Privacy Policy

Kutta.AI ("we," "our," or "us") operates the Kutta.AI data visualization and analytics platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, including our website at kutta.ai and all associated applications and tools.

By accessing or using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

1. Information We Collect

1.1 Account Information

When you create an account through our authentication provider (Auth0), we collect your name, email address, and profile information. We do not store your password directly — authentication credentials are managed securely by Auth0.

1.2 User-Uploaded Data

Our Service allows you to upload datasets (such as CSV files and other tabular data formats) for visualization and analysis. You retain full ownership of all data you upload. We process this data solely to provide the Service, including rendering charts, generating dashboards, and powering AI-driven analytics features.

1.3 Dashboard and Chart Configurations

We store metadata about the dashboards and charts you create, including chart types, axis configurations, color preferences, layout arrangements, and sharing settings. This information is necessary to render and persist your work across sessions.

1.4 AI Query Data

When you use our natural language query feature to ask questions about your data, we process your text queries to generate SQL queries and analytical responses. Your queries may be temporarily logged for service reliability and improvement purposes. We do not use your queries or underlying data to train AI models.

1.5 Billing Information

If you subscribe to a paid plan, payment processing is handled by Stripe. We do not store your full credit card number, CVV, or other sensitive payment details on our servers. Stripe may collect and store payment information in accordance with their own privacy policy.

1.6 Usage and Technical Data

We automatically collect certain technical information when you access our Service, including your IP address, browser type and version, operating system, referring URLs, pages visited, time spent on pages, and interaction patterns. This data helps us understand how the Service is used and identify areas for improvement.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process and render your uploaded data into interactive visualizations
• Power AI-driven natural language queries and analytical insights
• Manage your account, authentication, and subscription
• Process payments and manage billing through Stripe
• Send you service-related communications, including email verification and account notifications
• Monitor and analyze usage patterns to improve the Service
• Detect and prevent fraudulent or unauthorized access
• Comply with legal obligations

3. Data Storage and Security

3.1 Infrastructure

Your data is stored across multiple secure systems designed for reliability and performance. Dashboard metadata and account information are stored in MongoDB. Uploaded datasets are processed and stored using ClickHouse and Amazon S3. Authentication is managed by Auth0. Much of the data processing for visualization occurs directly in your browser using WebGL rendering, minimizing server-side exposure of your raw data.

3.2 Security Measures

We implement industry-standard security measures to protect your information, including encrypted data transmission (TLS/SSL), secure authentication via Auth0 with support for multi-factor authentication, role-based access controls, and regular security reviews. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

3.3 Data Location

Your data may be stored and processed in the United States or other jurisdictions where our service providers operate. By using the Service, you consent to the transfer of your information to these locations.

4. Third-Party Services

We use the following third-party services to operate our platform. Each service has its own privacy policy governing how it handles your data:

• Auth0 — Authentication and identity management
• Stripe — Payment processing and subscription management
• Amazon Web Services (S3) — Dataset file storage
• ClickHouse — Analytical data processing
• MongoDB — Application data storage

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5. Data Sharing and Disclosure

We may share your information only in the following circumstances:

• With your consent — When you explicitly share dashboards with other users or make them publicly accessible
• Service providers — With the third-party services listed above, strictly to operate the platform
• Legal requirements — When required by law, regulation, legal process, or governmental request
• Protection of rights — To enforce our Terms of Service, protect our rights or safety, or investigate potential violations
• Business transfers — In connection with a merger, acquisition, or sale of assets, in which case your information may be transferred as part of the transaction

6. Data Retention and Deletion

We retain your account information and uploaded data for as long as your account is active or as needed to provide the Service. You may delete individual datasets and dashboards at any time through the platform interface. When you delete your account, we will remove your personal information and uploaded data from our active systems within 30 days. Some information may be retained in backups for a limited period as required for legal, regulatory, or legitimate business purposes.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to maintain your authentication session, remember your preferences, and analyze how the Service is used. Essential cookies are required for the Service to function (such as authentication session cookies managed by Auth0). You can control cookie preferences through your browser settings, though disabling essential cookies may prevent you from using certain features of the Service.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access — Request a copy of the personal information we hold about you
• Correction — Request correction of inaccurate or incomplete information
• Deletion — Request deletion of your personal information and uploaded data
• Data portability — Request a copy of your data in a portable format
• Restriction — Request restriction of processing in certain circumstances
• Objection — Object to processing of your information for certain purposes

To exercise any of these rights, please contact us at contact@kutta.ai. We will respond to your request within 30 days.

9. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information, including the right to know what personal information we collect and how it is used, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell your personal information. To exercise your CCPA rights, contact us at contact@kutta.ai.

10. International Users

If you are accessing the Service from the European Economic Area (EEA), United Kingdom, or other regions with data protection laws, please note that your information may be transferred to and processed in jurisdictions that may not provide the same level of data protection as your home country. We take appropriate safeguards to ensure your information is protected in accordance with this Privacy Policy. Where required, we rely on standard contractual clauses or other approved transfer mechanisms.

11. Children's Privacy

Our Service is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a child under 13, please contact us at contact@kutta.ai.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: