Dashtera-logo-for-dark
Dashtera-logo-for-dark

Dashtera Privacy Policy

Effective Date: April 14, 2025.

Last Revised: November 11, 2025.

I. Introduction

1.1 Purpose of the Privacy Policy

LightningChart Ltd (“LightningChart,” “we,” “us,” and/or “our”) is a Finnish company that provides Dashtera, a subscription-based platform for data visualization, data analytics, data dashboarding, data reporting, and data observability (the “App”). LightningChart is committed to protecting the privacy and security of our users’ (“you,” “your”) data. LightningChart understands the importance of your data and we are dedicated to maintaining its confidentiality and integrity in accordance with applicable laws and regulations. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Dashtera websites, apps, widgets, APIs, emails, and other Dashtera related products and services (collectively, the “Services”) or when you otherwise interact with us or receive a communication from us.

1.2 Legal Framework

LightningChart is a Finnish company and is subject to Finnish law, including the Finnish Data Protection Act, as well as the EU General Data Protection Regulation (GDPR). We are committed to complying fully with these legal requirements and ensuring that your personal data is processed lawfully, fairly, and transparently. This Privacy Policy is designed to meet the requirements of both Finnish law and the GDPR and to inform you of your rights regarding your personal data.

1.3 Data Controller

LightningChart, a company registered in Finland with its registered office at Tehdaskatu 24 B, 70620 Kuopio Finland, is the data controller responsible for your personal data under this Privacy Policy and is the sole owner of the Dashtera.com website (“Website”), Dashtera applications, Dashtera services (each, a “Service”) and all the information collected on it for the operation of the Dashtera.com website (“Website”), Dashtera applications, and Services. LightningChart collects information from users of Dashtera in several ways (explained in detail in this privacy policy). You can contact us regarding any questions or concerns about your data and this policy via the contact information below.

Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us at:

  • Company Name: LightningChart Ltd
  • Business ID: 2164174-7
  • VAT Number: FI 21641747
  • Address: Tehdaskatu 24 B, 70620 Kuopio Finland
  • Email: [email protected]

1.4 Scope of the Privacy Policy

This Privacy Policy applies to all personal data (“Personal Data”) collected through our application Dashtera, as well as any related services, features, and content provided by LightningChart (collectively, the “Service”). It covers all data processing activities associated with your use of the Service, including information you provide directly and data we automatically collect when you interact with our platform, website, or services.

In this Privacy Policy, “Personal Data” refers to any information relating to you from which you can be identified. This policy explains:

  • What Personal Data we collect.
  • Why we collect it.
  • How we use and store it.
  • The lawful basis for processing your Personal Data.
  • How we share your Personal Data.

1.5 Target Audience

This Privacy Policy applies to all users who have registered for a Dashtera account. Only registered users can access and use the Dashtera Service.

By using our Service or submitting your personal data, you are agreeing to accept the terms of this privacy policy, so please read it carefully. If you disagree with this privacy policy at any point or time, you should stop using our Services and delete your user account.

1.6 Updates to the Privacy Policy

We may update this privacy policy at our discretion from time to time by posting a new version on our Website (https://dashtera.com/privacy-policy/). You should check our Website occasionally to ensure any changes made are suitable for you. If required by applicable law, you will be informed of any significant changes made to the privacy policy. If we make material changes to this Privacy Policy, we will notify you via email or by a notice on the Dashtera platform prior to the changes taking effect, as described in Section 13.1 below.

The current version of this privacy policy was modified on November 11, 2025.

1.7 Beta Release Disclaimer:

Dashtera is currently offered as a public beta release. By using the Service, you acknowledge and agree that the Service may contain errors, may be subject to unanticipated interruptions, and is provided on an ‘as is’ basis without warranties of any kind. LightningChart expressly disclaims any liability for inaccuracies, incomplete data, or failures arising from the beta nature of the Service. Your continued use of the Service constitutes your acceptance of these risks.

II. Information We Collect

To provide and improve our Services, we may collect various types of personal data and other information from you, as further described below:

2.1 Information Provided by Users

Personal Data That You Provide Through the Services

  • We collect Personal Data from you when you voluntarily provide such information, such as when you contact us with inquiries, respond to one of our surveys, register for access to the Services or use certain Services. Wherever LightningChart collects Personal Data from you, we shall make an effort to provide a link to this Privacy Policy.
  • By voluntarily providing us with Personal Data, you are consenting, acknowledge, and agree to our use of it in accordance with this Privacy Policy. If you provide Personal Data to the Services, you acknowledge and agree that such Personal Data may be transferred from your current location to the offices and servers of LightningChart and the authorized third parties referred to herein, subject to the safeguards described in Section IX below.

Account Information

To create an account for Dashtera, you are required to provide certain information, including your name, email address, username, and a password. Providing the mandatory data elements is necessary to access the Service.

When you create an account for Dashtera, the following information is collected:

  • Email Address: Used for account login, communication, and account recovery.
  • Password: Stored securely using industry-standard hashing techniques to protect your account.
  • Username
  • First Name
  • Last Name
  • Phone Number (Optional)
  • Country / Region
  • Town / City
  • Postal Code / Zip Code
  • Street Address
  • Industry (Optional)
  • Marketing Communications Preference (Optional): We store your opt‑in/opt‑out preference for marketing emails; you can change it anytime via unsubscribe or in account settings. See Section 3.3 for details.

Dashtera utilizes Keycloak for account creation, user authentication and account management. Keycloak by default collects basic user profile data, such as your email, first name, and last name. If you use a social login, Keycloak will collect basic user profile data from your social account and references to that social account. Device information, such as your IP address, operating system name, and browser name, is collected by Keycloak for audit and security purposes. Keycloak also collects user credentials, including passwords, OTP codes, and WebAuthn public keys, which are encrypted and stored securely. While user credentials are encrypted and not visible to Dashtera administrators, non-confidential metadata related to these credentials (e.g., password hashing algorithm) may be visible.

Customer Support Data / Communications

When you contact us for customer support, provide feedback, or otherwise communicate with us, we collect the content of those communications. This may include your email address, the subject of your inquiry, and any information you choose to share within the communication. This information is used to help us respond to your inquiries and improve our support services.

Payment Information

When you subscribe to a paid tier of Dashtera, we collect information necessary to process your payments. This includes your billing address, and payment method details. We use a secure third-party payment processor to handle payment transactions. While we may collect certain information necessary to initiate the payment process (e.g., your billing address), we do not store your full credit card details on our servers. The payment processor is responsible for securely handling your sensitive payment information and retains this information in accordance with their own privacy policy and security standards.

Imported Data / User-Generated Content

Dashtera allows you to upload and import various types of data for visualization and analysis, including:

  • CSV files, spreadsheets, and text data
  • Financial data (e.g., stock prices, trading volumes)
  • Business metrics (e.g., sales figures, customer demographics)
  • Scientific data (e.g., experimental results, sensor readings)
  • Mapping data and images
  • Any other data relevant to your visualization needs

This user-generated content is stored securely on our servers solely to enable the Service’s functionalities. We do not use your imported data for any other purposes, such as marketing or profiling.

You retain all rights and ownership over the data you upload or import into Dashtera. By providing user-generated content, you grant LightningChart a license to process and display that data only as necessary to provide the Dashtera Services to you, in accordance with this Privacy Policy and our Terms of Service. Please ensure that you have the right to upload any data you import (especially if it contains Personal Data about third parties). If you upload Personal Data of others, you are responsible for having any necessary legal basis (e.g., consent) for processing that data through Dashtera. LightningChart will process such user-provided data solely for your use of the Service and in accordance with your instructions.

2.2 Information Collected Automatically

We automatically collect certain information about your use of Dashtera to help us understand usage, improve functionality, ensure security, monitor performance, identify trends, troubleshoot problems, and personalize your experience.

