Introduction

DialogueDB (“we,” “our,” or “us”) is committed to protecting the privacy and security of your data. This Privacy Policy explains how we collect, use, and protect information when you use our conversation storage API service at https://dialoguedb.com. Your use of our service is also governed by our Terms of Service.

Information We Collect

Account Information

When you create an account, we collect your email address, company name (optional), and billing information for paid plans. We use this to manage your account, process payments, and communicate service updates. Legal Basis for Processing: We process this data because it is necessary for the performance of the contract (Terms of Service) with you.

API Usage Data

We automatically collect data about your API usage including:

  • API endpoints accessed and request timestamps
  • Request volumes and response times
  • Error logs and debugging information
  • IP addresses for security and rate limiting

Conversation Data

You control what conversation data you send to DialogueDB. We store this data encrypted at rest and do not access it except:

  • To provide the service (storage, retrieval, search, summarization)
  • When required by law
  • To investigate security incidents (access is performed using pseudonymized keys or roles wherever possible)
  • With your explicit permission for support purposes

How We Use Information

We use collected information to:

  • Provide and maintain the DialogueDB service
  • Process payments and manage subscriptions
  • Send service updates and technical notices
  • Respond to support requests
  • Monitor for security threats and prevent abuse
  • Improve our service and develop new features
  • Comply with legal obligations

Data Processing and Sharing

Infrastructure Partners

We utilize trusted third-party service providers whose services may be incorporated based on your selected plan or feature configuration, including:

  • AWS (Cloud infrastructure and compute services)
  • Pinecone (Vector database services for search and retrieval)
  • OpenAI (Providing embeddings/vectorization services for data analysis)

These providers are contractually bound to maintain appropriate security standards and data protection measures aligned with this policy and applicable law.

Third-Party AI Processing

When users elect to utilize artificial intelligence features (such as automated summarization or classification), content may be processed by third-party AI service providers, including OpenAI. Such processing occurs solely at user direction and for the purpose of delivering the requested functionality.

Data Sharing

We do not sell, rent, or share your data with third parties except:

  • With the infrastructure and AI service providers listed above as necessary for service operation
  • With payment processors for billing
  • When required by law or legal process
  • To protect rights, property, or safety
  • With your explicit consent

Data Storage and Security

Encryption

All conversation data is encrypted at rest using industry-standard encryption. Data in transit is protected using TLS 1.2 or higher.

Storage Location

Data is stored on AWS infrastructure in the United States with automated backups and disaster recovery.

Retention

  • Conversation data is retained according to your configured TTL settings
  • Account information is retained while your account is active
  • Account information is retained for a maximum of 90 calendar days following account deletion to meet legal, tax, and financial obligations
  • API logs are retained for 90 days for security and debugging
  • Deleted data is permanently removed from backups within 30 days

Your Rights

You have the following rights regarding your personal data. We will respond to all requests within 45 days (CCPA standard).

  • Right to Know: To know what data we collect and hold about you
  • Right to Rectification: Correction of inaccurate data
  • Right to Deletion: Of your account and associated data
  • Right to Data Portability: Receive your personal data in a standard format
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights

Compliance

DialogueDB maintains compliance with:

  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA) and other applicable US State laws
  • Working towards SOC 2 Type I compliance

API Keys and Security

Your API keys are hashed and stored securely. We recommend:

  • Rotating keys regularly
  • Never sharing keys publicly
  • Using environment variables for key storage
  • Monitoring usage for unusual patterns

Updates to This Policy

We may update this policy at any time to reflect changes in our practices or legal requirements.

Contact Us

For privacy questions or concerns: support@dialoguedb.com