Privacy Policy
Last Updated: December 4, 2024
1. General
The Deta Services provided by the company Deta GmbH (hereinafter “Deta”, “us”, ”we” “our”) provides this Privacy Policy to inform users of our policies and procedures regarding the collection, use and disclosure of information received from users of the Surf software, and any other application, feature, content, website (“Site”), software, or service offered by Deta in connection to the Surf software (collectively, together with the Site, our “Service(s)”, “Deta Services”.)
By using our Services you are consenting to our Processing of your information as set forth in this Privacy Policy, and our Terms and Conditions which are available at: https://deta.surf/terms, now and as amended by us.
“Processing” means using cookies on a computer or using, receiving, or accessing information in any way, including, but not limited to, collecting, storing, deleting, using, combining and disclosing information.
TL;DR - We will not sell your data to anyone, and we are making our best effort to collect as little personally identifiable information as possible.
- If you’ve signed up to our email communications, we will send you emails with respect to product updates and general communications.
- We ask that you create an account to use parts of the Service (the cloud / AI stuff).
- We use services like Amplitude, Plausible, and Sentry to measure interactions with and improve Deta. These interactions are anonymous and do not contain personally identifiable information.
- We can not see what you’re browsing.
- We use services like Loops, and Google Workspace to communicate, process, and provide you with information, and offer support once you have signed up for Deta.
- We use Amazon Web Services to process and store user data that are submitted by you, for example when signing up to the service.
- For our AI features, we offer multiple models and options, and use a variety of services including Azure, OpenAI, AWS, and Anthropic, to provide you with enhanced functionality and interaction in our Services. We also provide you the ability to connect to local models run by yourself. We do not take any responsibility for your use of AI, including with local, or custom models. Please proceed with caution, and be mindful about the data that you are sharing with any of the AI models.
- Deta considers the information of users to be confidential. Deta GmbH will protect private information from unauthorized use, access, or disclosure in the same manner that we would use to protect our own confidential information of a similar nature and in no event with less than a reasonable degree of care.
2. Information Collection and Use
Our primary goals in collecting information from you are to provide you with enhanced functionality, to improve the products and services made available through the Service, to communicate with you, and to manage your registered user account, if you have one.
We may also use your information to operate, maintain, and bolster the Service and its features, and to provide customer support to users.
3. Information Collected Upon Registration
You provide us with information when you use the Services, register for an account, make a transaction, or send us customer service-related requests. If you desire to have access to certain restricted sections of the Site and Services, you will be required to become a registered user, in certain cases pay a fee, and to submit certain personally identifiable information to Deta. This happens in a number of instances, such as when you sign up for Deta, or if you desire to receive marketing materials and information. Information that we may collect in such instances may include your IP address, full username, password, email address, city, credit card and other billing information, preferences, telephone number, and other information that you decide to provide us with. We may link such information with other information you provide about yourself only when necessary to provide you with the Services you would expect.
4. Use of Contact Information
In addition, we may use your contact information to market to you, provide you with information about our products and services, or otherwise communicate with you, including but not limited to our Service. If you decide at any time that you no longer wish to receive such information or communications from us, please unfollow us, unsubscribe as per the instructions provided in any of the emails, send your request to us by email at [email protected], and delete your account.
5. Log Data
When you use our Services, including visiting the Site, our servers (AWS and Cloudflare) automatically record information that your browser sends whenever you visit a website (“Log Data”). This Log Data may include information such as your IP address, browser type or the domain from which you are visiting, the web-pages you visit, the search terms you use, and any advertisements on which you click. For most users accessing the internet from an internet service provider the IP address will be different every time you log on. We use Log Data to monitor the use of the Site and of our Service, and for the Site’s technical administration. We do not associate your IP address with any other personally identifiable information to identify you personally.
6. Cookies and Automatically Collected Information
While we are keeping cookies and automatic collection of information to a minimum, like many websites, we might also use “cookie” technology to collect additional website usage data and to improve the Site and our Service. A cookie is a small data file that we transfer to your computer’s hard disk. Deta may use both session cookies and persistent cookies to better understand how you interact with the Site and our Service, to monitor aggregate usage by our users and web traffic routing on the Site, and to improve our Service. A session cookie enables certain features of our Service, and is deleted from your computer when you disconnect from or leave the Site. A persistent cookie remains after you disconnect from or leave the Site, and may be used by your browser on subsequent visits to the Site. Persistent cookies can be removed by following your web browser help file directions. Most Internet browsers automatically accept cookies. You can instruct your browser, by editing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. Please note that if you delete, or choose not to accept cookies from Deta, you may not be able to utilize the features of the Deta Services to their fullest potential. Deta does not process nor respond to web browsers’ “do not track” signals or other similar transmissions that indicate a request to disable online tracking of users who use Deta.
We (and our third party providers) may also use these technologies to collect information regarding your interaction with email messages, such as whether you opened, clicked on, or forwarded a message. This information is gathered from all users, and may be connected with other information about you.
7. Third Parties
Some of your personal data is collected via and/or shared with third party service providers where necessary:
Amplitude
We use Amplitude to give us Telemetry insights into how users use our Service and where we could improve it. We don’t track the websites you visit or collect any personally identifiable information, but use randomly generated IDs.
Amazon - Amazon Web Services (AWS)
We use Amazon Web Services for storage, processing of data, and as an identity provider. AWS stores any password that you provide when opting to use email login (we do not have access to this password), as well as other data you may provide when signing up such as username and email address, or which you otherwise decide to provide and store in our Services.
