Privacy Policy

1. Introduction

Pairenthesis Inc. ("Pairenthesis," "we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our data cleaning and analysis platform (the "Service").

This policy applies to users worldwide, including those in the European Union (under GDPR), California (under CCPA/CPRA), and other jurisdictions with data protection laws.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, company name, job title, and password when you create an account.
• Payment Information: Billing address and payment details (processed securely by our payment provider Stripe).
• Data Files: Spreadsheets, CSVs, and other data files you upload for processing.
• Communications: Messages you send to our support team or feedback you provide.

2.2 Automatically Collected Information

• Usage Data: Features used, actions taken, processing history, and credits consumed.
• Device Information: IP address, browser type, operating system, and device identifiers.
• Cookies: Essential cookies for authentication, preferences, and analytics (see Section 8).

3. How We Use Your Information

We use your information for the following purposes:

• Providing, operating, and improving the Service
• Processing and cleaning your data files as requested
• Managing your account and processing payments
• Communicating with you about service updates, security alerts, and support
• Analyzing usage patterns to improve our platform
• Complying with legal obligations
• Detecting and preventing fraud, abuse, and security incidents

Important: We do NOT use your uploaded data to train machine learning models. Your data is processed solely to provide the cleaning and analysis services you request.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, and Switzerland, we process personal data under the following legal bases:

• Contract Performance: Processing necessary to provide the Service you requested.
• Legitimate Interests: Improving our services, security, and fraud prevention.
• Consent: Marketing communications and non-essential cookies (where required).
• Legal Obligation: Compliance with applicable laws and regulations.

5. Data Sharing and Disclosure

We may share your information with:

• Service Providers: Cloud hosting (AWS, Vercel), payment processing (Stripe), analytics (Plausible), and customer support tools.
• Team Members: If you use a team workspace, data may be accessible to authorized team members.
• Legal Requirements: When required by law, subpoena, or to protect our rights.
• Business Transfers: In connection with a merger, acquisition, or sale of assets.

We do NOT sell your personal information to third parties.

6. International Data Transfers

Your data may be transferred to and processed in the United States and other countries. For transfers from the EEA/UK, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with our service providers
• Adequacy decisions where applicable

7. Data Retention

• Account Data: Retained for the duration of your account plus 30 days after deletion.
• Uploaded Files: Automatically deleted 90 days after processing unless you choose to retain them.
• Processing History: Retained for 1 year for your reference and audit purposes.
• Payment Records: Retained for 7 years for tax and legal compliance.

8. Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: Required for authentication and security.
• Functional Cookies: Remember your preferences and settings.
• Analytics Cookies: Help us understand how you use the Service (privacy-focused, no personal tracking).

You can manage cookie preferences through your browser settings or our cookie consent banner.

9. Your Privacy Rights

9.1 Rights Under GDPR (EU/UK Users)

• Access: Request a copy of your personal data.
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Request deletion of your data ("right to be forgotten").
• Restriction: Limit how we process your data.
• Portability: Receive your data in a machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Withdraw Consent: Revoke consent at any time.

9.2 Rights Under CCPA/CPRA (California Residents)

• Know: What personal information we collect and how it's used.
• Delete: Request deletion of your personal information.
• Opt-Out: Opt out of the sale or sharing of personal information (we don't sell data).
• Non-Discrimination: Equal service regardless of privacy choices.
• Correct: Request correction of inaccurate information.
• Limit Use: Limit use of sensitive personal information.

To exercise these rights, contact us at privacy@pairenthesis.com or use the settings in your account dashboard.

10. Data Security

We implement industry-standard security measures including:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Regular security audits and penetration testing
• Access controls and employee training
• SOC 2 Type II compliance (in progress)
• Incident response procedures

11. Children's Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by email or through the Service. Your continued use after such notification constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions or to exercise your rights:

EU Representative: For GDPR inquiries, contact our EU representative at eu-privacy@pairenthesis.com

Data Protection Officer: dpo@pairenthesis.com