Privacy Policy

datavessel ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy will inform you about how we look after your personal data when you visit our website and tell you about your privacy rights and how the law protects you.

Personal Data

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

• 01Identity Data includes first name, last name, username or similar identifier.
• 02Contact Data includes email address and telephone numbers.
• 03Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
• 04Usage Data includes information about how you use our website and services.

Google User Data

When you connect a Google account to datavessel, you grant us access to specific data from Google services via Google's official OAuth flow. We request only the OAuth scopes listed below, and only the data they cover is collected.

• Google Search Console (webmasters.readonly): verified site list, search analytics (queries, pages, impressions, clicks, CTR, average position), URL inspection results, sitemap lists and details, and performance breakdowns by country and device.
• Google Analytics 4 (analytics.readonly): account and property summaries, custom dimensions and metrics, standard and real-time reports for the properties you select, and Google Ads link information.
• Google Ads (adwords): accessible customer accounts, campaign, ad-group, and keyword performance metrics, and search terms reports for the accounts you select.
• Google account profile (openid email profile): your email address and basic profile information to create and identify your datavessel account.

We do not access any Google data outside the scopes listed above. You can revoke datavessel's access at any time from your Google account permissions page or by disconnecting the source inside datavessel.

How we use Google user data

Google user data is used exclusively to provide and improve the features you have asked datavessel to perform on your behalf. Specifically:

• To answer questions you ask in chat by retrieving the relevant Google data and passing it, along with your question, to your selected LLM provider.
• To run scheduled agents (for example, weekly SEO reports or revenue alerts) that you have explicitly configured.
• To populate dashboards, reports, and the public citations page if you have opted to make your report public.

We do not use Google user data to train, fine-tune, or develop machine-learning models, including any models operated by us or by third parties. We do not use Google user data for advertising, ad personalization, or profiling. We do not sell Google user data under any circumstances.

Sub-processors that may receive Google user data

To deliver the AI features you request, datavessel transmits Google user data to the following sub-processors at your direction. Each request is initiated by your explicit action (asking a question, running an agent, or scheduling a run).

• LLM providers you select inside datavessel: Anthropic (Claude), OpenAI (ChatGPT), and Google (Gemini). Data sent is limited to what is required to answer the specific question you asked.
• Google Cloud Platform: hosts datavessel's backend, database (PostgreSQL), and attachment storage (Google Cloud Storage). Data is stored in the EU region (europe-west3).
• Lemon Squeezy: handles subscription billing. Does not receive Google user data — only your email and subscription metadata.
• Slack (optional): if you have configured a Slack integration, datavessel posts the results of your scheduled agents to the channels you specified. Only the contents of those agent runs are sent.

LLM API Keys

datavessel operates on a Bring Your Own Keys (BYOK) model for the LLM providers above. You provide your own API keys (Anthropic, OpenAI, Google). Your API keys are encrypted at rest using AES-256 and are only decrypted at the moment a request is made to the corresponding provider on your behalf. We never share your API keys with third parties and they are not used for any purpose other than executing your requested AI operations.

We do not sell your personal data or Google user data under any circumstances. The only third parties that receive your data are the sub-processors listed above (LLM providers, cloud hosting, billing, optional Slack), and they receive only the minimum data required to fulfil the specific action you took. Your prompts, analyses, agent configurations, and the knowledge you build inside datavessel are not used to train ML models, are not disclosed to other customers, and are not used for advertising or profiling.

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• To provide and maintain our service
• To communicate with you about our service
• To improve our website and service
• To comply with legal obligations

We have put in place appropriate technical and organisational measures to prevent your personal data and Google user data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed.

• All data in transit between your browser, datavessel, and any sub-processor is encrypted using TLS 1.2 or higher.
• Google user data, OAuth tokens, and LLM API keys are encrypted at rest in our database using AES-256.
• Access to production systems is limited to a small number of named operators and requires multi-factor authentication.
• Production data is hosted on Google Cloud Platform in the EU (europe-west3) region.

We retain only what we need to keep the product working for you, with clear ceilings:

• OAuth tokens are deleted immediately when you disconnect a source or revoke access from your Google account.
• Cached Google user data (query results, report snapshots, scan history) is retained while the source is connected so you can see historical trends, and is deleted within 30 days after you disconnect the source.
• Chat attachments (images, PDFs you upload to chat) are deleted after 90 days, or immediately when you delete them from the chat history.
• Account deletion: when you delete your datavessel account, your personal data and all associated Google user data are permanently removed within 30 days. We may retain minimal records (e.g., invoices) where required by law.
• Manual deletion at any time: visit our account deletion page for the two paths (in-app self-service if you can sign in, email if you can't) and the SLA. Manual email requests to contact@datavessel.io are actioned within 30 days.

Under certain circumstances, you have rights under data protection laws in relation to your personal data:

datavessel's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

If you have any questions about this privacy policy or our privacy practices, please contact us at contact@datavessel.io.