Privacy Statement

Last updated: 03/06/2026

This Privacy Statement explains how AI-First Analytics, Inc. ("we," "us," or "our") collects, uses, and handles information in connection with GesamtDB (the "Service").

This Privacy Statement applies globally, including users located in the European Union and the United Kingdom.

1. Information We Collect

Depending on how you use the Service, we may collect the following categories of information.

a. Information You Provide

• Account information (such as name and email address)
• Billing-related information (handled by third-party payment processors)
• Database connection metadata that you provide for customer-managed database infrastructure access
• Data, queries, files, or other content you upload or submit to the Service ("Customer Data")
• Communications with us (such as support requests or emails)

b. Automatically Collected Information

• IP address
• Browser type, device information, and operating system
• Usage data (such as feature usage, timestamps, and interaction logs)

2. How We Use Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process transactions and manage subscriptions
• Improve functionality, performance, and reliability
• Monitor usage, prevent abuse, and ensure security
• Communicate with you regarding the Service
• Enforce our Terms of Use
• Comply with applicable legal obligations

3. Customer Data and Roles

You retain ownership of all Customer Data you submit to the Service.

Under GesamtDB's customer-managed database infrastructure model, your primary data remains in infrastructure that you provision and control. We process Customer Data solely as necessary to provide, maintain, and improve the Service in accordance with our Terms of Use. We do not sell Customer Data.

For data protection purposes:

• We act as a data controller for account, billing, and usage information.
• We act as a data processor for Customer Data processed on your behalf.

4. Legal Bases for Processing (EU/UK Users)

Where required by applicable law, including GDPR and UK GDPR, we process personal information based on:

• Contractual necessity - to provide the Service and manage accounts
• Legitimate interests - to improve, secure, and monitor the Service
• Legal obligations - to comply with applicable laws and regulations
• Consent - where required, such as optional communications

5. Billing and Payment Processing

Payments are processed by third-party payment processors such as Stripe or Paddle, depending on your location and payment method.

We do not store full payment card information.

6. Data Storage and Security

We use commercially reasonable technical and organizational measures to protect information against unauthorized access, loss, misuse, and alteration.

Connection details and operational metadata are processed to execute authorized operations against your configured database engine. We recommend that you provide credentials with the minimum privileges required for your intended use.

No system is completely secure, and we cannot guarantee absolute security.

7. Data Retention

We retain personal information only as long as needed for the purposes described in this statement, for service operation, or to comply with legal requirements.

Operational logs, request metadata, and service telemetry may be retained for security, abuse prevention, billing, reliability, and audit purposes.

8. Third-Party Services

We use third-party providers for infrastructure, analytics, monitoring, model inference, and payment processing. Those providers process information under their own terms and privacy practices.

9. International Data Transfers

Your information may be processed in the United States and other jurisdictions where we or our service providers operate. Where required, we rely on appropriate safeguards such as standard contractual clauses.

10. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, object, port, or withdraw consent for personal information processing.

You may exercise these rights by contacting us below. We may need to verify your identity before responding.

11. Children's Privacy

The Service is not intended for children under the age of 13, and we do not knowingly collect personal information from children.

12. Changes to This Privacy Statement

We may update this Privacy Statement from time to time. Continued use of the Service after changes become effective constitutes acceptance of the updated version.

13. Contact Information

AI-First Analytics, Inc.
aifirstanalytics@gmail.com
Headquartered in New York, USA
Incorporated in Delaware