Privacy Policy

Effective Date: January 29, 2025
Last Updated: January 29, 2025

Thank you for choosing DataFence. Your privacy is important to us. This Privacy Policy explains how we collect, use, store, and protect your information when you use our browser extension, cloud APIs, and associated administrative dashboard at datafence.ai.

If you have any questions, contact us.

1. Who We Are

DataFence is a browser-based Data Loss Prevention (DLP) platform designed to help organizations detect and prevent the unauthorized sharing of sensitive information in real-time.

2. Information We Collect

A. Information You Provide

  • Account Information: Name, email address, organization name, and authentication details (via SSO or OAuth).
  • Billing Information: Processed via Stripe and subject to their privacy policy.

B. Automatically Collected Information

  • Client Activity Logs: Includes redacted upload metadata, blocked/warned action types, browser type, and domain visited.
  • Heartbeat Telemetry: We collect timestamped data that indicates extension activity, version, and status (used for billing and security coverage analysis).

C. Sensitive Data Handling

  • Redaction and Classification: All scanned content is either processed locally or transmitted securely to our API endpoint.
  • No Storage by Default: DataFence does not retain raw sensitive data.

3. How We Use Your Information

  • To enforce policy rules and block potential data exfiltration
  • To generate analytics and audit logs for your administrators
  • To detect coverage gaps and suspicious user behavior
  • To comply with legal obligations and ensure system integrity

4. Sharing and Disclosure

We do not sell or share your personal or organization data with third parties. We may disclose data only:

  • To service providers under strict confidentiality agreements
  • To comply with legal obligations or law enforcement requests
  • To prevent fraud or security threats

5. Data Storage and Retention

  • Logs and telemetry are stored securely with encryption at rest and in transit.
  • You may request deletion of all stored logs at any time.

6. Security

  • All data in transit is encrypted using TLS.
  • We utilize fine-grained access control, database row-level security, and encryption at rest.
  • We follow best practices for browser extension security, including content isolation and sandboxing.

7. Your Rights

Depending on your location, you may have the right to:

  • Access or export your data
  • Request correction or deletion
  • Object to processing under applicable privacy laws (e.g., GDPR, CCPA)

Contact us to exercise these rights.

8. International Data Transfers

DataFence is hosted in the United States. If you are located outside the U.S., your data may be transferred and processed in the U.S. under adequate safeguards.

9. Children's Privacy

DataFence is not intended for use by children under the age of 16. We do not knowingly collect information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time.

Contact Us

If you have questions, concerns, or data requests:

Contact DataFence Privacy Office