This automatically collected information includes:

  • Usage Data: We collect data about your interactions with Dashtera, including pages visited, features used, time spent, and login/logout times.
  • Technical Information: We collect technical details including IP addresses (for security and general location information), browser type, device information, access times, pages viewed, errors encountered, and other system activity. This data helps optimize Dashtera for different devices and browsers while maintaining security and enabling performance analysis.
  • Cookies and Similar Technologies: We use essential cookies (no consent required) and, if you consent, analytics cookies that help us understand Service usage. Non-essential cookies are inactive until you provide consent. You can change choices any time in Cookie Preferences or your browser. Details on cookie categories, consent choices, logging, retention, and providers appear in Section 2.3 (Cookies and Similar Technologies).
  • Authentication Technologies: We use Keycloak for authentication, which collects necessary information such as IP address and device information for security purposes.

2.3 Cookies and Similar Technologies

We use different types of cookies and similar tracking technologies on Dashtera.

  • 2.3.1 Essential Cookies are required for the website to operate (for example, to keep you logged in, maintain session integrity, and remember your preferences). Because they are strictly necessary for functionality, these cookies do not require user consent and cannot be disabled within the Service.
  • 2.3.2 Analytics Cookies (Consent-Based) and similar technologies help us understand how users interact with Dashtera (e.g., feature adoption, navigation flows, performance). These cookies are disabled until you grant consent; if you refuse, Dashtera functions without analytics. We use Google Analytics solely for usage analytics and product improvement; advertising features and remarketing are disabled. Google acts as our processor/service provider, and we do not permit Google to use analytics data for its independent purposes. IP anonymization is enabled. “Advertising storage” is set to denied by default; “analytics storage” is enabled only after consent.
  • 2.3.3 Cookie Banner and Choices: When you first visit Dashtera, a cookie banner appears offering two primary choices with equal prominence: Accept All cookies (both essential and analytics) or Reject Non-Essential cookies (allows only essential cookies). If you choose to reject non-essential cookies, no analytics cookies are set. The Service will still function but without certain tracking for usage analytics.
  • 2.3.4 Preference Management: You can later adjust your cookie settings through our website’s Cookie Preferences interface or your browser cookie settings. We do not set or read any non-essential cookies (including analytics) until you provide prior consent via our banner. Consent withdrawal takes effect immediately and we cease further processing accordingly.
  • 2.3.5 Consent Logging and Compliance: To demonstrate compliance with GDPR, ePrivacy, and CPRA requirements, we record the timestamp, scope of consent, banner version, and proof of choice.
  • 2.3.6 For consent management auditing, we also store limited metadata, specifically your IP address and browser user agent, together with a randomly generated visitor identifier saved in your browser’s local storage. This identifier persists your consent preference and links it to your device.
  • 2.3.7 The visitor identifier is used exclusively for consent management and, if you have opted in to analytics, to provide pseudonymous context for aggregated analytics data. It is not employed for any advertising or profiling purposes.
  • 2.3.8 Cookie Details: This Privacy Policy describes the cookies/SDKs we use, including their purpose , provider, and retention, and will be updated if our use changes. Essential cookies rely on the Art. 5(3) exception; all others require your consent.

2.4 Information from Third-Party Sources

Dashtera may receive information about you from third-party sources if you choose to connect them to the Service.

  • External Database Connections: If you connect Dashtera to your external databases, we may securely store the necessary connection details, including the database type and server address, username and password (encrypted and securely stored), and connection strings. We use robust security measures, such as encryption and access controls, to protect this sensitive information from unauthorized access.

When you connect an external database, you authorize Dashtera to access only the data you select for visualization and analysis. We do not store a copy of your entire database unless you explicitly choose to import it into Dashtera. Access is limited to providing the requested visualization and analysis features.

2.5 Third-Party Sites

This Privacy Policy applies solely to Dashtera Services. The Services may contain links (“Web Links”) to other websites not operated or controlled by LightningChart (the “Third-Party Sites”). Our policies do not apply to Third-Party Sites. Links do not imply endorsement or that LightningChart has reviewed the Third-Party Sites. We are not responsible for the content, activities, or privacy policies of linked sites. We suggest reviewing the privacy policy of each site you visit.

III. How We Use Your Information

We use collected information to provide, maintain, improve, secure Dashtera Services, communicate with users, and comply with legal obligations.

