Privacy Policy

Laohu ApS ("Laohu," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered business intelligence platform and related services.

We are a Danish company subject to the European Union General Data Protection Regulation (GDPR) and Danish data protection legislation.

Laohu ApS, registered in Copenhagen, Denmark, is the data controller for personal data processed through our platform. For questions regarding data processing, contact our Data Protection Officer at privacy@laohu.io.

Account information: Name, email address, company name, and role when you create an account or request access.

Usage data: How you interact with the platform, including queries made, dashboards viewed, and features used. This helps us improve the product.

Technical data: Browser type, IP address, device information, and access times for security and performance monitoring.

Customer data: We process queries against your connected data warehouses. We do not store your underlying business data - queries are executed in place against your infrastructure.

We process your data for the following purposes:

Providing and maintaining the Laohu platform; authenticating users and managing access; processing natural language queries against your data sources; improving AI accuracy through our memory and context system; ensuring platform security and preventing abuse; complying with legal obligations.

Our AI memory system stores schema metadata, business definitions, and query patterns specific to your organization. This data is isolated per tenant and is never shared across organizations or used to train general-purpose AI models.

We process personal data under the following GDPR legal bases: contractual necessity (Article 6(1)(b)) for providing the service; legitimate interest (Article 6(1)(f)) for product improvement and security; consent (Article 6(1)(a)) where applicable; and legal obligation (Article 6(1)(c)) for compliance requirements.

All data is processed and stored within the European Union. We use EU-based infrastructure providers and do not transfer personal data to jurisdictions outside the EU/EEA without adequate safeguards as required by the GDPR.

We retain personal data only as long as necessary for the purposes described in this policy. Account data is retained for the duration of your subscription and deleted within 90 days of account closure. Usage and technical data is retained for up to 24 months for product improvement purposes.

Under the GDPR, you have the right to: access your personal data; rectify inaccurate data; erase your data ("right to be forgotten"); restrict processing; data portability; object to processing; and withdraw consent at any time.

To exercise any of these rights, contact us at privacy@laohu.io. We will respond within 30 days.

We implement industry-standard technical and organizational measures to protect your data, including encryption at rest and in transit, access controls, audit logging, and regular security assessments. We pursue SOC 2 Type II and ISO 27001 certifications.

Enterprise customers may enter into a Data Processing Agreement (DPA) as required by the GDPR. Contact legal@laohu.io for DPA requests.

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the platform. Continued use after changes constitutes acceptance.

Laohu ApS - Copenhagen, Denmark
Email: privacy@laohu.io