Streambased

Legal

Privacy Policy

Last Updated: 9th April 2026

Streambased ("Company", "we", "us", or "our") is committed to protecting your privacy and handling personal data lawfully. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you use our SaaS platform ("Service").

1. Scope

This Privacy Policy applies to:

  • Visitors to our website
  • Users of our Service
  • Individuals whose personal data is processed through the Service

2. Roles and Responsibilities

For data protection purposes:

  • When you use the Service:
    • You are the Data Controller of any personal data within your connected systems (e.g. Kafka, Iceberg)
    • We act as a Data Processor
  • For account, billing, and website data:
    • We act as the Data Controller

3. Personal Data We Collect

3.1 Information You Provide

  • Name, email address, and account credentials
  • Billing and payment information
  • Support requests and communications

3.2 Automatically Collected Data

  • IP address and device information
  • Log data (access times, actions within the Service)
  • Cookies and usage analytics

3.3 Data from Connected Systems

  • We process data from systems you connect (e.g. Kafka, Iceberg)
  • May include personal data depending on your usage

We do not control the type of data you submit to the Service.

4. How We Use Personal Data

As a Data Controller

We use personal data to:

  • Provide and manage accounts
  • Process payments
  • Communicate with users
  • Improve and secure the Service
  • Comply with legal obligations

As a Data Processor

We process Customer Data solely:

  • On your instructions
  • To provide the Service (querying, dashboards, AI chat)
  • To maintain security and performance

5. Legal Bases for Processing

Where we act as Data Controller, we rely on:

  • Contractual necessity (to provide the Service)
  • Legitimate interests (security, improvements)
  • Legal obligations
  • Consent (where required, e.g. cookies)

6. AI Processing

  • AI features process data to generate insights and responses
  • AI outputs are automated and may be inaccurate
  • We do not use Customer Data to train shared AI models unless explicitly agreed
  • AI processing is solely to provide the Service

7. Cookies and Tracking

  • We use cookies and similar technologies to authenticate users, maintain sessions, and analyze usage
  • Where required, we obtain your consent before placing non-essential cookies
  • You can manage cookie preferences through your browser

8. Data Sharing and Disclosure

We may share personal data with:

8.1 Service Providers (Subprocessors)

  • Cloud hosting providers (e.g. AWS, Azure)
  • Infrastructure and analytics providers
  • AI service providers

All subprocessors are bound by data protection obligations equivalent to this Privacy Policy.

8.2 Legal Requirements

We may disclose data:

  • To comply with legal obligations
  • To protect rights, safety, or property

We do not sell personal data.

9. International Data Transfers

  • Our infrastructure is located in the United Kingdom and the United States
  • Personal data may be transferred outside the UK/EEA

Transfers are safeguarded using:

  • Standard Contractual Clauses (SCCs)
  • UK International Data Transfer Addendum

By using the Service, you consent to such transfers.

10. Data Retention

We retain personal data only as long as necessary:

  • Account data: for the duration of your account
  • Billing data: as required by law
  • Logs: limited retention for security and debugging

Customer Data is retained according to your instructions and deleted upon termination, unless legally required otherwise.

11. Data Security

  • Encryption in transit (TLS)
  • Access controls and authentication
  • Monitoring and logging

You remain responsible for securing your own infrastructure (Kafka, Iceberg, etc.).

12. Your Rights (GDPR / CCPA)

If you are in the UK or EEA, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time

If you are in the United States, you may have rights under state privacy laws (e.g. CCPA). Contact us to exercise them.

To exercise any rights, contact us at info@streambased.io.

13. Data Subject Requests (Processor Context)

If your data is processed through a customer account:

  • Contact the relevant Data Controller directly
  • We will assist the controller where required

14. Children's Privacy

The Service is not intended for individuals under 18. We do not knowingly collect personal data from children.

15. Changes to This Policy

We may update this Privacy Policy. Updates will be posted with a revised "Last Updated" date.

16. Contact Us

Streambased Ltd

20-22 Wenlock Rd, London N1 7GU

info@streambased.io

17. Governing Law

  • UK / EEA Users: This Privacy Policy is governed by the laws of England and Wales
  • US Users: This Privacy Policy is governed by the laws of the State of Delaware

18. Supervisory Authority

If you are in the UK or EEA, you can lodge a complaint with:

  • UK: Information Commissioner's Office (ICO)
  • EU: Your local Data Protection Authority

We use cookies

We use essential cookies to keep the product working, including authentication, onboarding preferences, and your cookie choice. By using this product, you agree to these necessary cookies. For more information, see our privacy policy and terms of service.