Privacy Policy
Last updated: April 13, 2026
Overview
Data Depot Labs, Inc. (“Data Depot,” “we,” “us,” or “our”) operates www.datadepot.tech. This page explains what information is collected when you visit our website or use our services, how it is used, and what third-party tools and service providers are involved. We do not sell your personal data.
Information We Collect
We collect information in two ways: information you provide directly and information collected automatically through analytics and tracking tools.
Information You Provide
- Data Plumbing Diagnostic (Quiz): Name, email address, phone number, company name, industry, company size, and your answers to 17 diagnostic questions.
- Diagnostic Call Booking: Name, email, company, website, project details (solution type, budget, timeline, challenge description), and selected appointment time.
- Faucet Purchase: Name, email, company, project intake details (tools, workflows, business context), and payment information via Stripe.
- Waterworks Subscription: Name, email, company, plan selection, and payment information via Stripe (credit card or bank account details for ACH).
- Client Portal: Messages, project requests, and credentials you store in the encrypted credential vault.
- Email Replies: If you reply to emails from our team or automated systems, the content of your reply is processed to provide an appropriate response.
Information Collected Automatically
Automatically collected information may include your IP address, browser type, device type, pages visited, time spent on pages, referring URL, general geographic location (city/country level), and UTM campaign parameters from the URL you used to reach our site.
How We Use Your Information
- To deliver the services you purchased (diagnostic calls, Faucet projects, Waterworks subscriptions)
- To send you your Data Plumbing Diagnostic results and related follow-up emails
- To schedule and facilitate appointments
- To process payments
- To provide access to and operate the client portal
- To improve our website and services through analytics
- To attribute marketing effectiveness (which channels and campaigns drive engagement)
- To generate AI-assisted communications and deliverables as described in our Terms of Service
Lawful Basis for Processing
Where the General Data Protection Regulation (GDPR) applies, we process personal data only where we have a lawful basis to do so. The table below identifies the basis for each processing activity.
| Processing Activity | Lawful Basis |
|---|---|
| Quiz lead collection | Consent - you voluntarily submit the form |
| Diagnostic call booking and payment | Contract - necessary to deliver the booked service |
| Faucet and Waterworks service delivery | Contract - necessary to perform the engagement |
| Drip email sequences to quiz leads | Legitimate interest - follow-up to a voluntary inquiry; you can opt out at any time |
| B2B outreach to publicly available business contacts | Legitimate interest - outreach to decision-makers at businesses likely to benefit from our services, using publicly available contact information |
| Analytics cookies (PostHog, Google Analytics 4) | Consent - via cookie banner on first visit |
| Advertising cookies (Meta Pixel) | Consent - via cookie banner on first visit |
| Payment processing via Stripe | Contract (service delivery) and Legal obligation (financial record-keeping requirements) |
AI and Automated Processing
Data Depot uses artificial intelligence and automated tools in service delivery and communications. This includes:
- Automated email communications: Follow-up emails after the quiz are sent by an automated system. If you reply, your message is processed using AI to classify your intent and generate an appropriate response draft.
- AI-assisted deliverables: Code generation, data analysis, pipeline construction, and documentation may involve AI tools. All material deliverables undergo human review.
- Company research: If you provide a company name during the quiz, we may use automated tools to research publicly available information about your company to provide more relevant service.
Your email replies and quiz data are stored in our database and may be used as context for AI-generated responses specific to your engagement. This data is not used to train third-party AI models. For more on AI limitations and liability, see Section 7 of our Terms of Service.
Analytics & Tracking Tools
This website uses the following third-party analytics and advertising tools. Each tool may set cookies or use pixel tracking to collect data as described below.
Google Analytics 4
Provided by Google LLC. Collects anonymized data about site traffic and user behavior (pages viewed, session duration, device type, and geographic region) to help us understand how visitors use the site. Also receives conversion events (lead generation, purchases) with associated values for advertising attribution.
Google Privacy Policy →Meta Pixel (Facebook)
Provided by Meta Platforms, Inc. Tracks conversions from Facebook and Instagram ads, measures ad effectiveness, and may be used to build custom audiences for advertising. This pixel fires events including page views, lead submissions, and purchase completions.
Meta Privacy Policy →PostHog
Provided by PostHog, Inc. Collects product analytics data including page views, button clicks, and user journeys to help us understand how visitors navigate the site and where they encounter friction. PostHog also provides session replay to visualize user sessions. If you provide your email address (e.g. through the quiz contact form), your session may be linked to your identity for analytics purposes.
