Privacy Policy

Last updated: February 5, 2026

This Privacy Policy explains how DataBrief processes personal data when you visit our site or use the service.

Controller

Owner: Sara Izquierdo González (sole trader).

VAT: ES50341862Z.

Address: Paseo de la Esperanza 11.

Contact: hello@databrief.io.

Account data: email, password hash, language preferences.
Operational data: ERP/accounting data required to generate KPIs, reports, and alerts.
Contact requests: messages submitted through the contact form.
Newsletter: email if you subscribe to updates.
Technical data: approximate IP, browser, pages visited, and UTM parameters.

Provide the service and manage your account (contract).
Respond to contact requests (legitimate interest and, where applicable, consent).
Send updates if you subscribe (consent).
Security and fraud prevention (legitimate interest).

We do not sell your data. We only share data with providers needed to operate the service:

EU processing is the default. If a non-EEA processor is enabled for a specific use case, we apply SCCs and additional safeguards under GDPR.

Raw ingest payloads/files: 7 days by default.
Canonical business data for analytics continuity: 24 months by default.
Current dashboard state: overwritten on refresh; scheduled report snapshots up to 12 months.
Resolved alerts/tasks history: 180 days.
Audit/security records: 12 months hot retention, with operational backup/integrity verification controls.
Contact/newsletter leads: up to 24 months or until deletion request.

You can exercise your rights of access, rectification, erasure, objection, restriction, and portability by emailing hello@databrief.io.

You may also lodge a complaint with the Spanish Data Protection Authority (AEPD).

We apply reasonable technical and organizational measures to protect data, including encryption of connector credentials and access controls.

Data we process

Account data: email, password hash, language preferences.

Operational data: ERP/accounting data required to generate KPIs, reports, and alerts.

Contact requests: messages submitted through the contact form.

Newsletter: email if you subscribe to updates.

Technical data: approximate IP, browser, pages visited, and UTM parameters.

Retention

Raw ingest payloads/files: 7 days by default.

Canonical business data for analytics continuity: 24 months by default.

Current dashboard state: overwritten on refresh; scheduled report snapshots up to 12 months.

Resolved alerts/tasks history: 180 days.

Audit/security records: 12 months hot retention, with operational backup/integrity verification controls.

Contact/newsletter leads: up to 24 months or until deletion request.