Effective May 12, 2025
DataFog, Inc. (DataFog, we, our, or us) is a Delaware C-corporation that sells cloud-based software for detecting, anonymizing, and managing sensitive data inside documents. Our business address is 1209 Orange St., Wilmington, DE 19801, USA.
This policy explains how we collect, use, share, and protect information when you:
Category | Examples | Source |
---|---|---|
Account info | Name, email, password hash, billing address | You |
Content | Documents, images, or other files you upload for scanning | You |
Usage data | Pages visited, features used, click-streams, error logs | Automatic |
Device data | Browser type, IP address, device/OS identifiers | Automatic |
Payment data | Last four digits of card, expiry, postal code | Stripe, Paddle, or similar processor |
Marketing data | Newsletter opt-ins, ad campaign tags | You / Cookies |
We do not knowingly collect data from children under 13.
Purpose | Legal basis* |
---|---|
Provide and secure the service | Contract |
Perform scans and return results | Contract |
Improve features, models, and accuracy | Legitimate interest |
Detect abuse, fraud, or security incidents | Legitimate interest |
Send transactional emails (e.g., password resets) | Contract |
Send product updates or marketing (you can opt out) | Consent / Legitimate interest |
Comply with law, subpoenas, or audits | Legal obligation |
*If you reside in the European Economic Area (EEA), our legal bases under the GDPR are shown in the right-hand column.
We share data only when needed:
We never sell personal information.
We use first-party cookies for session management and security. Analytics cookies are cookieless or pseudonymous. You can control cookies through your browser settings.
Data is encrypted in transit (TLS 1.3) and at rest (AES-256). Access to production systems requires MFA and least-privilege roles. We run regular penetration tests and maintain a written incident-response plan.
We rely on the EU–US Data Privacy Framework and standard contractual clauses for transfers outside your jurisdiction. Our primary data center is in the United States.
Jurisdiction | Rights you can exercise |
---|---|
EEA / UK (GDPR) | Access, rectify, erase, restrict, object, data portability, lodge complaint with supervisory authority |
California (CPRA) | Know, delete, correct, opt-out of "sharing," limit sensitive data, no retaliation |
Virginia, Colorado, Connecticut, Utah | Access, correct, delete, opt-out of targeted ads or sale |
Texas (TDPSA, July 1 2024) & Delaware (DPDPA, Jan 1 2025) | Access, correct, delete, data portability, opt-out of sale/ads, appeal denials |
Maryland (Online Data Privacy Act, Oct 1 2025) | Similar rights; stricter opt-out signal requirements |
You can make a rights request from inside your account or by emailing privacy@datafog.ai. We'll verify your identity and respond within the time limits set by law.
Our site honors the Global Privacy Control (GPC) signal where legally required. We do not track users for behavioral advertising.
Our site may link to other websites. Their privacy practices are their own.
We'll post any changes here and update the "Effective" date. Significant changes will be announced by email or in-app.
Data Protection Officer
DataFog, Inc.
1209 Orange St., Wilmington, DE 19801, USA
privacy@datafog.ai