PRIVACY POLICY

Last updated: February 04, 2026

This Privacy Policy explains how DATA SWEEP (“we”, “us”, “our”) collects, uses, discloses, and protects personal data when you access or use our websites, applications, and services (collectively, the “Services”), including:

- datasweep.app / www.datasweep.app

- features related to dataset search, dataset merging, downloads, trust score, custom lists

- Literature Review / AI chat functionality (where available)

- institutional/team features (e.g., onboarding, training, usage reporting)

If you do not agree with this Privacy Policy, please do not use the Services.

1) Who we are (Data Controller) and how to contact us

 

Controller: DATA SWEEP (company registered in Romania)  

Registered address: Emanuil Gojdu Square, No. 41, Building I, Ground Floor, Oradea, Romania  

Email: cosmin.datasweep@datasweep.app  

Phone: +40764543298 

2) When we act as Controller vs. Processor (important for B2B / institutions)

 

Depending on how your access is arranged, our role can differ:

 

A) Individual accounts (B2C) and direct subscriptions  

When you create an account yourself and/or purchase a plan, DATA SWEEP typically acts as the Controller for personal data we process to provide the Services.

 

B) Institutional / enterprise access (B2B)  

If your organization (e.g., university, library consortium, company) provides access to Authorized Users under a contract, DATA SWEEP may process certain data:

- as Controller (e.g., basic service administration, security, platform improvement), and/or

- as Processor on behalf of the institutional customer, where the contract defines the customer as Controller for specific processing (e.g., access provisioning, reporting).

 

If a conflict exists between this Privacy Policy and a signed B2B agreement/Data Processing Agreement, the contract governs for that institutional relationship.

3) What personal data we collect

 

We collect data in three main ways: 

(1) information you provide, 

(2) information collected automatically, 

and 

(3) information from third parties/partners.

 

A) Information you provide  

Depending on how you use the Services, you may provide:

- Account & identity data: name, email, username, password (stored in a protected form), organization/institution, preferences

- Billing data (as applicable): billing name, billing address, tax/VAT details (if needed), purchase history (payment card details are typically handled by payment processors, not stored directly by us)

- Support & communications: messages to support, survey answers, feedback, call notes

- Content you upload or create: saved lists, notes, datasets you compile/merge, files you upload where such features are enabled

- Professional/research context (optional): areas of interest, research topics, use case details (e.g., for demos or onboarding)

 

B) Information collected automatically (Usage & device data)  

When you use the Services, we may collect:

- Log and device data: IP address, timestamps, device/browser type, operating system, language, referring pages

- Usage data: pages/screens viewed, clicks/actions, time spent, features used (e.g., merges run, datasets viewed/downloaded), error logs

- Cookies and similar technologies: to keep you logged in, remember settings, and measure performance

 

C) Information from third parties / partners  

We may receive limited data from:

- Institutional access partners (e.g., access provided via institutional IP or remote-access solutions)

- Service providers (e.g., fraud prevention, analytics, payment confirmation status)

- Public sources or user-provided links (only if you choose to share them, e.g., profile links)

 

4) How we use personal data (purposes) and legal bases (GDPR)

We process personal data only when we have a lawful basis. Depending on context, we rely on:

 

A) Contract / steps to enter a contract  

To:

- create and manage your account

- deliver the Services (dataset search, merges, downloads, literature review/chat features)

- provide customer support and respond to requests

- manage subscriptions, invoices, and service notices

 

B) Legitimate interests  

To:

- secure and maintain the platform (prevent fraud/abuse, troubleshoot, audit logs)

- improve and develop the Services (e.g., feature performance, reliability, UI improvements)

- generate aggregated usage insights to understand how the platform is used (without aiming to identify you)

 

Where we rely on legitimate interests, we balance our interests against your rights and expectations.

C) Consent (where required)  

To:

- send newsletters/marketing messages (where you opt in or where law requires consent)

- use optional analytics/marketing cookies (where consent is required)

- participate in optional research interviews, testimonials, or promotional activities

 

You can withdraw consent at any time (see “Your rights and choices”).

