Privacy Policy
Your privacy is our priority. Learn how we protect your data in compliance with GDPR.
This Privacy Policy describes how Lakesight, operating lakesight.io ("we", "us"), collects, uses, and protects personal data in compliance with the EU General Data Protection Regulation (GDPR) and applicable international privacy laws.
1. Data Controller
Lakesight
SASU registered in France — RCS Nanterre 103 671 855
9B rue Balliat
92400 Courbevoie, France
2. Data We Collect
- Identification Data: first name, last name, email, phone number*, account information
- Professional Data: company name*
- Usage Data: feature usage statistics for service improvement
- Billing Data: billing address and payment info. Processed by payment provider, Stripe.
* Optional
3. Legal Basis for Processing
- Contract performance: processing necessary to deliver the subscribed Service
- Legitimate interest: service improvement and abuse prevention
- Legal obligation: tax records, invoicing
- Consent: marketing communications (opt-in only)
4. How We Use Your Data
- To provide, maintain and improve the Service
- To process payments and manage subscriptions
- To send service notifications and updates
- To respond to support requests
- To comply with legal obligations
- To send marketing communications (with consent)
5. Data Retention
- Account data: retained for the duration of the subscription. Upon account deletion, identification data is kept for 3 years to prevent service abuse, then permanently deleted
- Billing and invoice data: 10 years, stored in our payment provider platform Stripe
- Workspace credentials: deleted when a workspace is removed by the Customer, or upon account termination
6. Data Sharing
We do not sell personal data. We may share data with:
- Stripe — payment processing and billing
- Microsoft Azure — cloud infrastructure hosting the Service
- Legal authorities when required by law
All sub-processors are bound by data processing agreements and provide adequate data protection guarantees.
7. International Data Transfers
Your data is hosted within the European Union (Microsoft Azure, West Europe). In the event data is processed outside the EEA by a sub-processor, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.
8. Your Rights
You have the right to access, rectify, delete, object to, restrict, and port your personal data. To exercise your rights, contact us at legal@lakesight.io. You may also lodge a complaint with the CNIL.
9. Security
SSL/TLS encryption, access controls, backups, and appropriate technical and organizational measures are in place to protect your data.
Workspace PAT tokens are stored exclusively in Microsoft Azure Key Vault — they are never stored in our application database, never logged, and never visible in any user interface or API response. Workspace URLs are visible to authorized users within the application.
lakesight.io only retrieves cost and configuration metadata via the Databricks REST API. It does not and cannot read, store, or process any data within the Customer's Databricks tables, notebooks, or files.
Note: Databricks workspace data (job metadata, cluster events, run history) is technical operational data and is not considered personal data.
10. Cookies
lakesight.io uses essential cookies required for the proper functioning of the service (authentication, user preferences). No tracking, analytics, or advertising cookies are used. You can manage cookies via your browser settings.
11. Changes to This Policy
We may update this Privacy Policy. Material changes will be notified via email. The current version is always available at lakesight.io/privacy.