datorra logo
. . .
datorra logo

Privacy Policy

Last updated: March 2026

1. Introduction

datorra ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

2. Our Role

datorra acts in different capacities depending on the type of data involved:

  • Data controller: For account information, usage data, and other personal data we collect directly from users of our website and platform (e.g., name, email, login activity).
  • Data processor: For third-party datasets hosted on our platform on behalf of our clients (data vendors). We process this data solely on our clients' instructions and in accordance with our service agreements. Our clients remain the data controller for their datasets.

3. Information We Collect

We collect the following types of information:

  • Contact information (name, email address)
  • Account information (username, role, organization)
  • Authentication tokens and API keys
  • Usage data (IP address, browser information, pages visited)
  • Query logs and service usage patterns
  • Third-party datasets hosted on behalf of clients (processed as data processor)

4. Legal Basis for Processing

We process personal data under the following legal bases as defined by the UK GDPR:

  • Contractual necessity: To provide and maintain our services, authenticate users, manage access, and process hosted datasets — as required to fulfil our contractual obligations to you.
  • Legitimate interest: To monitor service usage, maintain security, improve our platform, and respond to inquiries — where our interests do not override your rights and freedoms.
  • Legal obligation: To comply with applicable laws, regulations, and legal processes.
  • Consent: Where we rely on consent (e.g., marketing communications), you may withdraw it at any time by contacting us.

5. How We Use Your Information

We use the information we collect to:

  • Provide and maintain our services
  • Authenticate users and manage access
  • Process and maintain hosted datasets
  • Respond to your inquiries and provide support
  • Monitor service usage and security
  • Comply with legal obligations

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

  • Service providers who perform services on our behalf (cloud hosting, authentication, analytics)
  • Third-party data providers as required by licensing agreements
  • Other members of your organization for user management purposes
  • Legal authorities when required by law or to protect our rights
  • Parties involved in business transfers (mergers, acquisitions)
  • Others with your explicit consent

7. Sub-processors

We use the following key sub-processors to deliver our services:

  • Microsoft Azure: Cloud infrastructure and hosting (European data centres)
  • Auth0 (Okta): Authentication and identity management

We maintain appropriate data processing agreements with all sub-processors and ensure they provide a level of data protection consistent with this policy.

8. Data Storage and International Transfers

All data is stored and processed within European data centres provided by Microsoft Azure. We do not routinely transfer personal data outside of the European Economic Area (EEA) or the United Kingdom.

Where a transfer outside the EEA or UK is necessary (e.g., for a sub-processor), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office or the European Commission, or reliance on an adequacy decision.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and monitoring
  • Secure infrastructure and hosting

For more detail, see our Security page.

10. Data Retention

We retain your personal information:

  • For as long as necessary to fulfil the purposes outlined in this Privacy Policy
  • As required by law or legal obligations
  • In accordance with our service agreements

When we no longer need your information, we will securely delete it.

11. Your Rights

Under the UK GDPR, you have the following rights regarding your personal information:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Objection: Object to processing of your personal information
  • Restriction: Request restriction of processing
  • Data Portability: Request transfer of your data to another service provider
  • Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at [email protected]. We will respond to your request within one month. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

12. AI and Automated Processing

datorra provides infrastructure that enables end clients to access datasets through AI tools and large language models (LLMs). In this context:

  • datorra does not operate its own AI models or make automated decisions about individuals.
  • Datasets hosted on our platform may be queried by end clients' AI tools via our API and MCP endpoints. Any AI processing is performed by the end client's own systems.
  • We do not use your personal data to train machine learning models.

13. Cookies and Tracking Technologies

We use cookies and similar tracking technologies for:

  • Authentication and session management
  • Remembering your preferences and settings
  • Analyzing website usage and improving our services

You can control cookies through your browser settings, but disabling cookies may limit your ability to use certain features of our website and services.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes:

  • We will post the updated Privacy Policy on this page
  • We will update the "Last updated" date
  • We will notify you of any material changes

Your continued use of our services after such changes constitutes your acceptance of the updated Privacy Policy.

15. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of England and Wales. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the courts of England and Wales.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: