Back to home

DRAFT — This document is subject to legal review and may change before the service launches publicly.

Last updated: February 22, 2026

Privacy Policy

IJKOS & PARTNERS LTD (“Company”, “we”, “us”) operates dmp-af.cloud (the “Service”). This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

1. Data We Collect

Account Information

  • Email address — provided during signup or via OAuth provider
  • Name — provided during signup or retrieved from OAuth provider
  • OAuth identifiers — unique IDs from Google or GitHub when you use social login
  • Profile image URL — retrieved from OAuth provider (if available)

Usage Data

  • dbt project metadata — manifests, model names, lineage relationships, and domain configurations you upload
  • Consent records — timestamps for Terms of Service acceptance and marketing preferences

Technical Data

  • Session data — authentication tokens and session identifiers
  • Server logs — IP addresses, request timestamps, and user agent strings (retained for security and debugging)

2. How We Use Your Data

  • Provide the Service — parse manifests, generate lineage graphs, compute metrics, manage your projects
  • Authentication — verify your identity and maintain sessions
  • Communication — send transactional emails (password reset, invitations) and, if you opted in, product updates
  • Security — detect and prevent unauthorized access, fraud, and abuse
  • Improvement — understand usage patterns to improve the Service (aggregated, not individual tracking)

3. Cookies and Session Storage

We use essential cookies only:

  • Session cookie — maintains your authenticated session. Required for the Service to function. Expires when you sign out or after the session timeout.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies. We do not use pixel trackers or similar technologies.

We also use browser local storage to remember UI preferences such as your selected branch, project, and dismissed banners. This data is stored locally and used client-side to restore your preferences.

4. Data Isolation and Multi-Tenancy

The Service uses a multi-tenant architecture with strict data isolation. Your project data, manifests, and configurations are stored in per-organization databases and are not accessible by other organizations or users outside your organization. Account and authentication data is stored in a shared platform database with application-level access controls scoped to your organization.

5. Third-Party Services

We share data with the following third-party services as necessary to operate:

  • Google OAuth — if you sign in with Google, we receive your name, email, and profile picture from Google. See Google's Privacy Policy.
  • GitHub OAuth — if you sign in with GitHub, we receive your name, email, and username from GitHub. See GitHub's Privacy Statement.
  • Resend — we use Resend to deliver transactional emails (invitations, password resets). Resend processes your email address for delivery purposes only. See Resend's Privacy Policy.

We do not sell your personal data to any third party.

6. Data Retention

  • Account data — retained while your account is active
  • Project data — retained while your account is active; deleted within 30 days of account termination
  • Server logs — retained for up to 90 days for security purposes
  • Consent records — retained as required by applicable law (GDPR requires proof of consent)

7. Your Rights

Under the General Data Protection Regulation (GDPR) and similar laws, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Deletion — request deletion of your personal data (“right to be forgotten”)
  • Portability — request your data in a structured, machine-readable format
  • Objection — object to processing of your data for specific purposes
  • Withdraw consent — withdraw marketing consent at any time without affecting service access

To exercise any of these rights, contact us at hello@dmp-af.cloud. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encrypted connections (HTTPS/TLS) for all data in transit
  • Password hashing using industry-standard algorithms
  • Database-level isolation between organizations
  • Regular security reviews of infrastructure and code

9. International Data Transfers

Your data may be processed in countries outside your country of residence. When transferring data outside the EEA, we ensure appropriate safeguards are in place in accordance with GDPR requirements.

10. Children's Privacy

The Service is not intended for use by individuals under 16 years of age. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The “last updated” date at the top reflects the most recent revision.

12. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at: hello@dmp-af.cloud

IJKOS & PARTNERS LTD
United Kingdom