# Privacy Policy - DBRefinery **Last Updated:** August 05, 2025 This Privacy Policy describes our policies and procedures on the collection, use, and disclosure of your information when you use DBRefinery ("the Service") and tells you about your privacy rights and how the law protects you. We use your personal data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. ## 1. Interpretation and Definitions ### 1.1 Interpretation The words with initial capital letters have meanings defined under the following conditions. These definitions shall have the same meaning regardless of whether they appear in singular or plural. ### 1.2 Definitions For the purposes of this Privacy Policy: - **Account** means a unique account created for you to access our Service or parts of our Service. - **Affiliate** means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority. - **Company** (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to DBRefinery. - **Cookies** are small files that are placed on your computer, mobile device or any other device by a website, containing details of your browsing history on that website among its many uses. - **Country** refers to South Africa. - **Device** means any device that can access the Service such as a computer, cellphone, or digital tablet. - **Personal Data** is any information that relates to an identified or identifiable individual. - **Service** refers to the DBRefinery platform and website. - **Service Provider** means any natural or legal person who processes data on behalf of the Company. - **Third-party Social Media Service** refers to any website or social network website through which a user can log in or create an account to use the Service. - **Usage Data** refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself. - **Website** refers to DBRefinery, accessible from https://www.dbrefinery.com - **You** means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service. ## 2. Legal Basis for Processing Personal Data We process your personal data based on the following legal grounds: - **Contractual Necessity**: To provide the Service you've subscribed to and fulfill our contractual obligations - **Legitimate Interests**: To improve our Service, prevent fraud, and ensure security - **Consent**: For marketing communications and non-essential cookies (where required) - **Legal Obligations**: To comply with applicable laws and regulations ## 3. Types of Data We Collect ### 3.1 Personal Data While using our Service, we may ask you to provide certain personally identifiable information, including but not limited to: - Email address - First name and last name - Phone number (optional) - Company name and address (for business accounts) - Payment information (processed by third-party payment processors) - Usage Data ### 3.2 Usage Data Usage Data is collected automatically when using the Service and may include: - Your device's Internet Protocol address (IP address) - Browser type and version - Pages of our Service that you visit - Time and date of your visit - Time spent on pages - Unique device identifiers - Database usage statistics - Query performance metrics - Feature usage patterns - Error logs and diagnostic data ### 3.3 Information from Third-Party Social Media Services We allow account creation and login through: - Google - GitHub - Microsoft When you use these services, we may collect: - Name and email address - Profile picture - Any other information you authorize the third-party service to share ### 3.4 Payment Information We use third-party payment processors (Stripe, PayPal) to handle payments. We do not store full credit card information on our servers. We may store: - Last four digits of payment method - Payment method type - Billing address - Transaction history ## 4. Cookies and Tracking Technologies ### 4.1 Types of Cookies We Use **Essential Cookies** (Session Cookies) - Purpose: Authentication, security, and core functionality - Legal Basis: Contractual necessity - Retention: Session duration **Functionality Cookies** (Persistent - 1 year) - Purpose: Remember user preferences and settings - Legal Basis: Legitimate interests - Retention: 12 months **Analytics Cookies** (Persistent - 2 years) - Purpose: Understand usage patterns and improve the Service - Legal Basis: Consent (where required) - Retention: 24 months - Third parties: Google Analytics, Mixpanel ### 4.2 Managing Cookies You can control cookies through your browser settings. However, disabling certain cookies may affect Service functionality. ## 5. How We Use Your Personal Data We use personal data for the following purposes: ### 5.1 Service Provision - **Purpose**: Provide and maintain the Service - **Legal Basis**: Contractual necessity - **Data Used**: Account information, usage data, payment information ### 5.2 Account Management - **Purpose**: Manage your registration and account access - **Legal Basis**: Contractual necessity - **Data Used**: Email, name, authentication data ### 5.3 Communication - **Purpose**: Send service updates, security alerts, and support responses - **Legal Basis**: Contractual necessity and legitimate interests - **Data Used**: Email address, account information ### 5.4 Marketing (Optional) - **Purpose**: Send promotional content and product updates - **Legal Basis**: Consent - **Data Used**: Email address, usage patterns - **Opt-out**: Available in all emails and account settings ### 5.5 Service Improvement - **Purpose**: Analyze usage patterns, fix bugs, develop new features - **Legal Basis**: Legitimate interests - **Data Used**: Usage data, performance metrics (anonymized when possible) ### 5.6 Security and Fraud Prevention - **Purpose**: Detect and prevent unauthorized access and fraudulent activity - **Legal Basis**: Legitimate interests and legal obligations - **Data Used**: IP addresses, login attempts, usage patterns ## 6. Data Sharing and Disclosure ### 6.1 Service Providers We share data with trusted third parties who assist in operating our Service All service providers are contractually obligated to protect your data and use it only for specified purposes. ### 6.2 Business Transfers In the event of a merger, acquisition, or sale of assets, your personal data may be transferred. We will provide 30 days' notice before your data becomes subject to a different privacy policy. ### 6.3 Legal Requirements We may disclose your data when required by law or to: - Comply with legal obligations or court orders - Protect our rights and property - Prevent fraud or illegal activity - Protect user safety - Respond to government requests ### 6.4 With Your Consent We may share your information for any other purpose with your explicit consent. ## 7. International Data Transfers Your data may be transferred to and processed in countries outside South Africa, including the United States and European Union. We ensure adequate protection through: - **Standard Contractual Clauses** approved by the European Commission - **Adequacy Decisions** where available - **Certification schemes** such as Privacy Shield successors You can request copies of the safeguards we use by contacting us at hello@dbrefinery.com. ## 8. Data Retention We retain your personal data for the following periods: ### 8.1 Account Data - **Active accounts**: While your account remains active - **Closed accounts**: 3 years after account closure for legal and business purposes - **Essential account data**: May be retained longer if required by law ### 8.2 Usage Data - **Detailed usage logs**: 12 months - **Aggregated analytics**: 36 months - **Error logs**: 6 months ### 8.3 Marketing Data - **Active subscribers**: Until you unsubscribe - **Former subscribers**: 6 months after unsubscribe for suppression purposes ### 8.4 Payment Data - **Transaction records**: 7 years for tax and accounting purposes - **Payment method details**: Until you remove them or 1 year after last use ### 8.5 Legal Hold Data may be retained longer when subject to legal proceedings or regulatory investigations. ## 9. Your Privacy Rights ### 9.1 Access and Portability - Request a copy of your personal data - Receive data in a structured, commonly used format - Transfer data to another service provider ### 9.2 Correction and Updates - Correct inaccurate personal data - Update incomplete information - Access account settings to make changes ### 9.3 Deletion ("Right to be Forgotten") - Request deletion of your personal data - We will comply unless retention is required by law - Some data may be retained in anonymized form ### 9.4 Restriction and Objection - Restrict processing of your data in certain circumstances - Object to processing based on legitimate interests - Object to direct marketing at any time ### 9.5 Consent Withdrawal - Withdraw consent for marketing communications - Withdraw consent for non-essential cookies - This doesn't affect processing based on other legal grounds ### 9.6 Exercising Your Rights To exercise any of these rights: - Email us at hello@dbrefinery.com - Include your account information and specific request - We will respond within 30 days (may be extended to 60 days for complex requests) - No fee unless requests are excessive or unfounded ## 10. Data Security We implement appropriate technical and organizational measures to protect your personal data: ### 10.1 Technical Safeguards - Encryption in transit (TLS 1.3) and at rest (AES-256) - Multi-factor authentication for accounts - Regular security audits and penetration testing - Secure coding practices and code reviews - Automated security monitoring and alerting ### 10.2 Organizational Safeguards - Staff training on data protection - Limited access on a need-to-know basis - Background checks for personnel with data access - Incident response procedures - Regular security policy reviews ### 10.3 Data Breach Notification In the event of a data breach: - We will notify affected users within 72 hours - Notification will include nature of breach and steps taken - We will report to relevant authorities as required by law ## 11. Automated Decision-Making and Profiling We may use automated systems for: - **Fraud detection**: To identify suspicious account activity - **Service optimization**: To improve performance and user experience - **Content personalization**: To show relevant features and recommendations You have the right to: - Request human intervention in automated decisions - Express your point of view about automated decisions - Contest decisions that significantly affect you ## 12. Children's Privacy Our Service is not intended for anyone under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately. If we become aware that we have collected personal data from a child under 16 without proper consent, we will delete that information from our servers promptly. ## 13. California Consumer Privacy Act (CCPA) Rights If you are a California resident, you have additional rights: ### 13.1 Right to Know - Categories of personal information collected - Sources of personal information - Purposes for collecting or selling personal information - Categories of third parties with whom we share personal information ### 13.2 Right to Delete Request deletion of personal information we have collected from you. ### 13.3 Right to Opt-Out We do not sell personal information. If this changes, we will provide an opt-out mechanism. ### 13.4 Non-Discrimination We will not discriminate against you for exercising your CCPA rights. To exercise CCPA rights, email us at hello@dbrefinery.com with "CCPA Request" in the subject line. ## 14. Links to Other Websites Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to read the privacy policies of every website you visit. ## 15. Changes to This Privacy Policy We may update this Privacy Policy periodically. When we do: - We will post the new policy on this page - We will update the "Last Updated" date - For material changes, we will notify you via email or prominent notice - Changes become effective immediately upon posting - Continued use of the Service after changes constitutes acceptance ## 16. Contact Us If you have any questions about this Privacy Policy, please contact us: **Email**: hello@dbrefinery.com **Subject Line for Specific Requests**: - General privacy questions: "Privacy Policy Question" - Data access requests: "Data Access Request" - Data deletion requests: "Data Deletion Request" - CCPA requests: "CCPA Request" - Data breach reports: "Security Incident Report" We aim to respond to all privacy-related inquiries within 30 days. --- **This Privacy Policy is effective as of the date listed above and applies to all information collected by DBRefinery.**