Privacy Policy

1. Introduction

Dagentbase ("we", "us", "our") operates the data marketplace at dagentbase.com (the "Platform"). This Privacy Policy explains how we collect, use, and protect your personal information.

2. Information We Collect

Account Information

When you create an account, we collect your email address, display name, and account type (individual or organization). If you become a seller, we collect additional information through Stripe Connect for payment processing.

Usage Data

We automatically collect:

• API request logs (endpoint, timestamp, response status)
• Listing view counts (for seller analytics)
• Purchase history and transaction records
• API usage metrics (request count, bandwidth, latency)

API Keys

We store cryptographic hashes of your API keys, not the keys themselves. API key prefixes are stored for identification purposes. We log when keys are last used but not what data was accessed.

3. How We Use Your Information

We use your information to:

• Provide and operate the Platform
• Process transactions and payments
• Send transactional notifications (purchase confirmations, new sales, reviews)
• Provide seller analytics (view counts, conversion rates)
• Enforce rate limits and prevent abuse
• Improve the Platform and fix bugs

We do not sell your personal information. We do not use your data for advertising purposes.

4. Data Sharing

We share your information only with:

• Stripe:Payment processing. Stripe's privacy policy applies to payment data.
• Supabase:Database hosting and authentication. Data is stored in Supabase's infrastructure.
• Vercel: Application hosting. Server logs may contain IP addresses and request metadata.

Your display name and bio are publicly visible on your seller profile. Your email address is never publicly displayed.

5. Data on the Marketplace

We are a marketplace — sellers upload and sell data through our Platform. We are not responsible for the content of data sold by third-party sellers. If you believe data on the Platform violates privacy rights, contact us at support@dagentbase.com.

Sellers are responsible for ensuring their data complies with applicable privacy laws (GDPR, CCPA, etc.) and that they have the legal right to sell the data.

6. Data Security

We implement the following security measures:

• API keys are hashed with SHA-256 before storage
• All data transmitted over HTTPS/TLS
• Row Level Security (RLS) on all database tables
• Rate limiting on all API endpoints
• Content Security Policy (CSP) headers
• Input validation and sanitization on all endpoints
• Signed URLs for file downloads (expire after 1 hour)

7. Data Retention

Account data is retained as long as your account is active. Purchase records are retained for accounting and legal purposes. Usage analytics are retained for 90 days. You may request deletion of your account and associated data by contacting us.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing of your data
• Data portability

To exercise these rights, contact us at support@dagentbase.com.

9. Cookies

We use essential cookies for authentication (Supabase session tokens). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

10. International Data Transfers

Your data may be processed in the United States and European Union through our infrastructure providers (Vercel, Supabase, Stripe). These providers maintain appropriate data protection safeguards.

11. Children

The Platform is not intended for use by anyone under 18. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this policy at any time. We will notify users of material changes via email or platform notification.

13. Contact

For privacy-related questions or requests, contact us at support@dagentbase.com.