Privacy Policy

This Privacy Policy describes how Obliq LLC ("Company," "we," "us," or "our") collects, uses, stores, shares, and protects information in connection with the Vibe BI platform and related services (the "Service"). By using the Service, you agree to the practices described in this Privacy Policy. This Privacy Policy is incorporated into and subject to the Vibe BI Terms of Service.

1. Information We Collect

We collect the following categories of information:

Account Information. When you create an account, we collect your name, email address, and authentication credentials.

Database Connection Credentials. When you connect a database to the Service, you provide connection details such as host, port, username, password, and SSH keys. These credentials are encrypted and stored on the platform's infrastructure.

Database Metadata. The Service reads and caches your database structure, including table names, column names, data types, constraints, row counts, and sample values. This collection occurs upon initial connection and on an ongoing basis as the Service may periodically query your database to collect updated metadata and sample values to maintain and improve query accuracy.

Usage Data. As you use the Service, we collect data related to your usage, including but not limited to natural language queries, conversation history, AI-generated SQL queries, chart configurations, and query results.

Automatically Collected Information. We automatically collect certain technical information when you access the Service, including but not limited to IP address, browser type and version, device information, operating system, referring URLs, pages visited, and access timestamps.

2. How We Use Your Information

We use the information we collect for the following purposes:

1. Providing the Service. We use your database credentials to connect to your database, your metadata to provide AI context, and your queries to generate SQL and visualizations. Query results are stored on the platform to enable dashboard and chart functionality.
2. Third-Party AI Processing. We send certain data, including but not limited to database schema, column metadata, sample values, natural language questions, and conversation history, to one or more third-party AI services to generate SQL queries and chart configurations. See Section 4 for details.
3. Account Management. We use your account information to authenticate you, manage your account, and communicate with you about the Service.
4. Service Improvement. We may use anonymized, aggregated data to analyze usage patterns, diagnose technical issues, and improve the Service. This data does not identify you or your organization.
5. Legal Compliance. We may use your information as necessary to comply with applicable laws, regulations, legal processes, or governmental requests.

3. Data Storage and Security

1. Your data is stored on third-party cloud infrastructure as part of providing the Service. Database connection credentials are encrypted at rest.
2. We employ commercially reasonable technical and organizational security measures to protect your information from unauthorized access, loss, misuse, or alteration.
3. The Service operates on a multi-tenant architecture. We use commercially reasonable measures to isolate each user's data from other users' data.
4. No method of electronic storage or transmission is completely secure. While we strive to protect your information, we cannot guarantee absolute security and shall not be liable for any unauthorized access or breach except to the extent caused by our gross negligence or willful misconduct.

4. Third-Party AI Processing

The Service relies on one or more external third-party AI services to process your queries and generate outputs. Data sent to these providers may include, but is not limited to, database schema, column metadata, sample values, natural language questions, and conversation history.

We use commercially reasonable efforts to select AI providers with appropriate data protection practices. However, we do not control the data handling practices of third-party AI providers and make no guarantees regarding how they process, store, or handle your data. You are responsible for ensuring that the data you process through the Service is appropriate for transmission to third-party services.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

1. Third-Party AI Providers. As described in Section 4, we share certain data with external AI services to provide core Service functionality.
2. Infrastructure and Service Providers. We use third-party providers for hosting, authentication, database infrastructure, and other operational functions necessary to deliver the Service. These providers access your data only as needed to perform their functions.
3. Legal Requirements. We may disclose your information if required to do so by law, regulation, legal process, or governmental request, including court orders, subpoenas, or law enforcement requests.
4. Business Transfers. In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change by posting an updated Privacy Policy.
5. With Your Consent. We may share your information for purposes not described in this Privacy Policy with your explicit consent.

6. Data Retention

1. Account Information. Retained for the duration of your active account.
2. Database Connection Credentials. Deleted promptly upon account termination or removal of the database connection from the Service.
3. Database Metadata, Conversation History, Query Results, and Chart Configurations. Deleted within ninety (90) days of account termination or deletion request.
4. Anonymized and Aggregated Data. We may retain anonymized, aggregated data that does not identify you or your organization indefinitely for the purpose of improving the Service.
5. Deletion Requests. You may request deletion of your data at any time by contacting us at support@vibe-bi.ai. Deletion requests will be processed within ninety (90) days.

7. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information:

1. Access. You may request a copy of the personal information we hold about you.
2. Correction. You may request that we correct inaccurate or incomplete personal information.
3. Deletion. You may request that we delete your personal information, subject to certain legal exceptions.
4. Data Portability. If you are located in the European Economic Area, United Kingdom, or Switzerland, and our processing of your personal data is based on your consent or a contract, and the processing is carried out by automated means, you may request a copy of your personal data. We will make reasonable efforts to provide such data in a usable format, but do not guarantee any specific structure or format.
5. Objection and Restriction. You may object to or request restriction of certain processing of your personal information.

To exercise any of these rights, please contact us at support@vibe-bi.ai. We will respond to your request within the timeframe required by applicable law (generally 30 days under GDPR, 45 days under CCPA).

8. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

1. Right to Know. You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business purpose for collection, and the categories of third parties with whom it is shared.
2. Right to Delete. You may request that we delete the personal information we have collected about you, subject to certain legal exceptions.
3. Right to Opt Out of Sale. We do not sell your personal information. If this changes in the future, we will provide a mechanism to opt out.
4. Non-Discrimination. We will not discriminate against you for exercising any of your CCPA rights.

To submit a request, contact us at support@vibe-bi.ai.

9. International Users and Data Transfers

The Service is operated from and data is processed and stored in the United States. If you access the Service from outside the United States, you acknowledge and consent to the transfer, processing, and storage of your information in the United States, where data protection laws may differ from those in your jurisdiction.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland: the Company acts as a data processor with respect to personal data processed through the Service. You, as the user, are the data controller. The Company processes personal data solely on your behalf and in accordance with your instructions as implemented through your use of the Service.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we have collected information from a child under 18, please contact us at support@vibe-bi.ai.

11. Cookies and Tracking Technologies

The Service uses cookies and similar technologies for the following purposes:

1. Essential Cookies. Required for authentication, session management, and core Service functionality. These cookies are necessary for the Service to operate and cannot be disabled.
2. Analytics and Performance Cookies. We may use cookies to understand how users interact with the Service, analyze usage patterns, and improve performance.
3. Third-Party Cookies. We may use third-party analytics or tracking services that place their own cookies on your device. These third parties may collect information about your use of the Service and other websites.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.

Do Not Track. The Service does not currently respond to "Do Not Track" browser signals. There is no uniform standard for how online services should respond to such signals, and we do not alter our data collection or use practices based on them.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will post the updated policy on the Service and revise the "Last Updated" date at the top. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: support@vibe-bi.ai