Privacy Policy

Data controller

Powint is operated from France. For questions about your data, contact us at contact@powint.ai.

What we collect

• Email address — used for authentication and account identification.
• Organization and role data — your org membership, role (admin/builder/viewer), and team memberships.
• Connector credentials — database passwords, API keys, and connection details you provide. Encrypted at rest (AES-256-GCM). Never returned in API responses, UI, or to the agent.
• Connector schemas — table names, column names, and column types discovered via introspection. Used by the agent and displayed in the editor.
• App code — TypeScript/React source files, compiled JavaScript, and version history for every app you build.
• Conversations — chat messages, agent responses, tool calls, and tool results. When the agent queries your data sources, the returned results are stored as part of the conversation.
• Platform table data — any data you store in Powint's built-in database tables, isolated per organization.
• Job code and metadata — scheduled job source code, cron schedules, and execution timestamps.
• Uploaded files — images, PDFs, CSVs, Excel files, and other documents you attach to chat messages. Stored in a private bucket, scoped to your organization.

What we do not persist

When your apps or the agent query external data sources (your databases, APIs), the results are proxied through our backend and returned to the client. Query results from external data sources are not stored, with one exception: when the agent queries your data during a conversation, those results are persisted as part of the chat history so the agent can reference them. You can delete conversations to remove this data.

AI processing

Legal basis (GDPR Art. 6)

• Contract performance (Art. 6(1)(b)) — processing your data is necessary to provide the service: authenticating you, storing your apps, proxying your queries, running the agent.
• Legitimate interest (Art. 6(1)(f)) — maintaining platform integrity, preventing abuse, and improving the service.

Data processors

We use the following third-party services to operate the platform:

All US-based processors participate in or comply with the EU-US Data Privacy Framework. Data transfers are covered by standard contractual clauses where applicable.

Data retention

• Account data — retained while your account is active. Deleted upon request.
• Connector credentials — retained while the connector exists. Deleted when the connector is removed.
• App code and versions — retained while the app exists. Deleted when the app is deleted.
• Conversations — retained until you delete them or your account is closed.
• Uploaded files — retained until the associated conversation is deleted or you request deletion.
• Platform table data — retained until you drop the table or your organization is closed.

Your rights

Under the GDPR, you have the right to:

• Access — request a copy of your personal data.
• Rectification — correct inaccurate data.
• Erasure — request deletion of your data.
• Portability — receive your data in a structured, machine-readable format.
• Restriction — limit how we process your data.
• Objection — object to processing based on legitimate interest.

To exercise any of these rights, email contact@powint.ai. We will respond within 30 days.

Supervisory authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés), the French data protection authority.

Cookies and tracking

We do not use analytics cookies, tracking pixels, or third-party advertising. The only client-side storage used is for authentication (session token).

Children

Powint is not intended for use by anyone under 18. We do not knowingly collect data from minors.

Changes

We may update this policy as the platform evolves. For significant changes, we will notify you via the email associated with your account.