3.1 To Provide and Maintain the Service

We use your information to operate and maintain Dashtera’s core functionalities, including:

  • Account Management: Creating and managing your Dashtera account, enabling you to log in securely, and providing password recovery options.
  • Processing Payments and Managing Subscriptions: Processing payments, managing subscription renewals, and resolving billing issues for paid plans.
  • Enabling Data Visualization and Analysis Features: We use your uploaded, imported, or connected data to enable Dashtera’s features (charts, dashboards, analysis, maps, images, reports).
  • Providing Customer Support: We use your information to respond to your inquiries, troubleshoot technical problems, and provide you with assistance in using the Dashtera Service.
  • Maintaining the Security and Integrity of the Platform: We use information, including device information and log data, to detect and prevent fraud, unauthorized access, and other security threats. We also use this information to monitor the performance of the platform and ensure its stability.
  • Enabling Connected Databases Features: When you connect external databases, we use the access you grant to retrieve and process the selected data for visualization within Dashtera, ensuring that you can utilize your existing data sources seamlessly.

3.2 To Improve and Personalize the Service

  • We use your information to enhance the Dashtera Service and tailor it to your needs, including analyzing usage patterns to optimize user experience and conducting research using aggregated/anonymized data to enhance platform performance.
  • If you choose to provide your Industry, we may use it to personalize your experience (e.g., recommended content or defaults) and to understand feature adoption across industries in aggregate. Where this involves analytics, we only associate Industry with analytics after you consent to analytics cookies.
  • Usage insights are derived from first-party analytics events and Google Analytics configured without advertising features.

3.3 To Communicate with Users

We use your contact information to communicate with you about the Dashtera Service, including:

  • Sending Service-Related Notifications: We may send you emails or other notifications regarding important updates to your account, changes to the Service, security alerts, or other essential information related to your use of Dashtera.
  • Responding to Inquiries and Feedback: We use your information to respond to your questions, comments, and feedback, and to provide you with the support you need.
  • Sending Marketing Communications: We send promotional emails about Dashtera (e.g., new features, updates, and offers) only if you have explicitly opted in, for example, during registration or in account settings. Where permitted by Finnish law, we may use a limited “soft opt‑in” to market our own similar services to existing customers whose email we obtained in the context of a sale; we provide an easy, free opt‑out at collection and in every message. You can manage your communication preferences in account settings or unsubscribe at any time via the link in any marketing email; opting out does not affect your use of the Service. We maintain verifiable records of consents and withdrawals and process marketing communications in accordance with this Privacy Policy and applicable law. Essential service‑related emails are sent regardless of marketing preference.

3.4 To Comply with Legal Obligations

We may use and disclose your information when required by law or to protect our legal rights, including:

  • Responding to Lawful Requests from Authorities: We may disclose your information to law enforcement agencies, government authorities, or other third parties if required to do so by law, such as in response to a subpoena, court order, or other legal process.
  • Meeting Tax and Accounting Requirements: We may use your information to comply with applicable tax and accounting regulations, such as calculating and reporting taxes related to your subscription fees.
  • Enforcing LightningChart’s Dashtera Terms of Service: We may use your information to enforce our Terms of Service, investigate potential violations, and protect the rights, property, or safety of LightningChart, Dashtera, our users, or others.

IV. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR) and Finnish data protection law, we are required to have a valid legal basis for each purpose for which we process your personal data. We rely on the following legal bases for processing your information:

4.1 Contractual Necessity

We process your personal data when it is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract. This includes processing that is necessary to deliver Dashtera’s core functionalities (e.g., account creation, payment processing, feature usage, support), as described in Section 3.1 above.

4.2 Legitimate Interests

We process your personal data when it is necessary for the purposes of the legitimate interests pursued by LightningChart, provided that such interests are not overridden by your data protection rights. Our legitimate interests include improving services, ensuring security, conducting research/development, and promoting Dashtera (only where legally permissible). Examples include first-party acquisition attribution (UTMs/referrers) and non-advertising usage analytics essential to improve stability, security, and user experience or to inform existing customers of new Dashtera features that might interest them.

We carefully balance our legitimate interests against your rights and freedoms when relying on this legal basis.

