← Niitaka

Privacy Policy

Last updated: April 15, 2026

Niitaka ("we", "us", or "our") operates the Niitaka AI agent observability platform. This policy explains what personal data we collect, how we use it, and the rights you have over it. We are committed to protecting your privacy and complying with applicable data protection laws, including GDPR and CCPA.

1. What we collect

  • Account data — your name, email address, and encrypted password when you register.
  • Organisation data — your organisation name and plan tier.
  • Agent event data — LLM inputs/outputs, tool calls, costs, and latency logs sent by your agents via the SDK. This data is owned by you.
  • Usage data — pages visited, actions taken, and feature usage within the dashboard (collected only if you consent to analytics).
  • Technical data — IP address, browser type, and access timestamps in server logs.

2. How we use your data

  • To provide and operate the Niitaka platform.
  • To authenticate you and secure your account.
  • To display your agent sessions, events, and analytics in the dashboard.
  • To send transactional emails (account creation, alerts you configure).
  • To improve the product based on aggregated, anonymised usage patterns.

We do not sell your personal data. We do not use your agent event data to train AI models.

3. Data retention

Account data is retained while your account is active. Agent event data (sessions, events, signals) is retained for the duration of your subscription. You may export or delete your data at any time from your Organisation settings. When you delete your account, all data is permanently and irreversibly removed within 30 days.

4. Your rights

Under GDPR (if you are an EU resident) and similar laws, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Portability — export all your data as a structured JSON file from Organisation settings → Export my data.
  • Correction — update your account information via the dashboard.
  • Erasure — delete your account and all associated data from Organisation settings → Danger Zone.
  • Objection — object to any processing not covered by a legitimate interest or contract. Contact us at privacy@niitaka.ai.

5. Sub-processors

We use the following third-party services to store and process data on your behalf. Each is subject to a Data Processing Agreement:

  • Supabase — database hosting (PostgreSQL). Data stored in the US (AWS us-east-1).
  • Hosting provider — backend and frontend hosting (updated at launch).

LLM providers (OpenAI, Anthropic, etc.) are not Niitaka sub-processors. Niitaka instruments your agents by observing inputs and outputs — it does not proxy or route your LLM calls. Your agents communicate with LLM providers directly. You are responsible for your own agreements with those providers.

6. Cookies

Niitaka uses only essential session cookies required for authentication. We do not use third-party advertising or tracking cookies. If we add optional analytics, we will ask for your consent first.

7. Data transfers

Your data is currently stored in the United States. If you are based in the EU/EEA, transfers are made under Standard Contractual Clauses (SCCs) with our sub-processors.

8. Security

We use TLS encryption in transit, bcrypt password hashing, Row-Level Security on all database tables, and strict tenant isolation (your data is never visible to other organisations). We will notify you within 72 hours of becoming aware of a data breach affecting your account.

9. Contact

For privacy enquiries, data subject requests, or to reach our data protection contact:
privacy@niitaka.ai

© 2026 NiitakaTerms of Service