PostHog Privacy Policy →Sentry
Provided by Functional Software, Inc. Monitors the site for errors and performance issues. When an error occurs, Sentry collects technical information such as the error message, stack trace, browser type, and device type to help us diagnose and fix bugs. Sentry does not collect personally identifiable information such as form field contents.
Sentry Privacy Policy →Third-Party Service Providers & Sub-Processors
In addition to the analytics tools above, we use third-party service providers to operate our platform. Your data may be processed by these providers as necessary to deliver our services. Consistent with GDPR Article 13(1)(e), the table below discloses our sub-processors by category of recipient.
| Category | Purpose | Region |
|---|---|---|
| Payment processor | Processing payments for diagnostic calls, Faucet packages, and Waterworks subscriptions. | US |
| Cloud hosting and runtime | Website hosting, edge delivery, and serverless execution of application logic. | US / Multi-region |
| Application data store and authentication | Account data, quiz results, project records, portal messages, and encrypted credentials. | US |
| Email delivery | Transactional email (quiz results, booking confirmations, portal notifications) and automated outbound sequences. | US |
| Calendar and lead records | Scheduling diagnostic calls and maintaining lead records. | US / Multi-region |
| LLM inference providers | AI-assisted deliverables, intent classification, and response drafting. Prompts may contain business identifiers and conversation context. Our LLM providers do not use this data to train their models under their API terms. | US |
| Web search provider | Research of publicly available company information for outreach relevance. No personal consumer data is submitted. | US |
| Automated-outreach memory store | Operational context for automated systems, including prior interactions and business identifiers. Does not contain payment information or government-issued IDs. | US |
| Product analytics and session replay | Understanding site usage and user journeys (opt-in via cookie banner). See Analytics & Tracking Tools above. | US |
| Site traffic analytics | Measuring site traffic and conversion events (opt-in via cookie banner). See Analytics & Tracking Tools above. | US / Multi-region |
| Advertising attribution | Ad measurement and retargeting (opt-in via cookie banner). See Analytics & Tracking Tools above. | US / Multi-region |
| Error monitoring | Diagnosing application errors (error messages, stack traces, device type). No form field contents. | US |
A current list of the specific sub-processors used within each category, along with a copy of the relevant Data Processing Agreement, is available on request. Email hello@datadepot.tech with the subject line “Sub-Processor List Request.”
International Data Transfers
Our sub-processors are located in the United States. If you are accessing our services from the European Union or European Economic Area (EU/EEA), your personal data will be transferred to and processed in the United States.
Such transfers are made pursuant to the EU-US Data Privacy Framework (where applicable) or, where a sub-processor is not certified under that framework, pursuant to Standard Contractual Clauses (SCCs) approved by the European Commission.
Copies of relevant Data Processing Agreements (DPAs) are available upon request. To request a copy, email hello@datadepot.tech.
Cookies
The analytics and advertising tools above set cookies in your browser to track your session across page views and, in some cases, across other websites. You can control or disable cookies through your browser settings. Note that disabling cookies may affect how parts of this site function. Most modern browsers also support opt-out extensions for common analytics trackers (e.g. Google Analytics Opt-out Add-on).
Data Security
We implement industry-standard security measures consistent with OWASP best practices, including encryption in transit (TLS), encryption at rest, role-based access controls, and audit logging. Client credentials stored in the portal are encrypted at rest using authenticated symmetric encryption. While we take reasonable steps to protect your information, no method of transmission or storage is 100% secure. For more on security practices and credential responsibilities, see Section 8 of our Terms of Service.
Data Breach Notification
If Data Depot Labs, Inc. becomes aware of a data breach that poses a risk to your rights and freedoms, we will notify affected individuals and the relevant supervisory authority in accordance with applicable law. Where feasible, notification to the supervisory authority will occur within 72 hours of becoming aware of the breach. We will notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
Data Retention
We retain personal data only as long as necessary for the purpose it was collected, or as required by law. The schedule below sets out our specific retention periods by data category.
| Data Category | Retention Period | Basis |
|---|---|---|
| Account data | Duration of service + 30 days after a confirmed deletion request | Contract / consent |
| Payment records | 7 years from transaction date | Legal obligation (tax and accounting regulations) |
| Email engagement data (opens, clicks) | 90 days | Legitimate interest |
| Server and API logs | 30 days | Legitimate interest (security and debugging) |
| Quiz responses and diagnostic data | Duration of the service relationship | Consent / contract |
| Credential vault data | Deleted immediately upon client request or account termination | Contract |
| Analytics data | Per each provider's own retention policy | Consent |
| Automated-outreach memory | Duration of prospect relationship + 30 days after opt-out or deletion request | Legitimate interest |
| Email conversation history | Duration of prospect relationship, or 30 days after opt-out or deletion request | Legitimate interest (personalized service delivery) |
Opt-out requests trigger deletion of your data from our automated-outreach memory within 30 days. To opt out, email hello@datadepot.tech with the subject line “Opt Out.”