4.3 Consent

In certain cases, we process your personal data based on your explicit consent. We will always obtain your clear and affirmative consent before processing your data for these purposes, and you have the right to withdraw your consent at any time. Examples include:

  • Sending Marketing Communications: As described in Section 3.3, we send marketing emails only with your opt‑in consent (or, where permitted, under the limited soft opt‑in). Each message includes an unsubscribe link, and you can withdraw consent at any time in account settings.
  • Using Certain Cookies or Similar Technologies: We will obtain your consent for the use of non-essential cookies. Non-essential cookies and similar technologies (including analytics) rely on your prior consent under ePrivacy Art. 5(3) and GDPR Art. 6(1)(a). We do not rely on legitimate interests for non-essential cookies.
  • Enabling Optional Features: Some features of Dashtera may require your consent to process certain data, such as personalizing your experience or integrating with third-party services.

4.4 Compliance with Legal Obligations

We process your personal data when it is necessary for compliance with a legal obligation to which LightningChart is subject under Finnish or EU law. This includes:

  • Responding to lawful requests from law enforcement agencies or government authorities.
  • Complying with tax and accounting regulations.
  • Meeting other legal requirements related to data retention, security, and disclosure.

(If in the future we need to process personal data for any purpose not described above, we will seek your consent or another valid legal basis before doing so.)

V. Data Sharing and Disclosure

We understand the importance of keeping your data confidential and we do not sell your personal data to third parties. However, we may share your information in limited circumstances as described below:

5.1 Service Providers

We may engage trusted third‐party service providers to facilitate the processing and secure management of your information as part of delivering and optimizing the Dashtera Service. These service providers are contractually obligated to protect the confidentiality and security of your data and are only permitted to use it for the specific purposes for which it is disclosed. Examples of such providers include:

  • Authentication and Access Control Providers: We leverage Keycloak for secure authentication and access control. Keycloak employs industry-standard security practices, including encryption of user credentials, to protect user data. While LightningChart manages overall data security, Keycloak is responsible for the security of its authentication and user management processes.
  • Payment Processors: We use a third-party payment processor to process payments for paid subscriptions. They receive and store your payment information securely to facilitate these transactions.
  • Cloud Hosting Providers: We use cloud hosting to store and process data, including user-generated content and platform data. Hosting regions may vary; see “International Data Transfers” for safeguards.
  • Analytics Providers: We use analytics services (Google Analytics 4, administered by Google LLC, via Google Tag Manager) to help us understand how users find and interact with Dashtera, so we can improve the Service. These services collect data about your use of Dashtera – for example, your navigation through our app, the features and charts you use, and the source that led you to our website (referral link or advertising campaign) – via cookies or similar tracking technologies. We only activate these analytics tools if you have consented to analytics cookies (see Sections 2.3 and 4.3 above), and you can withdraw your consent at any time. If you consent, we may also send pseudonymous analytics user properties to help interpret usage (e.g., an internal user identifier and the optional Industry you provided). We have configured Google Analytics to act as our data processor for these purposes, and we do not allow Google to use the data for its own purposes beyond providing analytics reports to us. Notably, Google Analytics 4 does not store users’ IP addresses for EU traffic (IP information is anonymized at collection), we set advertising storage to denied, and we do not enable any Google Analytics Advertising Features.
  • Database Management Providers: We utilize database services from providers (such as PostgreSQL) to efficiently manage and store application data.
  • Email Delivery: We use an email delivery service provider or SMTP relay to send transactional emails and service-related notifications and, only when explicit consent is given, marketing communications.

5.2 Business Transfers

In the event that LightningChart is involved in a merger, acquisition, sale of assets, or other business transaction that involves the transfer of user data, your information may be transferred as part of that transaction. We will notify you of any such transfer and any choices you may have regarding your information. We will ensure that any such transfer is conducted in compliance with applicable data protection laws and that the receiving entity is bound to honor the commitments made in this Privacy Policy or a policy that is at least as protective of your data.

5.3 Related Companies

We may also share your Personal Data with our Related Companies (e.g., parent company or affiliates under common ownership) for purposes consistent with this Privacy Policy. Any Personal Data shared with Related Companies will be protected at the same level as described here, and if such Related Companies are located outside the EEA, we will implement appropriate safeguards as outlined in Section IX.

