Privacy Policy

Account Information

When you create an account, we collect your email address and display name via Firebase Authentication. If you sign in with Google, we receive your name and email from Google’s OAuth service. We do not store passwords — authentication is handled entirely by Firebase.

Payment Information

Subscription and boost-pack purchases are processed by Stripe. We store your Stripe customer ID and subscription status (tier, credits) but never store credit card numbers, bank account details, or other payment instruments. All payment data is handled by Stripe in compliance with PCI-DSS.

User-Generated Content

We store content you create within the platform, including saved chart configurations (templates), Chart Studio canvas content (annotations, layouts), embeddable chart configurations, custom saved prompts, and pinned series preferences. This content is scoped to your account and is not shared with other users unless you explicitly create a public embed link.

Usage Data

We collect limited usage data to operate the service:

• Your IP address is cryptographically hashed before storage and used solely for rate limiting and abuse prevention. We do not store raw IP addresses in our database.
• LLM token consumption (prompt and completion token counts, model name, agent role) is logged for cost management. These logs include your hashed IP and, if authenticated, your user ID.
• Authentication failures are logged with sanitized IP addresses for security monitoring.

Queries and Platform Interactions

We log natural-language queries, chat histories, and platform interactions to provide the Services, enforce rate limits, and improve our prompt engineering, routing pipelines, and caching systems. Query results may be cached (as anonymized SQL templates with results) to improve response times for similar future queries. Cached queries do not contain your identity or account information. Your private queries and data are NOT used to train the underlying foundational Large Language Models provided by our third-party AI partners.

Cookies, Local Storage, and “Do Not Track”

We use a single session cookie (__session) with a 14-day expiry to maintain your login state. It contains no personal data. Firebase Authentication stores auth tokens in your browser’s local storage to persist your session. If you use the pinned-series feature without an account, your pins are stored in your browser’s local storage until you sign up, at which point they are synced to your account.

Do Not Track (DNT) & Global Privacy Control: Because we do not track our users across third-party websites for targeted advertising, our platform does not respond to DNT signals or Global Privacy Control (GPC) mechanisms.

We use your information to:

• Provide the service: Process your queries, generate charts and AI analysis, manage your account and subscription.
• Rate limiting and security: Prevent abuse, detect brute-force attempts, and enforce per-user and per-IP request limits using hashed IP addresses.
• Cost management: Track LLM API token usage to manage infrastructure costs and set appropriate usage limits.
• Newsletter delivery: If you opt in, we send periodic macroeconomic research emails to the email address on your account.
• Operational monitoring: Detect and respond to service errors, pipeline failures, and security incidents.

For users in the European Economic Area (EEA) and the UK, our legal bases for processing your data include: Performance of a Contract (to provide the service and process payments), Legitimate Interests (for security monitoring, rate limiting, and cost management), and Consent (for optional newsletters).

We do not sell your personal information. We do not use your data for advertising. We do not build behavioral profiles for ad targeting.

When you submit a query, your natural-language question (but not your identity, email, or account details) is sent to Google Vertex AI (Gemini) for processing. The AI retrieves economic data from our database and generates analysis. User identity data is never included in AI prompts.

Our automated content pipeline may also use Anthropic Claude (via Vertex AI) for generating newsletter articles from public economic data releases. No user data is sent to this pipeline.

AI-generated SQL queries are validated and executed on a read-only database connection with a restricted role that cannot access tables containing personal information (users, user content, usage logs).

For data retention policies of our AI providers, refer to Google Vertex AI Data Governance and Anthropic’s Privacy Policy.

We share limited data with the following services to operate the platform:

• Firebase (Google): Authentication — your email, auth tokens, and sign-in method.
• Stripe: Payment processing — your billing email and subscription selections. Stripe handles all payment instrument data.
• Google Vertex AI: Your natural-language queries (without personal identifiers) for AI-powered analysis.
• Resend: Newsletter delivery — your email address and article content, if you opt in to the newsletter.
• Google Cloud Platform: Infrastructure hosting. Your data is stored in GCP’s US regions.

