Privacy Policy

1. Data controller

2. Data we collect and why

2.1 Account data

When you create a member account, we collect:

• Email address — verified through Google Firebase Authentication; used as your unique account identifier and for transactional messages.
• First and last name — used to personalise your experience and for correspondence.
• Company and job title (optional) — used to personalise content recommendations.
• Country (optional) — used to show regionally relevant content and for anonymised analytics.
• Profile photo URL — provided automatically by your Google account; displayed within the platform.

Legal basis: Art. 6(1)(b) GDPR — performance of a contract (account services).

2.2 Authentication data

We use Google Firebase Authentication (Google LLC, a data processor under a DPA with us) to handle sign-in securely. We receive a verified identity token; we do not store your Google password.

A signed HttpOnly session cookie (named dpt_session) is stored in your browser for up to 2 hours to keep you logged in. This cookie contains only your internal account ID — no personal data.

Legal basis: Art. 6(1)(b) GDPR.

2.3 Communication consent records

When you opt in or out of communications, we record:

• The type of consent (e.g. workshop updates, newsletter)
• Whether you granted or withdrew consent
• The exact date and time
• Your IP address and browser user-agent at the time of the action
• The version of the consent text you were shown

These records are immutable — we never modify them, only append new rows. This ensures a complete audit trail as required by GDPR.

Legal basis: Art. 6(1)(c) GDPR — legal obligation (demonstrating valid consent).

2.4 Marketing communications (optional)

If you opt in, we may send you emails about:

• Workshop & event updates: information about upcoming workshops, books, online learning materials, and both free and paid events in the Data Products community.
• Partner announcements: curated offers and news from selected partners in the data ecosystem.
• Newsletter: monthly digest with community news, insights and announcements.

Legal basis: Art. 6(1)(a) GDPR — consent. You may withdraw consent at any time via your account settings or by unsubscribing from any email.

3. Data processors and third parties

We do not sell personal data to third parties.

4. Data retention

• Account data: retained for as long as your account is active. Deleted within 30 days of account deletion.
• Consent records: retained for 3 years after the last consent event to fulfil our legal documentation obligations.
• Session cookies: expire after 2 hours or when you sign out.

5. Your rights

Under the GDPR you have the right to:

• Access — request a copy of the data we hold about you.
• Rectification — correct inaccurate data via your account settings.
• Erasure — delete your account (and all associated data) at any time from your account settings. Consent records are retained as required by law.
• Portability — receive your profile data in a machine-readable format on request.
• Objection / Withdrawal — withdraw marketing consent at any time without affecting account access.
• Restriction — request that we restrict processing in certain circumstances.

To exercise any right, contact us or use the account settings page.

6. Supervisory authority

You have the right to lodge a complaint with the Austrian supervisory authority:

7. Changes to this policy

We may update this Privacy Policy from time to time. We will notify registered members of material changes by email. The "Last updated" date at the top of this page reflects the most recent revision.