Privacy Policy

Last updated: June 22, 2026

Dalae SAS (“we”, “us”) operates agentixl. This policy explains what data we collect, why, and how we protect it.

1. Data We Collect

Account data

  • Email address — provided via Google OAuth or magic link. Used for authentication, billing, and service communications.
  • Name (optional) — from your Google profile if you use OAuth.
  • Stripe customer ID — created when you subscribe to a paid plan.

Usage data

  • API call counts — tracked per billing period for quota enforcement.
  • Upload metadata — file name and size (for diagnostics). File content is not retained.
  • Session IDs — ephemeral identifiers for active parsing sessions (30-min TTL).

What we do NOT collect

  • The content of your spreadsheets (processed in memory, not stored)
  • Passwords you provide for encrypted files (used in-memory, never persisted)
  • Cookies for tracking or advertising (we do not use third-party trackers)

2. How We Use Your Data

  • Authenticate you and enforce rate limits
  • Process payments and manage subscriptions
  • Send transactional emails (account, billing, service status)
  • Diagnose and fix technical issues

We do not sell your data. We do not use your files for training AI models.

3. Sub-processors

We use the following third-party services to operate agentixl:

ProviderPurposeData processedLocation
VercelWeb app hosting, API routingHTTP requests, API keysUS (edge network)
SupabaseAuthentication, database, session storageEmail, usage counters, session JSONUS (AWS)
RailwayJava Excel parsing serviceFile bytes (in-memory only)US
StripePayment processingEmail, payment method, invoicesUS

4. Data Retention

  • Uploaded files: discarded immediately after parsing (not stored on disk)
  • Session data (parsed JSON): 30-minute TTL, then automatically deleted
  • Account data: retained while your account is active. Deleted within 30 days of account deletion request.
  • Billing records: retained for 10 years as required by French tax law

5. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Delete your account and associated data
  • Export your data in a portable format
  • Object to processing based on legitimate interest
  • Lodge a complaint with the CNIL (French data protection authority)

To exercise these rights, email privacy@dalae.fr.

6. Security

All data in transit is encrypted via TLS 1.2+. Data at rest in Supabase is encrypted with AES-256. API keys are hashed before storage. See our Trust Center for detailed security information.

7. Changes

We may update this policy. Material changes will be communicated via email. The “last updated” date at the top reflects the latest revision.

8. Contact

Data controller: Dalae SAS, Paris, France.
Contact: privacy@dalae.fr