Privacy Policy

Last updated: May 13, 2026

This Privacy Notice for E.H. Insights AB (doing business as Secondata) ("we," "us," or "our") describes how and why we collect, store, use, and share your personal information when you use our services, including when you visit https://www.secondata.ai.

Questions or concerns? Contact us at privacy@secondata.ai. If you do not agree with this policy, please do not use the Services.

1. What Data We Collect

Data you provide directly

• Email address — collected when you claim a free report or create a paid subscription.
• Research queries — the question or topic you search for. This includes any context you add (decision framing, audience, or purpose) when refining your search.
• Query interpretation — the version of your query as interpreted by our AI (Claude), which may differ from your original input.

Data generated by your use of the service

Each time a report is generated, we log the following to our database:

• The query text and search context you provided
• Question type classification (descriptive, analytical, or comparative)
• Report metadata: evidence certainty level, methodology score, source count, number of verified sources, and search duration
• Your email address, if you claimed a free report during that session

Analytics data (Vercel Web Analytics)

We use Vercel Web Analytics, a privacy-first analytics tool. It does not use cookies and does not track you across sessions or sites. It collects:

• Anonymised page views — identified by a daily-rotating hash, not a persistent ID
• Country, operating system, and browser type (no device fingerprinting)
• Custom product events: query_submitted, report_viewed, interpretation_accepted, interpretation_edited

None of this data can be used to identify you personally.

2. Where Data Is Stored and Who Processes It

Your data passes through or is stored with the following services:

• Neon Postgres (EU — Frankfurt, Germany). Query logs and report metadata are stored in a Postgres database hosted by Neon, Inc. Data resides in the EU (AWS eu-central-1 region).
• Vercel (global CDN). The website and serverless functions are hosted on Vercel's infrastructure. Vercel Analytics data is processed by Vercel, Inc.
• Anthropic (Claude API). Your search query is sent to Anthropic's API to generate a research report. Anthropic processes this data in accordance with their own privacy policy and API data handling terms. Query data is not used to train Anthropic's models under their current API terms.
• CrossRef and Semantic Scholar. Source titles and authors are sent to these academic databases to verify citations. These are read-only lookups; no personal data is transmitted.
• Stripe, Inc. Payment processing for paid subscriptions. When you subscribe, Stripe collects your name, payment card details, and billing address directly. We do not store or see your card number. We receive from Stripe: your email address (as provided during checkout), a Stripe customer ID, and a subscription ID. These are stored in our database to manage your plan and report allowance. Stripe's Privacy Policy governs all payment data.

3. How We Use Your Data

• To provide the service. Your query is processed to generate a research report.
• To improve the product. Aggregated query logs help us understand what questions users are asking, how confident the evidence is, and where the product falls short.
• To manage your account and subscription. Your email is used to track free report usage and manage paid subscriptions.
• To communicate about the product. If you provide your email, we may send occasional product updates. You can unsubscribe at any time.

4. Legal Basis for Processing (GDPR)

If you are located in the EU, EEA, or UK, we rely on the following legal bases:

• Consent. When you submit your email to access a free report, you consent to us storing that email and the associated query log. You can withdraw consent at any time by contacting us.
• Legitimate interest. We have a legitimate interest in logging anonymised product usage (query metadata, search performance, evidence scores) to improve Secondata. This logging does not require your email and is proportionate to the purpose.
• Performance of a contract. When you subscribe to a paid plan, we process your email and usage data to fulfil our contractual obligations.

5. How Long We Retain Your Data

• Query logs (query text, metadata, scores) are retained for up to 24 months from the date they were created, then deleted. We may delete them earlier if no longer needed for product development.
• Email addresses associated with free report claims are retained until you request deletion or for a maximum of 24 months.
• Subscription and billing data is retained as required by Swedish accounting law (currently 7 years).

To request earlier deletion of your data, contact privacy@secondata.ai.

6. Your Rights Under GDPR

If you are located in the EU, EEA, or UK, you have the following rights regarding your personal data:

• Access. You can request a copy of the personal data we hold about you.
• Rectification. You can ask us to correct inaccurate data.
• Erasure. You can ask us to delete your personal data. We will comply unless we have a legal obligation to retain it.
• Data portability. You can request your data in a structured, machine-readable format.
• Restriction. You can ask us to restrict processing of your data in certain circumstances.
• Withdraw consent. Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
• Lodge a complaint. You have the right to complain to your national data protection authority. In Sweden, this is Integritetsskyddsmyndigheten (IMY) at www.imy.se.

To exercise any of these rights, contact Elisabeth Hellerström at privacy@secondata.ai. We will respond within 30 days.

7. Do We Offer AI-Based Products?

Yes. Secondata uses Claude (Anthropic) to generate research reports from your queries. Your query text is sent to Anthropic's API for processing. Anthropic does not use API inputs to train their models under their current commercial API terms. For more detail, see Anthropic's privacy policy.

8. How Do We Keep Your Information Safe?

We use TLS encryption for all data in transit. The Neon database is access-restricted and not publicly accessible. Admin access to query logs requires a secret key. No payment card data is stored by us.

No electronic storage is 100% secure. If you have concerns about specific data, contact us.

9. Do We Collect Information From Minors?

No. The Services are intended for users aged 18 and over. We do not knowingly collect data from minors. If you believe we have done so, please contact us at privacy@secondata.ai.

10. Do-Not-Track

We do not respond to Do-Not-Track browser signals. Vercel Analytics does not use tracking cookies regardless of DNT settings.

11. Updates to This Policy

We will update this policy when our data practices change. The "Last updated" date at the top of this page will reflect the most recent revision. Significant changes will be communicated via the product or by email if we hold your address.

12. Contact

For any privacy-related questions or to exercise your rights, contact:

Elisabeth Hellerström
E.H. Insights AB — Data Controller
Stockholm, Sweden
privacy@secondata.ai
+46 72 353 73 19