Privacy

PRIVACY POLICY

Last updated February 28, 2026

This Privacy Notice for Saddle Data, Inc. (“we,” “us,” or “our”), describes how and why we might access, collect, store, use, and/or share (“process”) your personal information when you use our services (“Services”), including when you:

Visit our website at https://saddledata.com
Engage with us in other related ways, including any sales, marketing, or events
Connect third-party applications, such as Google Analytics 4 and Google Sheets, via OAuth to our platform.

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at privacy@saddledata.com.

SUMMARY OF KEY POINTS

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with Saddle Data, the choices you make, and the products and features you use.
Do we process any sensitive personal information? Yes. We process sensitive authentication data (such as OAuth tokens) necessary to connect your data sources. We utilize strict data protection mechanisms, including encryption in transit and at rest, to secure this data.
Do we receive any information from third parties? We receive data from third-party services (like Google) only when you explicitly authorize us to connect to them via our integrations.
How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.
Google API Limited Use: Saddle Data’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties, however, data obtained through Google Workspace or Google APIs is never shared with third parties for marketing, advertising, or data brokering purposes.

Open TABLE OF CONTENTS

1. WHAT INFORMATION DO WE COLLECT?
- Personal information you disclose to us
2. HOW DO WE PROCESS YOUR INFORMATION?
3. GOOGLE API LIMITED USE DISCLOSURE
4. HOW DO WE KEEP YOUR INFORMATION SAFE?
5. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
6. WHAT IS OUR STANCE ON THIRD-PARTY WEBSITES?
7. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
8. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
9. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
10. HOW LONG DO WE KEEP YOUR INFORMATION?
11. DO WE COLLECT INFORMATION FROM MINORS?
12. WHAT ARE YOUR PRIVACY RIGHTS?
13. CONTROLS FOR DO-NOT-TRACK FEATURES
14. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
15. DO VIRGINIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
16. DO WE MAKE UPDATES TO THIS NOTICE?
17. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
18. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You. The personal information we collect may include the following:

names
email addresses
billing addresses
debit/credit card numbers
contact or authentication data

Integration & Sensitive Information. When you connect third-party accounts (such as Google Analytics 4 and Google Sheets) to Saddle Data, we collect and securely store the necessary authentication credentials (such as OAuth access and refresh tokens) to maintain that connection and perform the data pipeline services you configure.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

To facilitate account creation and authentication. We may process your information so you can create and log in to your account.
To deliver and facilitate delivery of services to the user. We process your integration data and OAuth tokens solely to execute the data pipelines and syncs you configure within our platform.
To respond to user inquiries/offer support to users. * To send you marketing and promotional communications. We may process the personal information you send to us for our marketing purposes. Note: Data obtained via Google APIs is strictly excluded from all marketing and promotional usage.
To protect our Services. We may process your information as part of our efforts to keep our Services safe and secure.

3. GOOGLE API LIMITED USE DISCLOSURE

Saddle Data’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, regarding data obtained via Google integrations (such as Google Analytics 4 and Google Sheets):

We only use the data to provide or improve the user-facing features of our data pipeline services.
We do not use or transfer the data for serving ads, including retargeting, personalized, or interest-based advertising.
We do not allow humans to read the data, unless:
- We first obtain your affirmative agreement for specific messages;
- It is necessary for security purposes (such as investigating a bug or abuse);
- It is necessary to comply with applicable law; or
- The data (including derivations) is aggregated and anonymized for internal operations.

4. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process, particularly sensitive data such as OAuth tokens and integration credentials.

Encryption in Transit: All data transferred between your browser, our services, and third-party integrations (like Google) is encrypted using TLS 1.2 or higher.
Encryption at Rest: Sensitive authentication data, including OAuth access tokens and refresh tokens, are encrypted at rest within our databases using industry-standard AES-256 encryption algorithms.
Access Controls: Access to production databases and sensitive user data is strictly limited to authorized personnel on a least-privilege basis and requires multi-factor authentication.

Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

In Short: We may share information in specific situations and with the following third parties.

We may need to share your personal information in the following situations:

Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third-party vendors who perform services for us. They cannot do anything with your personal information unless we have instructed them to do it. The third parties we may share personal information with include:
- Cloud Computing Services: Google Cloud Platform
- Invoicing and Billing: Stripe
- Web Analytics: Google Analytics (for website traffic monitoring, not applied to data synced via your pipelines).

(Note: The data sharing explicitly listed above for marketing or analytics does not apply to the payload data or sensitive information obtained through authorized Google OAuth scopes. That data is strictly governed by Section 3).

Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

6. WHAT IS OUR STANCE ON THIRD-PARTY WEBSITES?

The Services may contain links to third-party websites. We are not responsible for the safety of any information that you share with third parties that we may link to.

7. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information.

Our Services offer you the ability to register and log in using your third-party social media account details. Where you choose to do this, we will receive certain profile information about you from your social media provider (like your name and email address). We use this strictly for authentication purposes.

9. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?

Our servers are located in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed by us in our facilities in the United States.

10. HOW LONG DO WE KEEP YOUR INFORMATION?

We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information.

11. DO WE COLLECT INFORMATION FROM MINORS?

We do not knowingly collect data from or market to children under 18 years of age.

12. WHAT ARE YOUR PRIVACY RIGHTS?

In some regions (like the EEA, UK, and Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information. You can make such a request by contacting us at privacy@saddledata.com.

13. CONTROLS FOR DO-NOT-TRACK FEATURES

We do not currently respond to DNT browser signals.

14. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

Yes, if you are a resident of California, you are granted specific rights regarding access to your personal information under the CCPA. To exercise these rights, you can contact us by email at privacy@saddledata.com.

15. DO VIRGINIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

Yes, if you are a resident of Virginia, you are granted specific rights regarding access to and use of your personal information under the CDPA.

16. DO WE MAKE UPDATES TO THIS NOTICE?

We may update this privacy notice from time to time. The updated version will be indicated by an updated “Revised” date.

17. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may email us at privacy@saddledata.com or by post to:

Saddle Data, Inc.

8 The Green #24058

Dover, DE, 19901

18. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

To request to review, update, or delete your personal information, please visit: privacy@saddledata.com.