1. Who we are
Laplace is the data controller for account and marketing data, and a data processor for the datasets and content you upload (“Customer Content”) on behalf of your organization. For business customers, the Data Processing Addendum governs that processing.
2. What we collect
- Account data: name, email, organization, authentication identifiers (including OAuth IDs from Google/GitHub if you use them).
- Customer Content: datasets, models, reports, and metadata you create or upload.
- Usage & billing data: feature usage, compute/credit metering, plan, and Stripe payment metadata (we never store full card numbers).
- Product analytics & diagnostics: pages visited, feature events, and error reports (via Sentry), including the page path and your email when you submit feedback.
- Device/log data: IP address, browser type, and timestamps for security and reliability.
3. How we use it
- To provide, secure, and improve the service.
- To meter usage, bill plans, and enforce quotas.
- To respond to support requests and send service notices.
- To detect, prevent, and investigate abuse and security incidents.
We do not train foundation models on your private Customer Content, and we do not sell personal data.
4. Legal bases (GDPR)
We process personal data to perform our contract with you, to pursue legitimate interests (security, product improvement) balanced against your rights, to comply with legal obligations, and, where required, with your consent (e.g., non-essential cookies and marketing).
5. Sharing & subprocessors
We share data with vetted subprocessors that help us run Laplace (cloud compute, object storage, payments, error monitoring, and—when you opt into LLM-assisted planning—model providers). The full list is on our Subprocessors page. We may also disclose data to comply with law or protect rights and safety.
6. International transfers
Where data is transferred across borders, we rely on appropriate safeguards such as Standard Contractual Clauses. You can request our data-residency options for enterprise deployments.
7. Retention
We keep Customer Content while your account is active. After account or organization deletion, we remove Customer Content within 30 days from primary systems and within 90 days from backups, except where retention is legally required. Account and billing records are retained as required by law.
8. Your rights
Depending on your region, you may have rights to access, correct, export, delete, or restrict processing of your personal data, and to object or withdraw consent. You can export your data and delete your account from account settings, or email privacy@laplace.ai. We respond to verified requests within 30 days (DSAR process).
9. Security
We encrypt data in transit and at rest, restrict access on a need-to-know basis, and monitor for incidents. See the Security Overview.
10. Cookies
See our Cookie Notice for the cookies and similar technologies we use and how to control them.
11. Children
Laplace is not directed to children under 16 and we do not knowingly collect their data.
12. Changes & contact
We will post updates here and notify you of material changes. Privacy questions: privacy@laplace.ai.