Effective Date: January 15, 2026
Last Updated: January 15, 2026
Important Notice
This Privacy Policy describes how Conduit BI (“we,” “us,” or “our”) collects, uses, and protects your personal information when you use our website and services. We are committed to protecting your privacy and complying with applicable data protection laws including GDPR and CCPA.
1. Introduction
Conduit BI provides business intelligence and data analytics services. We understand the importance of your privacy and are committed to being transparent about how we handle your data. This policy applies to all users of our website and services.
- Account information: Email address (used for magic link authentication)
- Profile information: Name, company name, and profile picture (optional)
- Billing information: Payment details processed securely through Stripe
- Content: Data, queries, dashboards, and reports you create within our platform
- Communications: Messages you send to our support team
- Usage data: Features used, actions taken, and time spent (anonymized via Umami analytics)
- Device information: Browser type, operating system, and device type
- Log data: IP address, access times, and pages viewed
We do not use tracking cookies for analytics. Our analytics provider (Umami) is privacy-focused and does not collect personal data.
We use your information to:
- Provide our services: Authenticate your account, process transactions, and deliver our platform
- Improve our services: Analyze anonymized usage patterns to enhance features and user experience
- Communicate with you: Send transactional emails (magic links, receipts) and respond to support requests
- Ensure security: Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations: Meet regulatory requirements and respond to lawful requests
We do not sell your personal information or use it for advertising purposes.
4. Legal Basis for Processing
For users in the European Economic Area (EEA), we process your data based on:
- Contract performance: Processing necessary to provide our services to you
- Legitimate interests: Improving our services, ensuring security, and preventing fraud
- Legal obligations: Compliance with applicable laws and regulations
- Consent: Where you have given explicit consent (e.g., marketing communications)
5. Data Sharing and Disclosure
We share your information only with:
| Recipient |
Purpose |
Data Shared |
| Stripe |
Payment processing |
Billing information |
| Email provider |
Transactional emails (magic links) |
Email address |
| Cloud infrastructure |
Hosting and data storage |
All service data (encrypted) |
We may also disclose information:
- To comply with legal obligations or valid legal processes
- To protect our rights, privacy, safety, or property
- In connection with a merger, acquisition, or sale of assets (with notice to you)
We do not share your data with advertisers or data brokers.
6. Data Security
We implement industry-standard security measures:
- Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
- Authentication: Passwordless magic link authentication eliminates password-related vulnerabilities
- Access controls: Role-based access and principle of least privilege
- Infrastructure: Hosted on secure, SOC 2 compliant infrastructure
- Monitoring: Continuous security monitoring and incident response procedures
7. Data Retention
We retain your data as follows:
| Data Type |
Retention Period |
| Account data |
Until account deletion + 30 days |
| Billing records |
7 years (legal requirement) |
| Usage analytics |
Aggregated and anonymized indefinitely |
| Support communications |
2 years |
| Server logs |
90 days |
You can request deletion of your account and associated data at any time.
8. Your Rights
Depending on your location, you may have the following rights:
All Users
- Access: Request a copy of your personal data
- Correction: Update or correct inaccurate data
- Deletion: Request deletion of your account and data
- Export: Download your data in a portable format
EEA Residents (GDPR)
- Restriction: Limit how we process your data
- Objection: Object to processing based on legitimate interests
- Withdraw consent: Revoke previously given consent
California Residents (CCPA)
- Know: What personal information we collect and how it’s used
- Delete: Request deletion of your personal information
- Non-discrimination: Equal service regardless of exercising privacy rights
To exercise your rights, contact us at privacy@conduitbi.com.
9. Cookies and Tracking
We use minimal, essential cookies for authentication and functionality. We use Umami for privacy-focused analytics, which does not use cookies or collect personal data.
See our Cookie Policy for complete details.
10. Children’s Privacy
Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@conduitbi.com.
11. International Data Transfers
If you are located outside the United States, your data may be transferred to and processed in the United States where our servers are located. We ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) for EEA transfers
- Data processing agreements with all third-party providers
- Encryption of data in transit and at rest
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes:
- We will update the “Last Updated” date at the top
- We will notify you via email for significant changes
- Continued use of our services after changes constitutes acceptance
We encourage you to review this policy periodically.
For privacy-related questions or to exercise your rights:
For general inquiries, visit our Contact Page.
Resources