Privacy Policy

1. Introduction

Welcome to Tepun AI Report Builder ("Tepun," "we," "us," or "our"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our web application, services, and related technologies (collectively, the "Service").

By accessing or using our Service, you agree to this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Name, email address, password (encrypted), and organization name for enterprise accounts
• Payment Information: Credit card details, billing address (processed securely by Stripe; we do not store full card numbers)
• User Content: Datasets, reports, workbooks, database connection details, and any data you upload or create
• Communications: Support requests, feedback, and correspondence with us

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent, click patterns, and interaction data
• Device Information: Browser type, operating system, device identifiers, screen resolution
• Log Data: IP address, access times, referring URLs, error logs
• Cookies & Similar Technologies: Session cookies, preference cookies, and analytics cookies

2.3 Information from Third Parties

• Payment Processors: Transaction confirmations and billing status from Stripe
• AI Service Providers: Token usage metrics from OpenAI and similar providers
• Database Connections: Metadata about connected databases (schemas, table names) as configured by you

3. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: To provide, maintain, and improve our AI-powered reporting services
• Account Management: To create and manage your account, process subscriptions, and handle billing
• AI Processing: To send your queries and data context to AI models for generating reports, SQL queries, and visualizations
• Communication: To send service updates, security alerts, billing notifications, and respond to inquiries
• Analytics: To understand usage patterns and improve our Service
• Security: To detect, prevent, and address fraud, abuse, and security issues
• Legal Compliance: To comply with applicable laws, regulations, and legal processes

4. Data Storage & Security

We implement industry-standard security measures to protect your data:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access with multi-factor authentication for administrative access
• Infrastructure: Hosted on secure cloud infrastructure with SOC 2 compliance
• Database Security: Connection credentials are encrypted and stored securely; we use read-only connections where possible
• Regular Audits: Security assessments and penetration testing
• Incident Response: Documented procedures for security incidents with notification within 72 hours

Important: While we implement robust security measures, no method of transmission or storage is 100% secure. You acknowledge this inherent risk when using our Service.

5. Data Sharing & Disclosure

We do not sell your personal information. We may share data in the following circumstances:

• Service Providers: With trusted vendors who help operate our Service (hosting, payment processing, AI services), bound by confidentiality agreements
• AI Processing: Query content and data context are sent to AI providers (OpenAI) to generate responses; these providers have their own privacy policies
• Enterprise Accounts: Data may be shared within your organization as configured by your enterprise administrator
• Legal Requirements: When required by law, subpoena, court order, or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified)
• With Consent: When you explicitly authorize sharing

6. Cookies & Tracking Technologies

We use cookies and similar technologies:

6.1 Essential Cookies

Required for basic functionality: authentication, security, and session management. These cannot be disabled.

6.2 Functional Cookies

Remember your preferences, settings, and improve user experience.

6.3 Analytics Cookies

Help us understand how visitors interact with our Service. We use privacy-focused analytics.

6.4 Managing Cookies

You can control cookies through your browser settings. Disabling certain cookies may affect functionality.

7. Third-Party Services

Our Service integrates with third-party services:

• Stripe: Payment processing - Privacy Policy
• OpenAI: AI model provider - Privacy Policy
• Cloud Providers: Infrastructure hosting with enterprise-grade security

These services have their own privacy policies. We encourage you to review them.

8. Your Rights

8.1 General Rights

All users have the right to:

• Access and receive a copy of your personal data
• Correct inaccurate personal data
• Delete your account and associated data
• Export your data in a portable format
• Opt-out of marketing communications

8.2 GDPR Rights (European Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

• Right to restriction of processing
• Right to object to processing
• Right to data portability
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

Legal Basis for Processing: We process data based on: (a) contract performance, (b) legitimate interests, (c) consent, and (d) legal obligations.

8.3 CCPA Rights (California Residents)

California residents have rights under CCPA including:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to say no to the sale of personal information (we do not sell data)
• Right to equal service and price

To exercise any rights, contact us at privacy@tepun.com

9. Data Retention

• Account Data: Retained while your account is active, deleted within 30 days of account closure
• User Content: Retained until you delete it or close your account
• Billing Records: Retained for 7 years for legal/tax compliance
• Usage Logs: Retained for 90 days for security and analytics
• Backup Data: Retained for 30 days after deletion for disaster recovery

10. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your residence. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) for EU data transfers
• Privacy Shield compliance where applicable
• Adequate protection measures as required by law

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

• Posting the new policy on this page with an updated date
• Sending an email notification for significant changes
• Displaying a prominent notice in our Service

Continued use after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related inquiries, requests, or complaints:

• Email: privacy@tepun.com
• Data Protection Officer: dpo@tepun.com
• Address: Tepun Inc., Privacy Department

We will respond to requests within 30 days (or sooner as required by law).

---