 

D) Legal obligations  

To:

- comply with accounting, tax, and other legal requirements

- respond to lawful requests by authorities

- establish, exercise, or defend legal claims

 

5) AI features (Literature Review / chat)

 

Where AI-powered features are available, your inputs (e.g., prompts/queries) and outputs may be processed to provide the feature and improve reliability and safety.

 

Please avoid submitting sensitive personal data (e.g., health, political views, IDs) in free-text prompts unless strictly necessary. If you submit personal data in prompts, you are responsible for ensuring you have the right to share it.

 

We may use vetted third-party infrastructure/providers to run these features under appropriate contractual safeguards, acting as processors.

 

6) Cookies and similar technologies

 

We use cookies and similar technologies for:

- essential website functionality (authentication, session management)

- preferences (language, UI settings)

- performance and analytics (under applicable consent rules)

 

For details and controls, see our Cookies Policy and your browser/device settings.

 

7) How we share personal data

 

We do not sell your personal data.

We may disclose personal data only as needed, including to:

 

A) Service providers (processors)  

Hosting, cloud infrastructure, analytics, customer support tools, email delivery, fraud prevention, payment processing, and security services. Providers are contractually required to protect personal data and use it only for the services they provide to us.

 

B) Institutional customers (B2B) – administration & reporting  

If your access is provided by an institution:

- your institution may receive certain administrative information needed to manage access (e.g., confirming that an account belongs to the institution)

- if usage reporting is included, the institution may receive aggregated and anonymized usage reports (see Section 11)

 

C) Legal and safety reasons  

We may disclose data if required by law, court order, or to protect the rights, safety, and security of DATA SWEEP, our users, or others.

 

D) Business transfers  

If we undergo a corporate transaction (e.g., merger, acquisition, asset sale), personal data may be transferred as part of that transaction subject to applicable law.

 

8) International transfers

 

We are based in the EU (Romania), but some service providers may process data outside the European Economic Area.

 

Where personal data is transferred internationally, we use appropriate safeguards such as:

- Standard Contractual Clauses (SCCs), and/or

- other lawful transfer mechanisms recognized by GDPR

 

9) Data retention

 

We keep personal data only as long as necessary for the purposes described above, including:

- Account data: typically retained while your account is active; deleted or anonymized after account closure/deletion requests, unless we must keep some data for legal reasons

- Usage/security logs: retained for a limited period appropriate for security, analytics, and troubleshooting

- Billing/transaction records: retained as required by applicable accounting/tax laws

 

We may retain and use aggregated, anonymized data for analytics and reporting, where it no longer identifies you.

 

10) Security

 

We implement reasonable technical and organizational measures designed to protect personal data (access controls, encryption where appropriate, monitoring, and secure development practices). No system is 100% secure; you are responsible for keeping your credentials confidential.

 

We may use security tools such as automated abuse/fraud detection to protect the Services.

 

11) Institutional / enterprise usage reporting (aggregated & anonymized)

 

For enterprise/institutional customers, DATA SWEEP may provide usage insights and operational reports that are designed to be aggregated and anonymized, and do not identify individual users.

 

Depending on the contract, such reports may include:

- total and trend usage (e.g., sessions, searches, downloads)

- page views and feature usage (e.g., merges executed)

- onboarding/training engagement (e.g., number of participants in workshops/webinars, by format: onsite/online/hybrid)

- COUNTER-style metrics (where included in the enterprise plan)

 

If your institution requires identifiable user-level data for legitimate administration, this will be handled only where lawful and documented in the relevant agreement.

 

12) Your rights and choices (GDPR)

 

Subject to GDPR and local law, you may have the right to:

- access your personal data

- correct inaccurate data

- delete your data (where applicable)

- restrict or object to processing

- data portability

- withdraw consent (where processing is based on consent)

- lodge a complaint with a supervisory authority

 

To exercise your rights, contact us at cosmin.botoroga@datasweep.app.

 

13) Changes to this Privacy Policy

 

We may update this Privacy Policy to reflect changes in our Services, legal requirements, or processing practices. We will update the “Last updated” date and may provide additional notice where appropriate.

 

14) Contact and complaints

 

Questions or requests: cosmin.botoroga@datasweep.app