operates the Databasin platform — a software-as-a-service data integration and analytics product (the "Platform"). This Privacy Policy explains what personal information we collect, how we use it, and the rights you have. It applies to the Databasin websites at databasin.ai and databasin.co (the "Websites") and to the Databasin SaaS Platform accessed at app.databasin.ai .

It does not cover Databasin Self-Install deployments, where Databasin software runs inside your own Azure tenant under your own security and privacy policies. See our Data Use Agreement for details on Self-Install and on how we handle Customer Data.

By using our Websites or creating an account on the Platform, you agree to the practices described here.

2. Who We Are

Databasin LLC
707 Spirit 40 Park Drive, Ste. 120
Chesterfield, Missouri 63005, United States
Email: info@databasin.co

3. The Information We Collect

Information you give us. Name, business email, job title, employer, and optional phone number when you create an account, submit a contact form, request a demo, or communicate with sales or support. Billing name and address are collected for invoicing; full payment card numbers are handled by our payment processor and do not touch Databasin servers. If you sign in using Microsoft (Azure AD), we receive your email and display name from Microsoft; we never receive your password.

Information we collect automatically. IP address, browser type and version, operating system, referring URL, language preference, pages and features you use, session duration, API calls, cluster start/stop times, and query counts. This data lets us meter usage for billing, improve the Platform, and troubleshoot issues.

Session analytics on the Websites. We use Microsoft Clarity on our marketing Websites (not on the Platform itself) to understand how visitors navigate our pages. Clarity records mouse movement, clicks, scrolling, and page interactions. Clarity is configured to mask content in input fields (including passwords and credit-card fields).

Marketing and CRM. We use HubSpot to manage marketing communications, contact forms, and our sales pipeline. If you submit a form on our Websites, your contact information is stored in HubSpot.

4. Customer Content

When your organization uses the Databasin Platform, you connect data sources and run pipelines, queries, and AI workloads. The resulting data — tables, files, query results, model outputs — is "Customer Content." We process Customer Content only to provide the Platform to you. We treat Customer Content as confidential and handle it under our Data Use Agreement .

Databasin does not use Customer Content to train artificial intelligence or machine learning models.

5. How We Use Your Information

We use personal information to:

  • Create, authenticate, and manage your account
  • Bill you for usage and process payments through Stripe or Azure Marketplace
  • Deliver the Platform, respond to support tickets, and debug issues
  • Send product updates, security notices, billing communications, and service announcements
  • Market Databasin products to prospects and existing customers — you can opt out of marketing at any time
  • Detect, prevent, and investigate fraud, abuse, and violations of our Terms of Service
  • Comply with our legal obligations and defend our rights

6. How We Share Information

We do not sell your personal information. We do not share your personal information with third parties for their own advertising purposes.

We share personal information with:

  • Sub-processors (listed in Section 7) who provide infrastructure or business functions on our behalf under written agreements that restrict their use to those functions
  • Professional advisors — lawyers, accountants, and auditors, under confidentiality
  • In response to lawful requests — court orders, subpoenas, and valid government requests; we challenge overbroad or improper requests
  • In a business transaction — if Databasin is involved in a merger, acquisition, or sale of assets, personal information may transfer to the successor entity under the same privacy commitments
  • With your consent — when you expressly direct us to

7. Sub-processors

Databasin uses the following third-party services to deliver the Platform and Websites. All are located in the United States.

  • Microsoft Azure — Platform hosting, cloud storage, compute, networking, and private AI (Azure OpenAI Service) for default Databasin One AI features
  • Stripe — payment processing for SaaS subscriptions
  • Microsoft Azure Marketplace — billing for Self-Install customers
  • HubSpot — customer relationship management, marketing email, contact-form processing
  • Microsoft Clarity — website behavioral analytics (marketing Websites only, not the Platform)

By default the Platform uses Azure's private AI infrastructure (Azure OpenAI Service), meaning Customer Content submitted to AI features is not used to train third-party models. Customers may alternately configure the Platform to use their own separately-procured large language model provider (for example Anthropic, OpenAI direct, or an on-premises model). When a customer does so, that provider's terms and privacy practices apply to the Customer Content sent to it — outside Databasin's control.

The Platform supports hundreds of connectors to third-party data sources that our customers choose to connect (for example Salesforce, Google Analytics, Workday, Epic). Those third-party sources are services the customer has procured directly, not Databasin sub-processors.

We will notify customers through the Platform or by email of material changes to our sub-processor list at least thirty (30) days before the change takes effect.

8. Protected Health Information (PHI) and HIPAA

The Databasin Platform can be used to process Protected Health Information as defined by the U.S. Health Insurance Portability and Accountability Act ("HIPAA"). We operate our SaaS Platform consistent with HIPAA Security Rule standards and will enter into a Business Associate Agreement ("BAA") with customers that require one.

