Privacy Policy
Last updated: June 22, 2026
Dalae SAS (“we”, “us”) operates agentixl. This policy explains what data we collect, why, and how we protect it.
1. Data We Collect
Account data
- Email address — provided via Google OAuth or magic link. Used for authentication, billing, and service communications.
- Name (optional) — from your Google profile if you use OAuth.
- Stripe customer ID — created when you subscribe to a paid plan.
Usage data
- API call counts — tracked per billing period for quota enforcement.
- Upload metadata — file name and size (for diagnostics). File content is not retained.
- Session IDs — ephemeral identifiers for active parsing sessions (30-min TTL).
What we do NOT collect
- The content of your spreadsheets (processed in memory, not stored)
- Passwords you provide for encrypted files (used in-memory, never persisted)
- Cookies for tracking or advertising (we do not use third-party trackers)
2. How We Use Your Data
- Authenticate you and enforce rate limits
- Process payments and manage subscriptions
- Send transactional emails (account, billing, service status)
- Diagnose and fix technical issues
We do not sell your data. We do not use your files for training AI models.
3. Sub-processors
We use the following third-party services to operate agentixl:
| Provider | Purpose | Data processed | Location |
|---|---|---|---|
| Vercel | Web app hosting, API routing | HTTP requests, API keys | US (edge network) |
| Supabase | Authentication, database, session storage | Email, usage counters, session JSON | US (AWS) |
| Railway | Java Excel parsing service | File bytes (in-memory only) | US |
| Stripe | Payment processing | Email, payment method, invoices | US |
4. Data Retention
- Uploaded files: discarded immediately after parsing (not stored on disk)
- Session data (parsed JSON): 30-minute TTL, then automatically deleted
- Account data: retained while your account is active. Deleted within 30 days of account deletion request.
- Billing records: retained for 10 years as required by French tax law
5. Your Rights (GDPR)
If you are in the EU/EEA, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Delete your account and associated data
- Export your data in a portable format
- Object to processing based on legitimate interest
- Lodge a complaint with the CNIL (French data protection authority)
To exercise these rights, email privacy@dalae.fr.
6. Security
All data in transit is encrypted via TLS 1.2+. Data at rest in Supabase is encrypted with AES-256. API keys are hashed before storage. See our Trust Center for detailed security information.
7. Changes
We may update this policy. Material changes will be communicated via email. The “last updated” date at the top reflects the latest revision.
8. Contact
Data controller: Dalae SAS, Paris, France.
Contact: privacy@dalae.fr