Nodex Logo
Request AccessLog In

Privacy Policy

Last updated: July 2025

1. Introduction

Bubble Lab AI ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI data analysis service ("Service"). We prioritize data security and user control over personal information.

2. Definitions

"Personal Data" means any information relating to an identified or identifiable natural person.
"Processing" means any operation performed on personal data, including collection, use, storage, and deletion.
"Service" means our AI-powered data analysis platform and related services.
"Controller" means Bubble Lab AI as the entity that determines the purposes and means of processing personal data.

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

  • Email address (required for account creation)
  • Name and company information
  • Account preferences and settings
  • Profile information you choose to provide
  • Authentication credentials and security settings

3.2 Usage Data and Logs

We collect limited usage data necessary for service functionality:

  • Query patterns and frequency (without storing actual query content)
  • System performance metrics and analytics
  • Error logs for troubleshooting and service improvement
  • Feature usage analytics and user interaction data
  • Login and access logs with timestamps and IP addresses
  • API usage statistics and rate limiting data
  • Session duration and frequency of use

3.3 Database Metadata

To provide our AI analysis service, we analyze database structure:

  • Table and column names and descriptions
  • Data types, constraints, and relationships
  • Schema information and database structure
  • Index information and performance metadata

Important: We do not store your actual data values, only structural information needed to understand your database schema and provide intelligent query suggestions.

3.4 Technical Information

We automatically collect certain technical information:

  • IP address and geolocation data (country/region level)
  • Browser type, version, and language settings
  • Operating system and device information
  • Referral URLs and pages visited
  • Time zone and session timestamps

3.5 Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

  • Essential Cookies: Required for authentication and security
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Help us understand how you use our service
  • Performance Cookies: Collect information about service performance

You can control cookies through your browser settings. Disabling certain cookies may limit service functionality.

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contractual Necessity: To provide the Service as agreed in our Terms of Service
  • Legitimate Interest: To improve our Service, ensure security, and provide customer support
  • Consent: For optional features, marketing communications, and analytics where required
  • Legal Obligation: To comply with applicable laws and regulations
  • Vital Interest: To protect the security and integrity of our Service and users

5. AI Processing and Automated Decision Making

5.1 AI Analysis

Our Service uses artificial intelligence to:

  • Analyze database schemas and generate intelligent query suggestions
  • Process natural language queries and convert them to database queries
  • Generate insights and visualizations from query results
  • Optimize query performance and suggest improvements
  • Detect anomalies and patterns in usage behavior

5.2 Automated Decision Making

We use automated processing for:

  • Security monitoring and fraud detection
  • Rate limiting and abuse prevention
  • Content filtering and safety measures
  • Service optimization and personalization

Your Rights: You have the right to request human review of automated decisions that significantly affect you and to contest such decisions.

5.3 AI Model Training

We may use aggregated, anonymized usage patterns to improve our AI models. We do not use your specific data content or personally identifiable information for model training without explicit consent.

6. Data Security and Encryption

6.1 Encryption in Transit

All data transmitted between your systems and our Service is encrypted using:

  • TLS 1.3 encryption for all API communications
  • SSL certificates from trusted certificate authorities
  • Perfect Forward Secrecy for enhanced protection
  • Certificate pinning for additional security

6.2 Encryption at Rest

All stored data is encrypted using:

  • AES-256 encryption for database storage
  • Encrypted backups with separate key management
  • Hardware security modules (HSMs) for key protection
  • Regular key rotation and security audits

6.3 Access Controls and Security Measures

We implement comprehensive security controls:

  • Multi-factor authentication for all administrative access
  • Role-based access permissions with principle of least privilege
  • Regular access reviews and audit logs
  • Zero-trust network architecture
  • Intrusion detection and prevention systems
  • Regular security assessments and penetration testing
  • Employee security training and background checks

7. How We Use Your Information

We use your information solely to:

  • Provide, maintain, and improve the Service
  • Process your data queries and generate insights
  • Authenticate users and maintain account security
  • Provide customer support and technical assistance
  • Send service-related communications and updates
  • Ensure security, prevent fraud, and detect abuse
  • Comply with legal obligations and enforce our Terms
  • Conduct research and development to improve our AI capabilities
  • Generate aggregated analytics and usage statistics

We never sell, rent, or share your personal data with third parties for marketing purposes.

8. Data Sharing and Disclosure

8.1 When We Share Data

We may share your information only in these limited circumstances:

  • With Your Consent: When you explicitly authorize sharing
  • Service Providers: With trusted third parties who assist in operating our Service
  • Legal Requirements: When required by law, court order, or government request
  • Safety and Security: To protect our users, Service, or public safety
  • Business Transfers: In connection with mergers, acquisitions, or asset sales

8.2 Third-Party Service Providers

We work with select service providers who are bound by strict contractual obligations:

  • Cloud hosting and infrastructure providers
  • Payment processing services (we do not store payment information)
  • Error monitoring and analytics services
  • Customer support and communication tools
  • Security and authentication services

9. Data Retention and Deletion

9.1 Your Control Over Data

You have complete control over your data:

  • Request deletion of usage data and logs at any time
  • Export your account data in machine-readable format
  • Modify or correct your personal information
  • Permanently delete your account and all associated data
  • Withdraw consent for optional data processing

9.2 Automatic Retention Policies

We automatically delete data according to these schedules:

  • System and error logs: 90 days
  • Query results cache: 24 hours
  • Analytics data: 25 months (anonymized after 14 months)
  • Security logs: 1 year
  • Backup data: 30 days after primary deletion
  • Inactive accounts: 3 years of no activity (with notice)

9.3 Legal Retention Requirements

Some data may be retained longer when required by law, for legal proceedings, or to protect our legitimate business interests. We will inform you of any such retention requirements.

10. International Data Transfers

Your data is primarily processed in secure data centers located in the United States. For international transfers, we implement appropriate safeguards including:

  • Standard Contractual Clauses where required by applicable law
  • Adequacy decisions where available
  • Additional technical and organizational security measures
  • Compliance with applicable international data transfer requirements

11. Your Privacy Rights

11.1 General Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a portable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for consent-based processing
  • Lodge Complaints: File complaints with your local data protection authority

11.2 California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to Know: What personal information we collect and how it's used
  • Right to Delete: Request deletion of personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: Opt out of the sale or sharing of personal information
  • Right to Limit: Limit use of sensitive personal information
  • Non-Discrimination: Equal service regardless of privacy choices

Note: We do not sell personal information as defined by the CCPA.

11.3 Exercising Your Rights

To exercise your privacy rights:

  • Email us at hello@bubblelab.ai with your request
  • Use our privacy request form in your account settings
  • We will respond within 30 days (or as required by local law)
  • We may need to verify your identity before processing requests

12. Data Breach Notification

In the unlikely event of a data breach affecting your personal information:

  • We will notify affected users within 72 hours of discovery
  • Notifications will include the nature of the breach and potential impact
  • We will provide guidance on protective measures you can take
  • We will notify relevant authorities as required by law
  • We maintain a comprehensive incident response plan

13. Compliance and Certifications

13.1 Security Standards

We maintain compliance with industry standards:

  • SOC 2 Type II for security, availability, and confidentiality
  • ISO 27001 information security management
  • Regular third-party security audits and assessments

13.2 Privacy Framework Compliance

Our privacy practices are designed to comply with applicable privacy laws including GDPR, CCPA, and other relevant regulations as our business grows.

14. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware of such collection, we will delete the information immediately and take steps to prevent future collection.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements:

  • Material changes will be communicated via email and in-app notifications
  • We will provide at least 30 days notice for significant changes
  • The "Last updated" date indicates when changes were made
  • Continued use constitutes acceptance of updated terms

16. Contact Us

For questions about this Privacy Policy, to exercise your privacy rights, or to report privacy concerns:

Email: hello@bubblelab.ai

Response Time: Within 30 days for privacy requests