5.4 Legal Requirements

We may disclose your information if we are required to do so by law, regulation, legal process, or government request. This includes responding to subpoenas, court orders, or other lawful requests from law enforcement or government authorities. We will strive to limit the scope of any such disclosure to the extent permitted by law.

5.5 With User Consent

Except as described in this Privacy Policy, we will not share your personal data with any other third parties without your explicit consent. If we ever need to share your data for any new purpose not outlined in this policy, we will notify you and obtain your clear and informed consent before doing so.

5.6 Aggregated or Anonymized Data

We may share aggregated or anonymized data that does not directly identify any individual with third parties for various purposes, such as research, analytics, marketing, or improving the Service. For example, we may share aggregated usage statistics with potential business partners or publish reports on industry trends based on anonymized data. We ensure that such data cannot be used to re-identify individuals.

VI. Data Security and Safeguards

At LightningChart, protecting your data’s security and integrity is our top priority. We deploy a range of technical measures (such as encryption and secure transfer protocols) and organizational measures, including strict access controls and regular staff security training. These safeguards work together to protect your data from unauthorized access, use, disclosure, alteration, or destruction throughout its entire lifecycle, including during transfer.

6.1 Security Measures

Our security measures include:

  • Encryption: We use industry-standard encryption protocols (e.g., TLS/SSL) to protect data transmitted between your browser and our servers. We also encrypt sensitive data at rest, such as passwords and certain user-generated content.
  • Access Controls: Access to your data is restricted to authorized personnel based on the principle of least privilege. We implement role-based access controls and regularly review access permissions.
  • Data Minimization: We only collect and transfer the minimum amount of data necessary for specific purposes.
  • Regular Security Audits: We conduct regular internal and external security audits and vulnerability assessments to identify and address potential security risks.
  • Due Diligence: We assess our service providers to ensure they maintain robust security measures and comply with applicable data protection laws.
  • Contractual Obligations: Our service providers are contractually bound to protect your data and adhere to relevant legal requirements.
  • Data Breach Response Plan: We have a data breach response plan in place to guide our actions in the event of a security incident.
  • Secure Development Practices: We follow secure coding practices and regularly train our developers on security best practices.
  • Network Security: We employ firewalls, intrusion detection systems, and other network security measures to protect our infrastructure from unauthorized access.
  • Physical Security: Our servers and data centers are located in secure facilities with physical access controls.
  • Authentication and Access Control: We utilize Keycloak for secure authentication and access control in Dashtera, leveraging its industry-standard security practices to protect user credentials. While LightningChart manages overall data security, Keycloak is responsible for the security of its authentication and user management processes.

By implementing these safeguards, we strive to ensure that your data remains protected during transfer and throughout its lifecycle.

LightningChart takes reasonable steps to protect the Personal Data provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from the Services may not be secure. Therefore, you should take special care in deciding what information you send to us via email. Please keep this in mind when disclosing any Personal Data to LightningChart via the Internet.

6.2 Data Breach Procedures

Despite our best efforts, no method of transmission over the internet or method of electronic storage is completely secure. In the unlikely event of a data breach that is likely to result in a high risk to your rights and freedoms, we will take the following steps:

  • Investigation: We will promptly investigate the incident to determine its nature, scope, and impact.
  • Containment and Remediation: We will take immediate steps to contain the breach, prevent further unauthorized access, and remediate any vulnerabilities that may have contributed to the incident.
  • Notification: We will notify the Finnish Data Protection Authority (or other relevant supervisory authority) within 72 hours of becoming aware of the breach, as required by the GDPR. We will also notify affected users without undue delay if the breach is likely to result in a high risk to your rights and freedoms. The notification will include information about the nature of the breach, the categories of data affected, the likely consequences, and the measures taken to address the breach.
  • Cooperation: We will cooperate fully with law enforcement and data protection authorities in investigating and responding to the breach.
  • Review and Improvement: We will review and update our security measures and procedures based on the lessons learned from the incident to prevent similar breaches in the future.

VII. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, as described in this Privacy Policy, or as required by law.

  • General Retention Principles

In some circumstances we may anonymize your personal data so that it can no longer be associated with you. In this case, such anonymized data is no longer considered personal data.

