Privacy Policy

Introduction

This Privacy Policy describes how Datural ("Datural", "we", "us", "our") collects, uses, and discloses information when you use our products and tells you about your privacy rights and how the law protects you.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

Products covered by this policy

Datural operates two products. Both are covered by this single policy:

• Datural — the data-analytics application at app.datural.io. Connects to your data sources, lets you ask questions in natural language, and returns answers and dashboards.
• Fred — an autonomous AI coworker that lives in your Slack workspace. Reads your calendar, posts messages on your behalf, and helps with day-to-day tasks. Each tenant runs on a dedicated host at fred.datural.io/<tenant>.

Where a section applies only to one product, we say so explicitly. Where unsaid, the section applies to both.

Definitions

The capitalized terms used in this document have the meanings defined here:

• Account — a unique account created for you to access the Service or parts of it.
• Affiliate — an entity that controls, is controlled by, or is under common control with a party. "Control" means ownership of 50% or more of shares or voting rights.
• Application — either of the two products described above.
• Country — Israel.
• Device — any device that can access the Service.
• Personal Data (or "Personal Information") — any information that relates to an identified or identifiable individual.
• Service — the Application or the Website or both.
• Service Provider — any third party that processes data on our behalf.
• Usage Data — data collected automatically while using the Service.
• Website — datural.io.
• You — the individual or entity accessing or using the Service.

Information we collect

Information you provide

When you sign in to either product via Google or another OAuth provider, we receive:

• Email address
• First name and last name
• Profile picture (where available)

Information from connected services (Fred)

When you connect Fred to Google Calendar via OAuth, Fred reads calendar events and (with the right scope) creates or modifies events on your authorized calendar. When you install Fred in a Slack workspace, Fred reads messages in channels it has been invited to, and posts replies. We do not retrieve data from calendars or Slack workspaces beyond what your active session asks Fred to do.

Information from connected services (Datural)

When you connect Datural to a data source (Postgres, Snowflake, BigQuery, MongoDB, or another supported source), Datural reads your schema and the rows your queries return. You bring your own large-language-model API key (e.g. Gemini); we do not store or proxy your queries to a model we own.

Usage data

We may collect server-side logs containing IP address, browser type, request path, timestamps, and other diagnostic data. This data is retained for security, troubleshooting, and service-improvement purposes.

Google API Services — Limited Use

Fred's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We use Google user data only to provide and improve the Fred Service to the user who authorized us.
• We do not transfer Google user data to third parties, except as necessary to provide or improve the Service, comply with applicable law, or as part of a merger, acquisition, or sale with appropriate user notice.
• We do not use Google user data for serving advertisements.
• We do not let humans read Google user data unless we have your explicit consent, are required by law, or doing so is necessary for security or to debug a service issue (and the data is then anonymized or kept confidential).

Scopes Fred requests and what we do with them:

• https://www.googleapis.com/auth/calendar — read calendar events you ask Fred about.
• https://www.googleapis.com/auth/calendar.events — create or delete events on your authorized calendar when you ask Fred to do so.
• openid, profile, email — identify which Google account is authorizing Fred.

You can revoke Fred's access to your Google account at any time at myaccount.google.com/permissions.

How we use your information

We use Personal Data for the following purposes:

• To provide and maintain the Service, including monitoring usage.
• To manage your Account.
• To perform the contract for any services you have signed up for.
• To contact you about service updates, security advisories, or other operational notices.
• To handle your requests, including support inquiries.
• For business transfers: we may use your Personal Data to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets.
• For other purposes, such as data analysis, identifying usage trends, and improving the Service.

Third-party services we rely on

The Service is built on top of third parties. Each one processes some of your data while you use the Service:

• Google — Google Workspace OAuth (sign-in) and Google Calendar API (for Fred).
• Slack — Slack OAuth for installing Fred into your workspace; Slack Events API and Socket Mode for receiving and posting messages.
• Cloud infrastructure providers (Hetzner, Cloudflare) — host the Service and serve traffic.
• Backblaze (B2) — encrypted off-site backup of tenant state. Backups are encrypted with the age tool before upload; the decryption key is held only by the operator.
• Large-language-model providers (Google Gemini, others) — process your requests on a per-call basis. For Datural, the API key is yours (BYOK).

We don't sell your data, exchange it for value, or share it with advertisers.

Analytics and product metrics

We do not currently use third-party analytics products such as Google Analytics, Mixpanel, or Segment.

We may, in the future, collect anonymized aggregated product metrics — such as which features are used and how often — to improve the Service. If we add such tools, we will update this Policy and notify users where required by law.

Retention

We retain Personal Data only for as long as necessary for the purposes set out in this Policy, including legal obligations, dispute resolution, and enforcement of our agreements.

• Account information — for the duration of your account relationship plus up to 24 months after account closure.
• Support data — up to 24 months from ticket closure.
• OAuth tokens — for the duration of the connection; removed when you disconnect a connector or close your account.
• Server logs — up to 24 months for security and troubleshooting.
• Encrypted state backups — daily snapshot overwrites the previous one; final snapshot retained when a tenant is decommissioned.

You may request information about how long we retain specific data by contacting us.

Security

OAuth tokens and other secrets are stored at rest with filesystem permissions restricted to the service process. State backups are end-to-end encrypted with age before leaving the host. Tenant data is isolated per host (one tenant = one server).

No method of transmission over the Internet or method of electronic storage is 100% secure. While we use commercially reasonable means to protect your Personal Data, we cannot guarantee its absolute security.

Transferring your information

Your information may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where data-protection laws may differ from those in your jurisdiction. We will take reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy.

Your rights

You have the right to access, correct, or delete the Personal Data we hold about you. To exercise these rights:

• For Fred specifically: visit your tenant setup page (fred.datural.io/<tenant>/setup) and use the Delete action next to any connector to wipe stored tokens. Revoke OAuth access at myaccount.google.com/permissions for Google or in your Slack workspace's app settings for Slack.
• For all other requests, contact us at info@datural.io.

We may need to retain certain information to comply with legal obligations.

Disclosure

Business transactions

If we are involved in a merger, acquisition, or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

We may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or government agency).

Other legal requirements

We may disclose your Personal Data in the good-faith belief that such action is necessary to comply with a legal obligation, protect the rights or property of Datural, prevent or investigate possible wrongdoing in connection with the Service, protect the personal safety of users, or protect against legal liability.

Children's privacy

The Service is not directed to anyone under the age of 16. We do not knowingly collect personally identifiable information from anyone under 16. If you are a parent or guardian and believe your child has provided us with Personal Data, contact us.

Links to other websites

The Service may contain links to other websites not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of changes by posting the new policy on this page and updating the "Last updated" date. For material changes, we will make reasonable efforts to provide notice (email or in-product banner) before the change takes effect.

Contact us

If you have questions about this Privacy Policy:

• By email: info@datural.io
• Through our website: datural.io