We also query public government data APIs (FRED, BEA, BLS, Census Bureau, Alpha Vantage) to retrieve economic data. No user data is sent to these services — only economic series identifiers.

Business Transfers & M&A: If GDPQuery.ai is involved in a merger, acquisition, bankruptcy, reorganization, or sale of assets, your personal information and user-generated content may be transferred as a business asset. We will notify you via email and/or a prominent notice on our website of any change in ownership.

• Account data: Retained for the lifetime of your account.
• User-generated content: Templates, studio saves, embeds, and pinned series are retained until you delete them or delete your account.
• Usage logs: LLM token usage logs (with hashed IPs) are retained for up to 12 months for cost analysis, after which they are aggregated and de-identified. Stripe webhook idempotency records are purged after 90 days.
• Rate-limit counters: Ephemeral, securely cached, and automatically expire within minutes.
• Cached queries: Retained indefinitely to improve response times. These do not contain personal information.

We implement the following security measures:

• All connections are encrypted in transit via TLS (HTTPS).
• Database access uses least-privilege roles: AI-generated queries run on a read-only connection that cannot access personal data tables.
• IP addresses are cryptographically hashed before storage.
• LLM-generated SQL is validated against an allowlist before execution — destructive operations (DROP, DELETE, INSERT, UPDATE) are blocked.
• Sensitive fields (email, user IDs, Stripe IDs) are excluded from API responses, log output, and AI prompts.
• Internal caching and ephemeral data connections use TLS encryption and authentication.
• Brute-force detection monitors for excessive authentication failures per IP.

Data Breach Notification: While we implement rigorous database-level security, no system is entirely impenetrable. In the event of a security breach that compromises your personal information, we will notify you and relevant regulatory authorities as required by applicable law, detailing the nature of the breach and the steps we are taking to mitigate it.

• Access: You can view your account information and all content you’ve created through the platform interface.
• Deletion: You can delete individual templates, studio saves, embeds, and pinned series at any time. To request full account deletion, contact us at the email below. We will process deletion requests within 30 days.
• Newsletter opt-out: You can opt out of the newsletter at any time through your account settings. Opting out does not affect your account or subscription.
• Data export: You can export your chart data via CSV, XLSX, or PNG through the platform’s built-in export tools (Creator tier and above). Regardless of your subscription tier, you may request a full export of your personal data by contacting us at the email below. We will fulfill data portability requests within 30 days.
• Cookies: You can clear the session cookie by logging out or clearing your browser data. Disabling cookies will require you to re-authenticate on each visit.
• EU/UK Right to Complain: If you reside in the EEA or the UK, you have the right to lodge a complaint with your local data protection supervisory authority if you believe our processing of your personal data violates applicable law.

We do not sell your personal information, nor do we share it for cross-context behavioral advertising. If you are a resident of California (under the CCPA/CPRA) or other states with similar comprehensive privacy laws, you have the right to request:

• The specific pieces and categories of personal information we have collected about you.
• The deletion of your personal information.
• Correction of inaccurate personal information.

To exercise these rights, please contact us at privacy@gdpquery.ai. We will not discriminate against you for exercising your privacy rights.

GDPQuery.ai is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

Our service is hosted in the United States on Google Cloud Platform. If you access GDPQuery.ai from outside the United States, your data will be transferred to and processed in the US. By using the service, you acknowledge this transfer. For users in the European Economic Area, international transfers are governed by Standard Contractual Clauses included in Google Cloud’s Data Processing Agreement.

We may update this Privacy Policy from time to time. For material changes, we will notify you by email (using the address on your account) and update the “Last Updated” date at the top of this page. Continued use of the service after notification constitutes acceptance of the revised policy.

For privacy-related questions or data deletion requests, contact us at:

privacy@gdpquery.ai