Privacy Policy

1. Data Controller

The data controller responsible for your personal data is:

2. Information We Collect

We collect the following categories of personal data:

• Account Data: Name, email address, company name, and authentication credentials when you create an account.
• Billing Data: Payment information and billing address processed through our payment providers.
• Service Data: Error logs, stack traces, and incident data you connect to our service through integrations.
• Usage Data: Information about how you interact with our service, including features used, actions taken, and session duration.
• Device & Log Data: IP address, browser type, operating system, and access timestamps.
• Support Data: Communications when you contact our support team.

We collect data directly from you when you provide it and automatically through your use of our service.

3. Legal Bases for Processing

We process your personal data based on the following legal grounds under GDPR:

• Contract Performance: To provide our services, manage your account, and process payments.
• Legitimate Interest: To improve our services, ensure security, prevent fraud, and communicate service updates.
• Consent: For marketing communications, analytics cookies, and using anonymized data to improve our AI models (when you opt in).
• Legal Obligation: To comply with applicable laws, regulations, and legal processes.

4. How We Use Your Information

We use your personal data to:

• Provide, operate, and maintain our incident resolution services
• Process transactions and send billing information
• Respond to support requests and communicate with you
• Improve and personalize our services
• Analyze usage patterns and optimize performance
• Send marketing communications (with your consent)
• Improve our AI models using anonymized data (with your explicit consent)
• Detect, prevent, and address security issues and fraud
• Comply with legal obligations

5. Cookies and Tracking

We use cookies and similar technologies categorized as follows:

• Strictly Necessary: Essential for website functionality. Cannot be disabled.
• Analytics: Help us understand how visitors use our website (requires consent).
• Marketing: Used to deliver relevant advertisements (requires consent).

You can manage your cookie preferences at any time: Manage Cookie Preferences

6. Data Sharing & Subprocessors

We do not sell your personal data. We share data with the following categories of service providers who process data on our behalf:

• Cloud Infrastructure: Amazon Web Services (AWS) — hosting and data storage
• AI Processing: Anthropic and OpenAI — for AI-powered analysis features

All subprocessors are bound by data processing agreements that ensure GDPR-compliant handling of your data.

7. International Data Transfers

Your data is stored and processed within the European Economic Area (EEA), specifically in AWS's eu-central-1 region (Frankfurt, Germany). When we use AI providers that may process data outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

8. Data Retention

We retain your personal data for the following periods:

• Account Data: While your account is active, plus 12 months after termination.
• Billing Data: As required by tax and accounting laws (typically 7 years).
• Service Data: While your account is active, plus 12 months after termination.
• Usage & Log Data: 12 months from collection.

Upon account termination, you may request data export. Data is permanently deleted 90 days after termination unless retention is required by law.

9. Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights:

• Access: Request a copy of your personal data.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your data ("right to be forgotten").
• Restriction: Request restriction of processing in certain circumstances.
• Portability: Request transfer of your data in a machine-readable format.
• Objection: Object to processing based on legitimate interest.
• Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise your rights, contact us at privacy@ourbase.ai. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your residence. In Spain, this is the Agencia Española de Protección de Datos (AEPD).

10. Children's Privacy

Our services are intended for business use by individuals aged 18 and older. We do not knowingly collect personal data from children under 18. If we become aware that we have collected data from a child under 18, we will delete it promptly.

11. Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit and at rest, access controls, and regular security assessments. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email. Your continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us: