Privacy Policy
Last Updated: November 23, 2025
Effective Date: November 16, 2025
Our Privacy Philosophy
At Kyomi, we believe privacy is a fundamental right, not a luxury. We built Kyomi to be privacy-first from the ground up. This means:
- Your data stays in your data warehouse - We cache table/column names (metadata) for search, but never copy your actual data rows
- Minimal data collection - We only collect what's necessary to operate the service
- No selling your data - Ever. Your data is yours, not a product
- Transparent practices - This policy explains exactly what we do (and don't do)
What Data We Collect
Account Data
When you create an account, we collect:
- Email address - For authentication and important service notifications
- Name (optional) - For personalization
- Workspace information - Workspace name, settings, and preferences
Chat Messages & Analysis
When you use Kyomi's AI features, we store:
- Chat messages - Your questions and AI responses
- Query summaries - The AI may include summaries of your data in chat responses
- Session metadata - Timestamps, token usage for billing
Important: While chat messages may reference your data (e.g., "revenue increased 20%"), we never store the underlying BigQuery data itself. Your data remains in your data warehouse.
BigQuery Catalog Metadata
To enable intelligent table and column search, we cache metadata about your BigQuery datasets:
- Table names and descriptions - The names and descriptions of your BigQuery tables
- Column names and types - Column names, data types, and descriptions
- Schema structure - Table and dataset organization
- Modified timestamps - When tables were last updated (for incremental indexing)
Important clarifications:
- ✅ Metadata only - We store table/column names and descriptions, NOT the actual data in your tables
- ✅ Incremental updates - We only re-index tables that have changed
- ✅ Workspace-isolated - Your catalog metadata is only accessible to your workspace
- ✅ Enables smart search - Powers semantic search to help you find relevant tables quickly
Example: If you have a table called sales_2024 with columns revenue, region, date, we store those names and types—but not the actual sales data.
Technical Data
To operate the service, we automatically collect:
- Authentication tokens - To keep you logged in securely
- Google OAuth tokens - When you sign in with Google, we store your OAuth access and refresh tokens (encrypted) to access BigQuery on your behalf
- Server logs - Access logs, error logs, API usage, and performance metrics for debugging, security monitoring, and service improvement
- IP address - For security and fraud prevention (not stored long-term)
- Browser/device information - To ensure compatibility
What Data We DON'T Collect
- ❌ Your BigQuery table data - We cache table/column names (metadata) but never the actual data rows
- ❌ Credit card numbers - Handled by Stripe, we never see them
- ❌ Browsing history - We don't track you across the web
- ❌ Advertising data - No ads, no tracking pixels, no surveillance
How We Use Your Data
Service Operation
- Authentication - Log you in and keep your account secure
- Billing - Track AI usage for subscription billing
- Support - Help you when you need assistance. Our support team does not access your chat history (which includes 20-row data samples) unless you explicitly request help with a specific issue and share details with us.
- Security & Performance - Monitor server logs for security threats, bugs, and performance issues
- Product Improvement - Analyze usage patterns from server logs to improve features and fix issues
How Your Data Flows Through Kyomi
Kyomi has three different data access modes, each with different privacy implications:
Mode 1: AI Agent Queries (Server-Side, Limited)
When you ask the AI agent a question:
- AI generates query - Creates SQL based on your question
- Query executed - Runs in your BigQuery with a 20-row limit
- Results to our server - Limited result set (max 20 rows) sent to our backend
- AI analyzes - Agent summarizes the data to answer your question (see "Third-Party AI Processing" below)
- Stored in chat history - The AI's summary AND the 20-row sample are saved
Third-Party AI Processing: To provide AI-powered data analysis, we send the 20-row sample to Anthropic (Claude AI) for processing. This is necessary to generate insights, answer your questions, and create summaries of your data.
What's sent to Anthropic:
- Your question and the 20-row data sample
- Table/column metadata for context
- Previous chat messages in the conversation
What's NOT sent:
- Your full BigQuery dataset (only 20-row samples)
- Your credentials or OAuth tokens
- Data from queries you run manually (only AI-initiated queries)
Anthropic's commitments:
- Anthropic does not train models on data sent via their API (per their Commercial Terms)
- Data is processed only to generate your AI response
- Anthropic's Data Processing Addendum (DPA) applies to our commercial API usage, which includes GDPR-compliant Standard Contractual Clauses (SCCs)
What we store:
- The AI's summary/answer (e.g., "Revenue increased 15% in Q3")
- The 20-row sample data (displayed in the "thinking bubble" for context)
How it's protected:
- ✅ Encrypted at rest in our database (AES-256-GCM authenticated encryption)
- ✅ Only accessible to you (workspace-isolated)
- ✅ Only used to display your chat history—never for training, analytics, or any other purpose
- ✅ You can delete chat history anytime
Why we store the 20 rows: To provide a rich user experience—you can see exactly what data the AI analyzed when answering your question. This transparency helps you trust the AI's answers.
Mode 2: Standard Dashboard Access (Direct to Browser, No Server)
When you view dashboards or run manual queries:
- Query executed - Runs in your BigQuery
- Direct to browser - Results stream directly from BigQuery API to your browser
- Bypasses our servers - Data never touches our infrastructure
- Client-side processing - DuckDB WASM processes data entirely in your browser
What we store: Query metadata (SQL text, execution time, bytes processed) What we don't store: The query results or any row data
This is the default mode for dashboards and SQL editor.
Mode 3: Arrow Streaming (Opt-In, Through Server, Faster)
If you enable Arrow streaming (optional checkbox):
- Query executed - Runs in your BigQuery
- Arrow format - Results streamed in efficient Arrow format
- Through our server - Data passes through our backend
- To your browser - Delivered to your browser for display
- In-memory only - Data is NOT written to disk on our servers
What we store: Nothing—data streams through memory and is immediately discarded What we don't store: The query results (only exists in RAM briefly)
Why use this: 20-100x faster data transfer for large result sets Privacy trade-off: Data passes through our servers (but isn't stored)
Summary Table
| Mode | Data Through Server? | Data Stored? | Use Case |
|---|---|---|---|
| AI Agent | ✅ Yes (20 rows max) | 20-row sample + summary (encrypted) | "Show me revenue trends" |
| Standard | ❌ No (direct to browser) | No | Default dashboard viewing |
| Arrow Streaming | ✅ Yes (in-memory only) | No | Fast large data downloads |
What We Always Store (All Modes)
- Query metadata - SQL text, execution time, bytes processed
- Chart definitions - ChartML code for your dashboards
- Dashboard markdown - Your dashboard content
- AI summaries - The agent's analysis and answers (Mode 1 only)
- BigQuery catalog metadata - Table/column names, descriptions, types (enables intelligent search)
We never store: The actual query results or raw data rows from your warehouse (only metadata like table/column names).
Data Storage & Security
Where Your Data Lives
- Application data - PostgreSQL database on secure dedicated infrastructure
- Your BigQuery data - Stays in your Google Cloud project (you control the location)
- Chat messages - Stored in our database, encrypted at rest
Security Measures
- ✅ Encryption in transit - All data encrypted with TLS 1.3
- ✅ Encryption at rest - Chat messages and OAuth tokens encrypted with AES-256-GCM
- ✅ Secure authentication - Google OAuth, optional 2FA/passkeys
- ✅ Access controls - Role-based permissions, workspace isolation
- ✅ Regular backups - Automated daily backups (encrypted)
- ✅ Security monitoring - Automated threat detection
Data Retention
- Active accounts - Data retained while your account is active
- Deleted accounts - Permanent deletion within 30 days
- Chat history - Kept for the life of your workspace (you can delete anytime)
- Logs - Security logs retained for 90 days
Third-Party Services
We use trusted third-party services to operate Kyomi:
Required Services
- Google OAuth - Authentication (Google's Privacy Policy applies). We store your OAuth tokens (encrypted in our database) to access BigQuery on your behalf. You can disconnect Google OAuth anytime in Settings.
- Anthropic (Claude AI) - AI-powered data analysis. When you use the AI chat feature, we send your questions and 20-row data samples to Anthropic's Claude API for processing. Anthropic does not train models on API data (Commercial Terms). See "Mode 1: AI Agent Queries" section for full details.
- Stripe - Payment processing (Stripe's Privacy Policy applies)
- Google BigQuery - Your data warehouse (you control, not us)
Optional Integrations
- Google Cloud - If you connect your GCP project (your data, your control)
Important: We have data processing agreements with all third-party services to ensure they handle your data responsibly.
Your Rights & Controls
You have full control over your data:
Access
- View your data - See all data we have about you
- Export your data - Download dashboards, queries, chat history
- Request a data report - Email us for a complete data export
Control
- Update your information - Change email, name, preferences anytime
- Delete chat history - Delete individual chats or all history
- Delete your account - Permanent deletion within 30 days
Data Portability
- Export dashboards - Download as markdown files
- Export queries - Download query history as CSV
- Export chat history - Download as JSON
How to exercise these rights: Email privacy@kyomi.ai or manage your data through Settings
Legal Compliance
GDPR (European Union)
If you're in the EU, you have additional rights:
- Right to access, rectification, erasure, restriction, portability
- Right to object to processing
- Right to withdraw consent
- Right to lodge a complaint with supervisory authority
CCPA (California)
If you're in California, you have rights to:
- Know what personal information we collect
- Delete your personal information
- Opt out of sale (we don't sell data anyway)
- Non-discrimination for exercising your rights
International Users
We apply EU-level data protection to all users, regardless of location. Everyone deserves privacy.
Website Analytics
We use Plausible Analytics, a privacy-friendly web analytics service, to understand how visitors use our website and application. Plausible is designed with privacy as a core principle:
What Plausible Collects
- Page URL - Which pages you visit
- HTTP Referrer - Where you came from
- Browser type - Which browser you're using
- Operating system - Your OS type
- Device type - Desktop, mobile, or tablet
- Country - Derived from IP address (IP not stored)
Why Plausible is Privacy-Friendly
- ✅ No cookies - Completely cookie-free tracking
- ✅ No personal data - Cannot identify individual visitors
- ✅ No cross-site tracking - Doesn't follow you around the web
- ✅ Self-hosted - Data stored on our own servers, not third parties
- ✅ GDPR/CCPA compliant - No consent banner needed
- ✅ Open source - Transparent, auditable code
What We Use Analytics For
- Understand which features are most useful
- Improve user experience and navigation
- Measure marketing campaign effectiveness
- Identify and fix broken pages
Important: All analytics data is aggregated and anonymized. We cannot identify individual visitors or track your behavior across websites.
For more information: Plausible Data Policy
Cookies
We use minimal cookies:
- Essential cookies - Keep you logged in (session token)
- No tracking cookies - We don't use advertising or analytics cookies
See our Cookie Policy for details.
Children's Privacy
Kyomi is not intended for users under 13 years old. We don't knowingly collect data from children. If you believe a child has provided us data, contact privacy@kyomi.ai and we'll delete it immediately.
Changes to This Policy
We may update this policy to reflect changes in our practices or legal requirements. When we make significant changes:
- Notice - We'll email you at least 30 days before changes take effect
- Version history - Previous versions available on request
- Continued use - Using Kyomi after changes means you accept the new policy
Contact Us
Questions about privacy? We're here to help:
- Email: privacy@kyomi.ai
- Privacy Officer: Jason (Founder)
- Response time: We aim to respond within 48 hours
For security issues, email security@kyomi.ai
Our Commitment: Privacy isn't just a policy for us—it's a core value. We're building the analytics tool we'd want to use ourselves, and that means treating your data with the respect it deserves.
Last updated: November 23, 2025