Privacy Policy
Last updated: June 20, 2026
This Privacy Policy explains what information DataMeans handles, why, how long we keep it, and the choices you have.
1. Overview
This Privacy Policy explains how DataMeans ("DataMeans," "we," "us," or "our") handles information in connection with the DataMeans service at datameans.com (the "Service").
The short version: DataMeans is a tool that extracts data from legacy database files and converts it to modern formats. We take your uploaded file, process it, give you the converted output to download, and then delete both on a set schedule. We do not build profiles, sell data, or use your files to train machine-learning models. We hold your data only as long as needed to provide the Service to you.
This Policy is incorporated into our Terms of Service.
2. Two Kinds of Information
It helps to separate two very different things:
2.1 The contents of your uploaded files ("Customer Data"). When you upload a legacy database, that file — and the converted output we generate from it — may contain personal information about other people (for example, customer or employee records stored in the original database). With respect to that information, you are the controller and we act as a processor on your behalf. We only access, process, and store Customer Data to provide the conversion service you requested. We do not analyze it for our own purposes, and we do not retain it beyond the windows described in Section 5.
2.2 Information about you, the user ("Account/Usage Information"). Separately, we handle limited information about the person using the Service — for example, an email address you provide to receive download links, payment details handled by our payment processor, and basic technical and security logs. We act as the controller of this information.
3. What We Collect
Customer Data (your uploaded files and their outputs):
- The database files you upload
- The converted output (CSV, SQL, Excel, JSON, etc.) generated from them
- Schema metadata derived during processing (table names, column names, record counts)
Account/Usage Information:
- Email address — only if you provide one. It is required for paid export download links (so we can email and re-send them) and is not required for the free preview. It is stored with your job record so download links can be recovered.
- Payment information — processed by Stripe. We do not store full card numbers; we keep a Stripe reference (checkout ID) tied to your job. See Section 6.
- Job identifiers and access tokens — the unique link and token that control access to a job and its outputs.
- Security and rate-limiting data — to prevent abuse, we record a SHA-256 hash of the uploading IP address (for per-IP upload limits) and a SHA-256 hash of the email address used for link re-sends (for per-email limits). These are one-way hashes, not the raw values, and are kept only for short rate-limit windows.
- Technical and error logs — when an error occurs, our error-monitoring provider (Sentry) may record technical details such as the error, browser/runtime type, and timestamps to help us debug. Error monitoring only — we do not run performance tracing or session replay.
We do not require you to create a traditional account. Access to a job and its outputs is controlled by a unique job link and token.
4. How and Why We Process Information
We process information to:
- Detect, parse, convert, and package your uploaded files into the output you requested
- Deliver download links and, for paid exports, send email notifications
- Process payments for paid tiers
- Maintain security, prevent abuse (including bot and rate-limit protection), debug errors, and operate the Service
- Comply with legal obligations
We do not:
- Sell or rent your information
- Use your Customer Data to train machine-learning models
- Use Customer Data for advertising or profiling
5. How Long We Keep Data (Retention & Deletion)
We are a processing tool, not a long-term host. Retention is deliberately short.
Download links and converted output expire based on your tier:
| Tier | Retention period |
|---|---|
| Preview | 7 days |
| Explorer | 30 days |
| Standard | 30 days |
| Professional | 90 days |
Uploaded source files and converted output are deleted together when the job's retention window above ends — at that point both are permanently removed from storage, the job record is marked deleted, and expired download requests are refused. Uploaded files belonging to jobs that fail or are abandoned are removed within 7 days. Automated cleanup runs daily.
Account/Usage Information — such as the email tied to a paid job, payment references, and minimal security logs — may be retained after the files themselves are deleted, where reasonably necessary for accounting, tax, fraud-prevention, or legal reasons. Rate-limiting hashes are short-lived and cleared on their own schedule.
You may request deletion of a job and its associated data at any time by emailing info@datameans.com.
6. Who We Share Data With (Subprocessors)
We use a small number of trusted service providers to operate the Service. They process data only as needed to perform their function:
| Provider | Purpose |
|---|---|
| Vercel | Application hosting, file storage (uploads & outputs), and large-file processing |
| Supabase | Database hosting (job records and metadata) |
| Stripe | Payment processing |
| Resend | Transactional email (download links, notifications) |
| Sentry | Error monitoring (technical error logs; DSN-gated, errors only) |
| Cloudflare | Bot and abuse protection on upload (Turnstile) |
We may also disclose information if required by law, to enforce our Terms, or to protect the rights, safety, or property of DataMeans or others. If DataMeans is involved in a merger, acquisition, or asset sale, information may be transferred as part of that transaction.
7. Cookies and Local Storage
We do not use cookies for advertising or cross-site tracking, and we do not run third-party analytics. We store your light/dark theme preference in your browser's local storage so the site remembers it. Our bot-protection provider (Cloudflare Turnstile) and our payment provider (Stripe) may set their own cookies or tokens when you interact with those features, as needed to function securely.
8. Security
We use reasonable, industry-standard technical and organizational measures to protect data, including encryption in transit (TLS) and at rest, access controls, deliberately short retention windows, and one-way hashing of IP addresses and emails used for rate-limiting. No method of transmission or storage is completely secure, and we cannot guarantee absolute security — but because retention is short, the window during which any given file is stored is deliberately limited.
9. Your Responsibilities Regarding Personal Data
Because your uploaded files may contain other people's personal information, you are responsible for ensuring you have a lawful basis to upload that data and to have it processed by the Service. If you are subject to privacy laws such as the GDPR, CCPA/CPRA, or sector-specific rules (e.g., HIPAA, GLBA), you are responsible for your obligations as the controller of that data, including any required notices or agreements. Business customers who require a Data Processing Addendum may contact us at info@datameans.com.
10. Your Rights
Depending on where you live, you may have rights to access, correct, delete, or restrict use of personal information we hold about you, or to object to certain processing. To exercise these rights, contact us at info@datameans.com. We will respond as required by applicable law.
11. Children
The Service is not directed to anyone under 18, and you may not use it to process data in violation of laws protecting children's information.
12. International Users
The Service is operated from the United States, and data is processed on U.S.-based cloud infrastructure (primarily the U.S. East region). If you access the Service from outside the United States, you understand that your information will be processed in the United States.
13. Changes to This Policy
We may update this Policy from time to time. If we make material changes, we will notify you by email or a notice on the Service. The "Last updated" date above reflects the most recent revision.
14. Contact
Questions about this Policy or your data may be sent to info@datameans.com.