For customers handling highly sensitive health data, clinical research data, genomic data, or data subject to institutional review board restrictions, we strongly recommend Databasin Self-Install instead of our SaaS Platform. In a Self-Install deployment, the Databasin software operates inside your own Azure tenant, under your own identity, security, and governance policies. Databasin has no logical access to a Self-Install deployment or the data within it.

Contact info@databasin.co to discuss a BAA or a Self-Install deployment before uploading PHI.

9. Cookies and Similar Technologies

We use a small number of cookies and similar technologies:

  • Essential cookies — required for sign-in, session security, and basic site function. These cannot be disabled.
  • Functional cookies — store your preferences, such as theme.
  • Analytics cookies — used by HubSpot and Microsoft Clarity on our marketing Websites to understand site usage in aggregate.

You can block cookies in your browser settings, but essential cookies are required to use the Platform. We do not use cookies for cross-context behavioral advertising.

10. How Long We Keep Your Information

  • Account information — retained for as long as your account is active.
  • Account disabled by Databasin (for example, for non-payment) — your account and Customer Content are retained for thirty (30) days to permit reinstatement, then permanently deleted.
  • Customer-initiated deletion — if you request account deletion, your account data and Customer Content are deleted within twenty-four (24) hours of the request. Deletion is permanent; we cannot restore deleted data.
  • Billing records — retained for seven (7) years after the last transaction to meet U.S. tax and accounting obligations.
  • Support and security logs — retained for up to thirteen (13) months, then deleted or anonymized.
  • Marketing contacts — retained in HubSpot until you unsubscribe or request deletion.

11. How We Protect Your Information

We operate on Microsoft Azure and apply industry-standard technical and organizational safeguards, including:

  • Encryption in transit (TLS 1.2 or higher) and at rest (AES-256)
  • Tenant isolation — each customer's Customer Content is logically segregated
  • Role-based access control and multi-factor authentication for employee access to production
  • Least-privilege access to production systems, with access logged and reviewed
  • Regular vulnerability scanning and dependency patching
  • Secure software development practices including code review and dependency scanning
  • Incident response procedures with defined breach-notification timelines

No system is perfectly secure. If we determine that there has been unauthorized access to or disclosure of your personal information, we will notify you consistent with applicable law.

12. Your Rights

Depending on your state of residence, you may have rights regarding your personal information, including the right to:

  • Know what personal information we have about you
  • Access or obtain a copy of that information
  • Correct inaccurate information
  • Delete your personal information (subject to legal retention requirements)
  • Opt out of marketing communications
  • Not be discriminated against for exercising your rights

California residents have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA). Residents of Colorado, Connecticut, Virginia, Utah, Oregon, Texas, Montana, Delaware, New Jersey, Tennessee, and other U.S. states with comprehensive privacy laws have similar rights under their state's law.

To exercise any right, email info@databasin.co with "Privacy Request" in the subject line. We will verify your identity before acting on your request and will respond within the timeframe required by your state's law (generally 45 days, with one 45-day extension permitted in limited cases).

We do not sell or share personal information for cross-context behavioral advertising. We do not use personal information for automated decision-making or profiling that produces legal or similarly significant effects.

13. Children's Privacy

The Databasin Platform is a commercial product intended for business use. You must be at least eighteen (18) years old, or the age of majority in your state, to create an account. We do not knowingly collect personal information from anyone under eighteen. If you believe a child has submitted personal information to us, email info@databasin.co and we will promptly delete it.

14. Users Outside the United States

The Databasin Platform and Websites are intended for use within the United States. All processing, storage, and support is performed in the United States. If you access our services from outside the U.S., you understand that your information is transferred to, stored in, and processed in the United States. We do not target users in the European Union, United Kingdom, or other jurisdictions with cross-border data-transfer frameworks, and we do not guarantee compliance with GDPR, UK GDPR, or other non-U.S. privacy laws.

15. Changes to This Policy

We may update this Privacy Policy. If we make material changes, we will notify you by posting the revised policy on our Websites with a new "Effective" date and, for customers with an active Platform account, by email or in-Platform notice at least thirty (30) days before the changes take effect. Continued use of the Platform after the effective date means you accept the revised Policy.

16. Contact Us

Questions, complaints, or requests regarding this Privacy Policy:

Databasin LLC · Attn: Privacy
707 Spirit 40 Park Drive, Ste. 120
Chesterfield, Missouri 63005
info@databasin.co

If you have a complaint we are unable to resolve, you may also contact your state Attorney General or the U.S. Federal Trade Commission at consumer.ftc.gov.