Privacy Policy
Last updated: January 2026
This Privacy Policy explains how RowSherpa, operated by Positronic, collects and processes personal data in connection with the RowSherpa service (the “Service”).
1. Operator and Data Controller
The Service is operated by:
Positronic
Email: privacy@rowsherpa.com
Positronic acts as:
- Data controller for account, billing, and service operation data
- Data processor for customer-uploaded data processed through the Service
2. Roles and Responsibilities (GDPR)
Customer Data (Uploaded Content)
When users upload CSV files or other data to RowSherpa for processing:
- The user is the data controller, determining the purpose and means of processing.
- Positronic acts as a data processor, processing data solely on the user’s documented instructions.
Positronic:
- Does not determine the content of uploaded data
- Does not use uploaded data for its own purposes
- Does not train AI models on uploaded data
Platform and Account Data
Positronic acts as a data controller for data required to operate the Service, including:
- Account and authentication data
- Usage and quota data
- Billing and subscription metadata
- Security and operational logs
3. Personal Data We Process
a. Account Data
- Email address
- Authentication identifiers
- API keys
b. Usage and Operational Data
- Jobs created
- Rows processed
- Token usage
- Subscription plan and quota usage
- Error and performance logs
c. Uploaded Customer Content
- CSV files uploaded by users
- Prompt content
- AI-generated outputs
d. Billing Data
- Managed by Stripe
- Positronic does not store full payment card details
4. Purpose of Processing
We process personal data to:
- Provide and operate the Service
- Execute AI processing requested by users
- Manage subscriptions, quotas, and billing
- Ensure security, reliability, and abuse prevention
- Provide customer support
Uploaded customer data is processed only to deliver the Service requested by the user.
5. AI Processing and Sub-Processing
RowSherpa transmits uploaded data to third-party AI providers strictly to perform user-initiated processing.
We currently rely on the following sub-processors:
- OpenAI
- Perplexity
- Supabase (database and file storage)
- Stripe (payments)
- Posthog (analytics)
- Cloudflare (static site delivery)
- Koyeb (backend hosting)
All sub-processors are contractually bound to appropriate data protection obligations.
6. Data Retention
- Uploaded files and AI-generated outputs are stored temporarily
- Users may delete uploaded data and results at any time
- Data may be automatically deleted after a reasonable retention period
- Account and billing data is retained as required by law
7. International Data Transfers
Data may be processed in the European Union and the United States.
Where required, appropriate safeguards (such as standard contractual clauses) are applied to ensure lawful international transfers.
8. Security Measures
We implement reasonable technical and organizational measures, including:
- Encryption in transit and at rest
- Access controls and isolation between users
- API key management and quota enforcement
No system can be guaranteed to be 100% secure.
9. User Rights
Depending on applicable law (including GDPR), users may have the right to:
- Access personal data
- Request correction or deletion
- Object to or restrict processing
- Request data portability
Requests can be submitted to privacy@rowsherpa.com.
For customer-uploaded data, requests should generally be directed to the data controller (the user).
10. Cookies
The RowSherpa website uses minimal cookies necessary for functionality and analytics. No advertising cookies are used at this stage.
11. Changes to this Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via the website.
12. Contact
For privacy-related questions or requests:
Email: privacy@rowsherpa.com