The Data Lab logo

Privacy & Data Policy

Effective Date: [Insert Date]
Last Updated: [Insert Date]

1. Overview

At DataLab, we are committed to protecting your privacy and the confidentiality of your data. This Privacy & Data Policy explains how we collect, use, store, and protect the personal and business data processed through our platform.

By using DataLab, you agree to the practices described in this policy.

2. Who We Are

DataLab is a software-as-a-service (SaaS) platform provided by The Data Lab, designed to help clients of marketing agencies measure and understand the performance of their marketing spend. Our platform ingests and processes data such as advertising spend, web traffic, sales, and calculated marketing metrics to deliver insights and recommendations through a secure client dashboard.

3. What Data We Collect

We collect and process the following types of data:

A. Client Business Data

  • Advertising spend (e.g. Google Ads, Meta Ads)
  • Website traffic and attribution metrics
  • Sales performance and revenue data
  • Calculated or derived data (e.g. conversion rates, cost per acquisition)
  • Custom insights and report annotations

B. User Data

  • Full name and email address
  • Login credentials (stored securely, never in plain text)
  • Company affiliation
  • User roles (e.g. admin, client)

C. Usage & Technical Data

  • IP address
  • Browser and device information
  • Usage logs for audit and monitoring
  • Timestamps of logins and actions

4. How We Use Your Data

We use your data to:

  • Deliver personalised dashboards and marketing insights
  • Improve the functionality and user experience of the DataLab platform
  • Respond to support requests and client inquiries
  • Perform analytics on system usage to improve our services
  • Meet legal, regulatory, or security obligations

5. Data Access and Security

A. Authentication and Authorization

  • All users must authenticate using secure login credentials.
  • Access is strictly role-based (e.g., client users can only access their company's data; internal DataLab admins can manage clients but cannot access confidential client business data beyond what is required).

B. Data Isolation

  • We use Row-Level Security (RLS) via Supabase to enforce data isolation between clients.
  • Each client's data is stored and accessed in a manner that ensures strict segregation from other clients.

C. Internal Access Controls

  • Only authorized DataLab personnel have access to backend systems for the purpose of managing the platform, onboarding clients, and troubleshooting issues.
  • All access is logged and subject to periodic audit.

6. Data Storage & Retention

  • All data is stored securely on infrastructure hosted by Supabase and other sub-processors that meet industry security standards.
  • We retain client business data for as long as you are a customer and for a limited period thereafter for compliance and backup purposes.
  • You may request deletion of your data at any time by contacting support@thedatalab.co.nz.

7. Third-Party Services

We may share data with third-party service providers who help us operate and maintain our platform, including but not limited to:

  • Hosting providers
  • Analytics tools (for internal performance monitoring only)
  • Authentication services

These providers are contractually obligated to protect your data and are only allowed to process it for specific purposes related to the operation of DataLab.

8. Cookies and Tracking

We may use cookies or similar tracking technologies for:

  • Session management
  • User authentication
  • Aggregated analytics on system usage

You can control cookie settings through your browser preferences.

9. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction or deletion of your data
  • Withdraw consent for data processing (where applicable)
  • Lodge a complaint with your local data protection authority

To exercise any of these rights, please contact us at support@thedatalab.co.nz.

10. International Data Transfers

If you are located outside of New Zealand, your information may be transferred to and processed in New Zealand where our servers are located. By using our services, you consent to this transfer, processing, and storage.

11. Changes to This Policy

We may update this policy periodically. When we do, we will update the "Last Updated" date and notify users where appropriate.

12. Contact Us

If you have any questions about this policy or our data practices, you can reach us at:

📧 Email: support@thedatalab.co.nz

🏢 Address: [Your Company Address]