Upon termination of a paid engagement, client project data is returned or deleted within 30 days at your election. To request early deletion of any category, email hello@datadepot.tech with the subject line “Data Deletion Request.”
Data Collected from Third-Party Sources (Article 14 Notice)
In addition to information you provide directly, we may obtain business contact information about you from publicly available sources as part of our market research and outreach activities. This section provides the Article 14 GDPR transparency notice covering that indirect collection.
| Item | Details |
|---|---|
| Categories of data | Business contact information (name, work email, job title, company name, company size, industry) and publicly available company data (website, location, estimated revenue). |
| Sources | Publicly available business directories, company websites, and web search indices. We do not purchase contact lists from data brokers. |
| Purpose | To identify businesses that may benefit from our data engineering services and to conduct relevant, targeted outreach. Data is also used for internal market research and service improvement. |
| Lawful basis | Legitimate interest - we have a legitimate interest in contacting business decision-makers at companies likely to benefit from our services, using contact information they have made publicly available in a professional capacity. |
| Right to object | You can opt out of this processing at any time. Email hello@datadepot.tech with the subject line “Opt Out” and we will remove your details from our outreach lists and agent memory within 30 days. |
Where we contact you by email, this notice is delivered in the first email you receive from us. If you have not been contacted, you can request a copy of any data we hold at hello@datadepot.tech.
Third-Party Links
This website contains links to external sites (LinkedIn, GitHub, Spotify, etc.). We are not responsible for the privacy practices of those sites and encourage you to review their respective privacy policies.
Your Rights
Depending on your jurisdiction (including under GDPR and CCPA), you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request that we correct inaccurate or incomplete personal data we hold about you.
- Deletion: Request that we delete your personal data (see instructions below).
- Restriction: Request that we restrict processing of your personal data in certain circumstances.
- Portability: Request a machine-readable copy of your personal data where processing is based on consent or contract.
- Objection: Object to processing based on legitimate interest, including direct marketing.
- Withdraw consent: Where processing is based on your consent, withdraw that consent at any time without affecting the lawfulness of prior processing.
- Lodge a complaint: Lodge a complaint with a supervisory authority in your country of residence. In the EU, contact your local data protection authority (DPA). In the US, contact the FTC or your state attorney general as applicable.
How to Request Deletion
To request deletion of your personal data, email hello@datadepot.tech with the subject line “Data Deletion Request”. The Data Depot team will process your request within 30 days. Note that certain data may be retained where required by law - for example, financial records are retained for 7 years in accordance with applicable tax and accounting regulations. We'll let you know if any retention obligations apply to your request.
To exercise any other right or to ask questions about this policy, contact us at hello@datadepot.tech.
California Privacy Rights (CCPA/CPRA)
This section applies to California residents and supplements the rights described above. It is provided pursuant to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).
Categories of personal information shared for advertising
We share the following categories of personal information with advertising platforms for the purpose of ad attribution and retargeting:
- Identifiers: Device IDs and cookie identifiers assigned by your browser.
- Internet or network activity: Pages visited on this website, conversion events (e.g. quiz completion, purchase), and referring URL.
Categories of third parties receiving this information
Meta Platforms, Inc. — via the Meta Pixel installed on this website, used for ad attribution and retargeting on Facebook and Instagram.
Opt-out method
You can opt out of the sharing of your personal information for advertising purposes by declining analytics and advertising cookies via the cookie consent banner displayed on your first visit, or by clicking the “Cookie preferences” link in the site footer at any time to update your preferences.
Monetary consideration
Data Depot Labs, Inc. does not sell personal information for monetary consideration. We share limited data with advertising platforms solely for ad attribution purposes, which may constitute “sharing” under the CPRA. No personal information is exchanged for payment.
Changes to This Policy
We may update this policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of the site after changes are posted constitutes your acceptance of the updated policy.