AWS Bedrock: We use AWS Bedrock to get access to Anthropic’s business services, to enhance the functionality of our products and Services. Data that you choose to provide in any of our AI features might be processed and stored by AWS and/or Anthropic. This might include technical logs. Please be mindful about the data that you decide to share with AWS and Anthropic, and avoid sending personally identifiable information.
Anthropic
We enable users to connect directly to Anthropic, using their own API-key. The purpose of this is to enhance the functionality of our products and Services, including code generation, prompt returns, and interface interaction, among other features. All data that you choose to provide in any of our AI features might be processed and stored by Anthropic. This might include technical logs. Please be mindful about the data that you decide to share with Anthropic, and avoid sending personally identifiable information.
Azure
We use Azure to get access to OpenAI’s business services, to enhance the functionality of our products and Services, and optionally in tagging of images. Data that you choose to provide in any of our AI features might be processed and stored by Azure and/or OpenAI. This might include technical logs. Please be mindful about the data that you decide to share with Azure and OpenAI, and avoid sending personally identifiable information.
Cloudflare
We use Cloudflare to host our Site and APIs and to ensure stability of the Service. User IP addresses and related information such as country or region of access might be processed and stored by Cloudflare.
We use the full Google Workspace-suite (Google Gmail, Google Drive, Google Docs, Google Spreadsheets, and Google Meets) to communicate, analyze, and store data that might contain your email address or other personally identifiable data, if you’ve provided such to us.
Loops
We use Loops, the email platform, for customer interaction, to send for example newsletters and to offer support. Your email address may be stored in Loops.
OpenAI
We enable users to connect directly to OpenAI, using their own API-key. The purpose of this is to enhance the functionality of our products and Services, including code generation, prompt returns, and interface interaction, among other features. All data that you choose to provide in any of our AI features might be processed and stored by OpenAI. This might include technical logs. Please be mindful about the data that you decide to share with OpenAI, and avoid sending personally identifiable information.
Sentry
We use Sentry to collect error reports from our backend servers, and frontend applications. When an error occurs, certain technical information may be shared with Sentry to help us diagnose and resolve the issue. This includes no personally identifiable data.
Typeform
We use Typeform to perform user surveys. Any data that you submit through Typeform and our user surveys will be processed and stored with Typeform.
8. Security
Deta is very concerned about safeguarding the confidentiality of your personally identifiable information, as well as other data you decide to provide or store in our Service, or otherwise entrust us with. Private data access is only allowed to selected authorized employees, and we only access it after explicit permission from the user or when we deem it necessary to protect the integrity of our Service. No sensitive data (secret tokens, keys, etc.) is stored in plain text. They are either encrypted at rest or only their hashed values are stored. However, please be aware that no security measures are perfect or impenetrable. We cannot and do not guarantee that information about you will not be accessed, viewed, disclosed, altered, or destroyed by breach of any of our administrative, physical, and electronic safeguards. We will make any legally-required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored personal data to you via email or conspicuous posting on this Site in the most expedient time possible and without unreasonable delay, consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
Your personal data may be transferred, stored and processed in the European Economic Area (“EEA”), United States (“US”) or any other country in which our service providers maintain facilities. By using our domains and Services, you consent to any transfer, storing or processing of personal data outside of your country of residence and outside the EEA. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this policy.
To ensure the continuous operation of our Service, we will store your personal data until you decide to delete it in the Service, or request us to delete it. To request the deletion of your personal data, please follow the instructions on how to delete your account, in your account settings, or send us an email at [email protected].
9. Your Rights
Please know your rights by learning about the EU General Data Protection Regulation, also more commonly known as GDPR, or your local privacy laws and reach out to us if you’d have any questions or concerns. Summarizing some of your key rights:
- This policy is part of your right to be informed before you create an account or use our Service. You have access to your personal data that we process and a right to know for what purposes we use it;
- Where you have given us consent to collect and process personal data, you may withdraw your choice for us to stop doing so at any time. Please be aware that this has an impact on the use and functionality of our Service, and we will delete your user account;
- You may rectify any personal data that may be inaccurate or incomplete and request us to erase your account, including personal data that we or any of our partners have collected;
- Under particular circumstances you may restrict processing, such as direct marketing and/or on the basis of legitimate interests following GDPR Article 6 sub 1 (f);
- The personal data collected by us and requested by you, should be delivered to you in a common, portable and machine-readable format;
- Objections can be made for example by filing a complaint with your local privacy authority. For Germany this is Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit. For other countries in the EEA, please refer to: https://edpb.europa.eu/about-edpb/board/members_en.
10. Age
Our Services are intended for people who would like to browse and enjoy the Surf software. By agreeing to our Privacy Policy and Terms and Conditions, you represent that you are allowed to use our Service according to your jurisdiction’s applicable age limits. Please note we have no ready access or instant knowledge of anyone’s age.
If you are considered a minor in your country, you must have your parent or legal guardian’s help to understand this agreement, permission to use the Services, and their acceptance of these Terms on your behalf. If you are under the age of 13, you may not have an account with Deta Services unless you have your parent or legal guardians permission. If we learn or have reason to suspect that you are a user who is under your jurisdiction’s applicable age limit, we will unfortunately have to close your account.
11. Contact Us
Deta GmbH in its role as data controller is a for profit company with its operational headquarters at Sophienstr. 8, 10178 Berlin, Germany. To exercise any of the rights described above or in case of concerns, questions or inquiries, please email us at [email protected].
We promise to respond as soon as possible. For account deletion or data dumps, please mention “privacy” anywhere in the subject header.
handcrafted in the heart of Berlin