Privacy Policy

CausoAI ("we", "our", "us") is a B2B SaaS causal inference platform. We provide tools that help analytics teams discover causal relationships in their data, estimate treatment effects, and generate AI-powered insights. Our registered contact email is hello@causoai.com.

We collect the following categories of data:

**Account data:** Name, work email address, company name, and password (hashed) when you register.

**Usage data:** Pages visited, features used, analysis runs initiated, timestamps, and browser/device information collected via server logs and analytics.

**Uploaded data:** CSV files and data imported from connected sources (PostgreSQL, MySQL, Google Sheets) that you choose to upload for analysis. This data is stored in your organization's isolated workspace.

**Communication data:** Messages you send us via the contact form or email.

**Billing data:** Handled entirely by our payment processor (Stripe). We do not store raw card numbers.

We use your data solely to:

—Provide and operate the CausoAI platform and its features

—Authenticate your identity and enforce organization-level access controls

—Run causal analyses on data you explicitly upload or connect

—Generate AI-powered insights via the Anthropic Claude API on your analysis results

—Respond to support requests and product inquiries

—Send transactional emails (account confirmation, analysis completion, billing receipts)

—Improve platform reliability, debug errors, and monitor performance

—Comply with legal obligations

We do not sell your data. We do not use your uploaded datasets to train machine learning models. We do not share your data with third parties for marketing purposes.

We share data only with the following sub-processors, strictly to operate the platform:

—Anthropic — Analysis results (not raw data) are sent to the Claude API to generate plain-English insights. Anthropic's data usage policies apply.

—AWS / cloud infrastructure — Encrypted storage and compute for your data and analysis results.

—Stripe — Payment processing. Subject to Stripe's privacy policy.

—Redis / Celery — Temporary job queues for async analysis processing. Data is not persisted beyond job completion.

All sub-processors are contractually bound to process data only as instructed and in compliance with applicable data protection law.

We retain your data as follows:

—Account data: For the lifetime of your account, plus 30 days after deletion.

—Uploaded datasets: Until you delete them, or until your account is closed.

—Analysis results: Until you delete the analysis, or until your account is closed.

—AI-generated insights: Cached for 7 days, then regenerated on next request.

—Audit logs: Retained for 12 months for security purposes.

—Billing records: Retained for 7 years as required by applicable tax law.

You can delete your uploaded datasets and analysis results at any time from within the platform.

We take security seriously:

—All data is encrypted at rest (AES-256) and in transit (TLS 1.2+).

—Your organization's data is isolated at the row level — no other tenant can access your datasets or results.

—Access tokens expire after 60 minutes; refresh tokens after 30 days.

—All uploaded file paths are validated; only .csv files up to 50MB are accepted.

—External database connections use encrypted credential storage.

—We perform regular security reviews and dependency audits.

Enterprise customers can opt for on-premises deployment where no data leaves their infrastructure.

Depending on your location, you may have the following rights regarding your personal data:

—Access: Request a copy of the personal data we hold about you.

—Rectification: Ask us to correct inaccurate data.

—Erasure: Request deletion of your personal data ("right to be forgotten").

—Portability: Receive your data in a machine-readable format.

—Objection: Object to certain types of processing.

—Restriction: Ask us to restrict processing in certain circumstances.

To exercise any of these rights, email us at hello@causoai.com. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

We use a minimal set of cookies:

—Session cookie: Required for authentication. Expires when you close your browser or your session times out.

—Analytics cookie: Used to understand aggregate usage patterns (page views, feature adoption). We do not use advertising cookies or cross-site trackers.

You can disable cookies in your browser settings, though this will prevent you from logging in.

CausoAI is operated from the European Union. If you access our platform from outside the EU, your data may be transferred to and processed in countries where our infrastructure providers operate. We ensure such transfers comply with applicable data protection law through standard contractual clauses or equivalent mechanisms.

CausoAI is a B2B platform intended for use by business professionals. We do not knowingly collect personal data from anyone under the age of 16. If you believe a minor has provided us with personal data, please contact us at hello@causoai.com and we will delete it promptly.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a notice in the platform at least 14 days before the changes take effect. Continued use of the platform after that date constitutes acceptance of the updated policy. The "Last updated" date at the top of this page will always reflect the most recent revision.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

CausoAI

Email: hello@causoai.com

We are committed to resolving privacy concerns promptly and transparently.