# Privacy Policy

Last updated: July 2026

## 1. Information We Collect

We collect information you provide directly to us when you create an account, use our services,
or contact support. This may include your name and email address, account credentials, dataset
metadata and dataset content you choose to store, payment information processed securely through
Stripe, and communication preferences.

## 2. How We Use Your Information

We use collected information to provide, maintain, and improve our services; process transactions
and send related information; send technical notices, updates, and support messages; respond to
comments and questions; and monitor and analyze usage and trends.

## 3. Information Sharing

We do not sell, trade, or otherwise transfer your personal information to third parties without
your consent except as described in this policy. We may share information with service providers
that help operate the platform, when required by law or to protect our rights, or in connection
with a business transfer or acquisition. In a merger, acquisition, bankruptcy, or sale of assets,
we may transfer information to the acquiring entity and will notify you by email and/or a
prominent website notice of the change.

## 4. Data Security

We use industry-standard measures, including TLS/SSL encryption in transit, encryption of
sensitive data at rest, regular security audits and updates, access controls and authentication,
and secure payment processing through PCI-compliant providers such as Stripe. No internet
transmission method is completely secure; although we strive to protect your information, we
cannot guarantee absolute security.

## 5. Cookies and Tracking Technologies

We use essential cookies required for the service, analytics cookies that help us understand
service usage, and preference cookies that remember settings. Stripe may set cookies for payment
processing, and Plausible or PostHog may set cookies for usage analytics. You can control cookies
in your browser, but disabling essential cookies may affect service functionality.

## 6. Your Rights

You may access and update personal information, delete your account and associated data, opt out
of marketing communications, and request a copy of your data.

## 7. Changes to This Policy

We may update this policy from time to time. We will post the new policy on this page and update
the “Last updated” date.

## 8. Contact Us

For privacy questions, contact:

- Email: [rasul@lvtd.dev](mailto:rasul@lvtd.dev)
- Address: LVTD, LLC
- Website: [https://rowset.lvtd.dev](https://rowset.lvtd.dev)

## 9. California Privacy Rights (CCPA)

California residents have the right to know what personal information is collected; know whether
it is sold or disclosed; say no to its sale; access it; receive equal service and price; and
request deletion. We do not sell personal information. To exercise these rights, email
[rasul@lvtd.dev](mailto:rasul@lvtd.dev) with “CCPA Request” in the subject line.

## 10. International Data Transfers

Your information may be transferred to and maintained on servers outside your state, province,
country, or other governmental jurisdiction, where privacy laws may differ. If you are in the
European Economic Area (EEA), we ensure appropriate safeguards are in place for transfers.

## 11. European Users’ Rights (GDPR)

If you are in the EEA, you also have the rights to access copies of personal data; rectify
inaccurate data; erase data; restrict processing; receive data in a structured format; object to
processing; and withdraw consent at any time. We process data based on contract performance,
legitimate interests, and consent where applicable.

## 12. Data Retention

We retain personal information as long as needed to provide services and fulfill this policy’s
purposes. Account information remains while the account is active. Content and projects remain
until you delete them or close the account. Payment records are retained for seven years for tax
and accounting purposes. Marketing data remains until you unsubscribe or request deletion. After
account deletion, we may retain information needed for legal compliance, fraud prevention, and
dispute resolution.

## 13. AI Agents and User Data

Rowset is designed for agents and trusted tools you choose to connect. Those agents may process
data outside Rowset under their providers’ settings and privacy policies. Rowset stores and serves
the datasets that you or your authorized tools send to the service.

## 14. Children’s Privacy

The service is not intended for children under 13, or under 16 in the EEA. We do not knowingly
collect their personal information. Contact us immediately if you believe we have done so.

## 15. Automated Decision Making

We do not use automated decision-making that produces legal effects or similarly significant
impacts on you.

## 16. Data Breach Notification

If a data breach affects your personal information, we will notify you and relevant authorities
as applicable law requires, typically within 72 hours of discovering the breach.
