Embedportal a subproduct of atSpark
Sign in Start free

Home / Legal / Privacy

Privacy
Policy.

We built Embedportal to move as little of your data as possible. This policy explains what we do collect, what we never will, and how long we keep any of it.

Effective
2026-04-17
Version
1.2
Governing law
Delaware, USA
Contact
privacy@embedportal.com

1. The short version

Embedportal is a thin embedding layer between your product and your BI tools (Tableau, Power BI, QuickSight, Looker, Metabase and similar). The business data that appears inside embedded dashboards never flows through our servers — it is rendered by the vendor directly into the viewer’s browser.

What we do collect is limited to account, configuration, audit, and basic operational telemetry. We don’t sell personal data. We don’t use it to train models.

2. Scope & roles

This policy covers embedportal.com and the Embedportal hosted service (the “Service”). Embedportal is a subproduct of atSpark Inc. (“we”, “us”).

  • When you visit this website, we are the controller of information you give us.
  • When your organization uses Embedportal, your organization is the controller of end-user data and we act as a processor on its behalf.

3. What we collect

We collect four categories of data, and nothing more:

CategoryExamplesWhy
Account Name, work email, organization, role To create and operate your account
Configuration Dashboard IDs, RLS rules, branding, tenant mapping To render the right embed to the right viewer
Audit Who viewed what dashboard, when, from where Security, compliance, your audit trail
Telemetry Request timing, error traces, IP, user agent Keep the Service fast and reliable

4. What we don’t collect

  • The rows, columns or cells inside your dashboards.
  • Your warehouse credentials.
  • Your BI vendor’s source data.
  • Third-party advertising identifiers.
  • Any information sold to data brokers.

note: dashboards render directly from your BI vendor to your viewer’s browser. We sign the token that grants access; we do not proxy the payload.

5. How we use what we collect

  • To provide, operate and maintain the Service.
  • To authenticate users and enforce RLS rules.
  • To keep an immutable audit trail for your organization.
  • To debug, monitor and improve reliability.
  • To communicate with you about the Service (service messages only).
  • To comply with legal obligations and defend legal claims.

We do not use your data to train machine-learning models. We do not sell, rent or share your data for advertising.

6. Sharing & subprocessors

We share limited data with vetted vendors that help us run the Service. Current subprocessors:

VendorPurposeRegion
AWSHosting, storage, networkingUS · EU
CloudflareDNS, DDoS, edge cachingGlobal
StripePayments (billing data only)US
PostmarkService & transactional emailUS
SentryError monitoringUS

We will post an update on this page at least 30 days before adding a new subprocessor that processes personal data.

7. How long we keep it

  • Account data — while your account is active, plus 30 days after cancellation.
  • Configuration — while your account is active, plus 30 days.
  • Audit logs — 13 months by default; your organization can request longer or shorter retention.
  • Telemetry — 30 days, then aggregated.
  • Backups — rolling 35 days.

8. Your rights

Depending on where you live, you may have the right to access, correct, export, restrict, or delete the personal data we hold about you, and to object to our processing of it. To exercise a right, email privacy@embedportal.com with the word Privacy Request in the subject line. We will respond within 30 days.

If your organization is using Embedportal on your behalf, please also contact that organization — under applicable law they are the controller of data they process through the Service.

9. Security

We encrypt data in transit (TLS 1.3) and at rest (AES-256). Access to production is limited, logged and time-bound. Tokens that grant access to embedded dashboards are short-lived (≤ 5 minutes) and signed by your backend. We don’t yet hold SOC 2, ISO 27001 or HIPAA certifications — we’ll say so openly if we ever do.

10. Children

Embedportal is not designed for, and we do not knowingly collect personal data from, anyone under 16. If you believe we have, contact privacy@embedportal.com and we will delete it.

11. International transfers

We operate primarily in the United States. If you’re using the Service from outside the US, your information may be transferred to and processed there. We rely on Standard Contractual Clauses and equivalent mechanisms where required.

12. Cookies

We use a small number of strictly necessary cookies to keep you signed in and to protect against abuse. We do not use third-party advertising cookies on embedportal.com. For lightweight product analytics we use a cookieless, IP-anonymising tool.

13. Changes to this policy

When we materially change this policy, we’ll update the effective date at the top and, for bigger changes, email account owners at least 30 days before the change takes effect.

14. Contact us

atSpark Inc., Attn: Privacy
1209 Orange Street, Wilmington, DE 19801, USA
privacy@embedportal.com

← Back to Embedportal