Privacy Policy

Last updated: February 20, 2026

Overview

At AnalyzeData, your privacy is the foundation of everything we build. We designed this platform from the ground up with a privacy-first philosophy: your data files are parsed entirely within your own browser and are never uploaded to our servers. We do not store your datasets, we do not sell your information, and we do not profile you for advertising purposes.

This Privacy Policy explains what information we collect (and, critically, what we do not collect), how we use it, and what rights you have regarding your personal information. It applies to all users of analyzedata.io and any related services operated by AnalyzeData.

By using AnalyzeData, you agree to the practices described in this policy. If you do not agree, please discontinue use of the service.

Information We Do Not Collect

We want to be explicit about what we do not do, because we believe you deserve clarity:

  • Your data files are never uploaded to our servers. All file parsing — CSV, Excel, JSON, TSV — happens locally in your browser using JavaScript. The raw bytes of your file never leave your device.
  • We do not require account creation, email addresses, or any personally identifiable information (PII) to use the service.
  • We do not store your analysis results, chart configurations, or query history on our servers.
  • We do not sell, rent, or share your data with third-party advertisers.
  • We do not use tracking pixels, fingerprinting, or cross-site tracking technologies.

How Our AI Analysis Works

Understanding the data flow is important for your peace of mind. Here is exactly what happens when you use AnalyzeData:

  1. 1. Client-Side Parsing

    When you upload or drop a file, your browser reads and parses it entirely in memory using JavaScript. No network request is made at this stage. Your file content stays on your device.

  2. 2. Schema & Sample Extraction

    Our frontend code extracts two lightweight pieces of information: the data schema (column names and inferred data types) and up to 100 sample rows. This is a small, representative subset of your data.

  3. 3. AI Request

    When you submit a question or request analysis, only the schema and the sample rows — not your full file — are sent via an encrypted HTTPS request to our API endpoint, which forwards them to the Google Gemini AI model.

  4. 4. Analysis & Response

    The AI model processes the schema and sample to generate insights, statistics, and visualizations. The response is returned to your browser and displayed. Neither we nor Google retain this data after the request completes.

The practical implication: if your file contains 100,000 rows of sensitive data, only a small sample of up to 100 rows is ever transmitted to an external service. We deliberately designed the system this way to minimize data exposure.

Cookies and Analytics

AnalyzeData uses minimal, privacy-respecting analytics. We may collect aggregate, anonymized usage data — such as page views, the country a request originates from, and which features are used most — to help us improve the service. This data cannot be used to identify individual users.

We use essential technical cookies only where necessary for the service to function correctly (for example, rate-limit enforcement). We do not use advertising cookies, third-party tracking cookies, or any cookies that require consent under GDPR or CCPA for their essential operation.

You can disable cookies in your browser settings. Doing so will not prevent access to the core analysis or visualization features of AnalyzeData.

Third-Party Services

AnalyzeData relies on a small number of carefully selected third-party services. We are transparent about all of them:

Google Gemini API

Powers the AI analysis and visualization features. When you submit a query, your data schema and up to 100 sample rows are sent to Google's Gemini API over an encrypted connection. API-tier usage means your data is NOT used to train Google's AI models — this is governed by Google's API Terms of Service and Data Processing Addendum, not their consumer product terms. Schema and sample rows are not persisted on our servers beyond the duration of the API response. Google's Cloud Data Processing Addendum applies to all API usage.

Google AI Terms

Vercel

Our application is hosted on Vercel's infrastructure. Vercel may process your IP address and request metadata as part of normal web hosting operations, subject to their Privacy Policy. Vercel does not have access to your file data.

Vercel Privacy Policy

Upstash Redis

We use Upstash Redis to enforce rate limits on our API endpoint (20 requests per day per IP address). To implement rate limiting, your anonymized IP address is stored temporarily in Redis. This data is used solely for abuse prevention and expires automatically after 24 hours.

Upstash Privacy Policy

Data Security

All communications between your browser and AnalyzeData are encrypted using TLS (HTTPS). Our infrastructure follows modern security best practices, including environment variable management for secrets, principle of least privilege for service access, and no persistent storage of user-submitted data.

Because your files are never stored on our servers, there is no database of user files that could be breached. This architectural decision — client-side parsing — is itself the strongest security measure we can offer.

If you discover a security vulnerability, please report it responsibly by contacting us at hello@analyzedata.io before public disclosure. We take security reports seriously and aim to respond within 48 hours.

Your Rights Under GDPR and Similar Laws

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with data protection laws, you have the following rights regarding any personal data we hold about you:

Right to Access

You can request a copy of any personal data we hold about you.

Right to Erasure

You can request deletion of any personal data we hold. Because we store almost no personal data, this request is typically satisfied immediately.

Right to Rectification

If any personal data we hold is inaccurate, you have the right to have it corrected.

Right to Restriction

You can ask us to restrict processing of your personal data in certain circumstances.

Right to Data Portability

You can request your personal data in a structured, commonly used, machine-readable format.

Right to Object

You can object to processing of your personal data for certain purposes, including profiling.

To exercise any of these rights, contact us at hello@analyzedata.io. We will respond within 30 days. Because we collect minimal personal data by design, most requests can be fulfilled quickly.

Children's Privacy

AnalyzeData is not directed at children under the age of 13, and we do not knowingly collect personal information from children. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete that information promptly. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at hello@analyzedata.io.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically to stay informed about how we protect your information. Continued use of AnalyzeData after changes are posted constitutes your acceptance of those changes.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way AnalyzeData handles your data, please reach out. We are committed to resolving privacy concerns promptly and transparently.

Email: hello@analyzedata.io

Or visit our Contact page for additional ways to get in touch.