Effective: February 2025
Scope: Datablit website, product, and support ("Services").
We do not claim SOC 2 or ISO certification. Our practices are GDPR-aligned and security-first.
1. Who We Are and Our Role
Datablit is a B2B SaaS that processes event data, identifiers, metadata, and related information on behalf of our customers. In that context:
- Customers are data controllers (they decide what data to send and why).
- Datablit acts as a data processor (we process data per their instructions).
This policy also covers personal data we collect as a controller (e.g., website visitors, sign-ups, support contacts).
2. Data We Collect and Why
| Data category | Purpose | Legal basis (where applicable) |
|---|---|---|
| Account/sign-up (email, name, company) | Provision of the service, account management | Contract |
| Usage and product events | Improving the product, support, analytics | Legitimate interest / consent where required |
| Support communications | Handling requests and incidents | Contract / legitimate interest |
| Website analytics (e.g., IP, device) | Security, analytics, improving the site | Legitimate interest / consent |
| Cookies and similar tech | Session, preferences, analytics (as described on the site) | Consent / legitimate interest |
We do not sell personal data.
3. Data We Process on Behalf of Customers
When you use Datablit as a customer, you may send us:
- Event data (e.g., events, properties, timestamps)
- Identifiers (user IDs, device IDs, etc.)
- Metadata (e.g., source, environment)
- IP addresses (where included in events or for security)
We process this data only as instructed in our Data Processing Agreement and Terms of Service. We do not use it for our own marketing or for selling to third parties.
4. Sharing and Sub-processors
We use sub-processors (e.g., infrastructure, storage, email, analytics) to run the service. We maintain a Sub-processors list and notify customers of material changes in line with our DPA.
We may disclose data where required by law or to protect rights and safety.
5. International Transfers
We may transfer data to countries outside the EEA. Where we do, we rely on adequacy decisions, Standard Contractual Clauses (SCCs), or other lawful transfer mechanisms as set out in our DPA.
6. Retention
We retain data as described in our Data Retention document. For controller data (e.g., your account and support history), we retain as long as the account is active and for a limited period after deletion, unless we must retain longer for legal or safety reasons.
7. Your Rights (Controller Data)
Where we act as controller (e.g., your account and marketing data), you may have the right to:
- Access, rectify, erase, or restrict processing
- Data portability
- Object to processing
- Withdraw consent where processing is consent-based
- Lodge a complaint with a supervisory authority
To exercise these, contact contact@datablit.com. We will respond within the timeframe required by applicable law (e.g., one month under GDPR).
For processor data (data you send through the product), requests should be handled via your own processes; we will assist as set out in the DPA (e.g., deletion, export).
8. Security
We describe our security approach in our Security Overview. We do not claim SOC 2 or ISO certification; we follow security-first practices and are working toward SOC 2–ready controls.
9. Changes
We may update this policy. Material changes will be communicated via the email on file or a prominent notice in the product. The "Effective" date at the top reflects the last substantive update.