Privacy Policy

1. Introduction

DataFaux ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our synthetic test data generation platform.

DataFaux is a professional tool designed to generate synthetic test datasets for legitimate development, testing, and demonstration purposes. All generated data is created using internal algorithms and libraries. Any resemblance to real persons, businesses, or entities is purely coincidental and unintentional.

By using DataFaux, you consent to the data practices described in this policy. This policy is governed by the laws of the United Kingdom and applicable data protection regulations including UK GDPR.

2. Information We Collect

2.1 Anonymous Users (Guest Mode)

When using DataFaux anonymously without an account, we collect minimal information:

• Technical Data: IP address, browser type, device information for service delivery
• Usage Data: Basic usage statistics to maintain service quality
• Session Data: Temporary session cookies for functionality

2.2 Registered Users (Free Tier)

When you create a free account, we additionally collect:

• Account Information: Email address, password (securely hashed), optional display name
• Authentication Data: OAuth tokens if using third-party sign-in (GitHub, Microsoft)
• Schemas: Data generation schemas you create and save (subject to tier limits)
• Usage History: Generation history, API usage statistics
• Support Communications: Messages you send to our support team

2.3 Premium/Paid Users

For paid subscriptions, we additionally collect:

• Billing Information: Payment details processed securely through third-party payment processors
• Invoice Data: Billing address, company name (if applicable), VAT/tax information
• Transaction Records: Payment history and subscription status

2.4 Automatically Collected Information

• Usage Analytics: Feature usage, API requests, generation patterns
• Technical Logs: Access times, pages viewed, errors encountered, performance metrics
• Device Information: Browser type, operating system, screen resolution, IP address
• Cookies: Session cookies, preference cookies, analytics cookies (see Cookie Policy)

2.5 Generated Synthetic Data

3. How We Use Your Information

We use collected information for the following purposes:

• Service Delivery: Provide and maintain the Datafaux platform
• Account Management: Create and manage your account
• Billing: Process payments and manage subscriptions
• Communication: Send service updates, security alerts, and support responses
• Improvement: Analyze usage patterns to improve features and performance
• Security: Detect and prevent fraud, abuse, and security incidents
• Compliance: Meet legal obligations and enforce our Terms of Service
• Marketing: Send promotional emails (with your consent, opt-out available)

4. Data Sharing and Disclosure

4.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4.2 Service Providers

We share information with trusted service providers who assist us in operating our platform:

• Payment Processors: Stripe for payment processing
• Cloud Hosting: Infrastructure providers for hosting and storage
• Analytics: Usage analytics and monitoring services
• Email Services: Transactional and marketing email delivery

These providers are contractually obligated to protect your data and use it only for specified purposes.

4.3 Legal Requirements

We may disclose information if required by law, court order, or government request, or to:

• Comply with legal obligations
• Protect our rights and property
• Prevent fraud or security threats
• Protect user safety

5. Data Retention

• Account Data: Retained while your account is active
• Schemas: Retained per your tier limits (10 for free, unlimited for premium)
• Generation History: Retained for 90 days (free) or unlimited (premium)
• Billing Records: Retained for 7 years for tax and legal compliance
• Logs: Retained for 30-90 days for security and debugging

After account deletion, we retain minimal data for legal compliance (e.g., billing records) but delete all other personal information within 30 days.

6. Your Rights Under UK GDPR

Under UK GDPR and applicable data protection laws, you have the following rights:

• Right to Access: Request a copy of your personal data we hold
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Limit how we process your data in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing for direct marketing or legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: File a complaint with the Information Commissioner's Office (ICO)

To exercise these rights, contact us at privacy@datafaux.com. We will respond within one month of receipt.

7. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
• Access Controls: Role-based access, multi-factor authentication
• Password Security: Bcrypt hashing with salt
• Regular Audits: Third-party security audits and penetration testing
• Monitoring: 24/7 security monitoring and incident response
• Compliance: SOC 2 Type II, ISO 27001, GDPR compliant

While we use reasonable security measures, no system is 100% secure. Please use strong passwords and enable two-factor authentication.

8. Cookies and Tracking

We use cookies and similar technologies to:

• Essential Cookies: Required for authentication and security
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Understand how you use our platform
• Marketing Cookies: Deliver relevant advertisements (with consent)

You can control cookies through your browser settings. See our Cookie Policy for details.

9. International Data Transfers

DataFaux operates under UK jurisdiction. Your data may be transferred to and processed in countries outside the United Kingdom. When we transfer data internationally, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the UK authorities
• Adequacy decisions where applicable
• Appropriate safeguards as required by UK GDPR
• Compliance with applicable data protection laws in the destination country

10. Children's Privacy

DataFaux is a professional tool intended for business and development purposes. Our Service is not directed at individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected data from a child under 16, please contact us immediately at privacy@datafaux.com and we will take steps to delete such information.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the platform. The "Last Updated" date at the top indicates when changes were made.

12. Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide the Service you've requested
• Legitimate Interests: Improving our Service, security, and fraud prevention
• Consent: Marketing communications and optional features (where you've given consent)
• Legal Obligation: Compliance with applicable laws and regulations

13. Contact Us

For privacy-related questions, requests, or concerns: