At StreamData SpA, we design our Snap platform with a Privacy by Design approach (Law 21.663). The processing of personal data of our users and clients is governed by Law No. 19,628, the new Law No. 21,719, and international enterprise security standards.
1. Privacy by Design (Architecture)
Data Separation: The LLM only processes structural metadata (table schemas, data types) and never sees your raw database rows. Code generated for data analysis is executed locally inside a secure, locked-down virtual sandbox with zero external internet access.
2. Record of Processing Activities (RAT)
We map all data flows under the legal basis of contract execution: corporate account authentication, optional integrations (Slack), and AI processing (Vertex / Anthropic). Your query contexts and data are never used to train public AI models.
3. Data Retention & Minimization
We enforce automatic purge cycles: AI agent traces and query histories are deleted after 30 days, and operational or email logs after 90 days. Inactive accounts for 5 years are permanently anonymized and disabled.
4. Authorized Subprocessors
We partner with leading infrastructure providers (Google Vertex AI, Anthropic, Slack) under strict Data Processing Agreements (DPA). They are legally prohibited from using customer data for model training or their own purposes.
5. Transfers & Safeguards
All international data flows are backed by Standard Model Contractual Clauses (SCC) approved by the Chilean Ministry of Economy. Data in transit is secured with TLS 1.3, and connection credentials are encrypted at rest using Fernet AES-128.
6. ARCO+ Rights & Erasure
We guarantee the full exercise of your Access, Rectification, Deletion, Opposition, Portability, and Blocking rights. Upon deletion, we execute an atomic sequence: disabling logins, removing integrations, and purging all cognitive AI memory tiers.