If you consent to receive marketing communications, we will keep your data until you unsubscribe, which is possible via the ‘unsubscribe’ button at the end of our marketing emails or in account settings.

7.2 Specific Retention Periods

The specific retention period for each category of data depends on the purpose for which it was collected and any applicable legal requirements. Examples include:

  • Account Registration Data: Retained for as long as your account remains active and for a reasonable period thereafter (e.g., seven (7) years) to comply with legal and accounting obligations, resolve disputes, and enforce our agreements.
  • Payment Information: We retain payment information for as long as necessary to process your transactions and comply with tax and accounting regulations (e.g., seven (7) years as required by Finnish tax law).
  • User-Generated Content: User-generated content, including data uploaded or imported for visualization, is retained for as long as your account is active. Upon account deletion or termination, we will delete or anonymize this data within a reasonable timeframe (e.g., 14 days), unless we are required to retain it for longer by law. (Users may also delete specific content within Dashtera at any time.)
  • Usage & Analytics Data: Retained a period of ~14 months to analyze trends, improve the Service, and for security purposes. If you consent to analytics, associated pseudonymous user properties (e.g., internal user identifier and, if provided, Industry) may be retained for the same period. After this period, we may aggregate or anonymize the data for analytical purposes.
  • Communications: Records of customer interactions with us (e.g., customer support inquiries) are retained for as long as necessary to improve our services, address recurring issues, comply with legal and accounting obligations, resolve disputes, and enforce our agreements.
  • Marketing Preference & Event Data: kept until you withdraw consent or your account is deleted; we retain a minimal suppression record to honor future opt-outs.
  • Log Data: We retain server logs for a maximum of 90 days for security, debugging, and performance monitoring purposes.
  • Data from Connected External Databases: This data is only retained for the duration of the user session in which it is accessed, unless a user specifically imports or saves this data in Dashtera.
  • Inactive Account Retention: We retain accounts that have been inactive for up to one (1) year. After this period, we will delete or anonymize the associated personal data, unless we are required to retain it for longer due to legal or regulatory obligations. We will notify users via email 30 days and 3 days before account deletion to provide an opportunity to reactivate the account or retrieve any stored data. If no action is taken, the account and its associated data will be permanently deleted or anonymized.

7.2 Data Deletion

You can request the deletion of your personal data at any time by contacting us at [email protected].

We will respond to your request without undue delay and within the timeframe required by law (typically one month under the GDPR).

We will delete or anonymize your data unless we are required to retain it by law or have other legitimate grounds for retaining it, such as to complete a transaction for which the data was collected, to detect or prevent security incidents, or to comply with legal obligations.

Deleted data will be removed from active systems but may remain in backups for a limited time as part of routine procedures. We will ensure that any such residual data is securely deleted in accordance with our data retention policy.

VIII. User Rights

LightningChart is committed to respecting and upholding your rights regarding your personal data under the General Data Protection Regulation (GDPR) and Finnish data protection law. You have the following rights:

8.1 Right to Access

You have the right to request access to the personal data we hold about you. This includes the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and information about how it is being processed.

8.2 Right to Rectification

You have the right to rectify any inaccurate or incomplete personal data we hold about you. You can update most of your account information directly within your Dashtera account settings (including your optional Industry). For other rectifications, please contact us.

8.3 Right to Erasure (“Right to be Forgotten”)

You can request erasure of your personal data under certain circumstances, such as when the data is no longer necessary or when you withdraw consent (where the legal basis was consent). Please note that we may be required to retain some data to comply with legal obligations or for other legitimate reasons, as explained in Section VII (Data Retention).

8.4 Right to Restrict Processing

You can request restriction of processing in certain situations. This means that we can store your data but cannot process it further unless specific conditions are met. You may exercise this right when you contest the accuracy of your data, when the processing is unlawful but you oppose erasure, when we no longer need the data but you require it for legal claims, or when you have objected to the processing pending verification of our legitimate grounds.

8.5 Right to Data Portability

You have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, where technically feasible. If you require assistance with exercising this right, please contact us using the details provided in Section XV (Contact Us).

8.6 Right to Object

You can object to processing based on legitimate interests and to processing for direct marketing purposes. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You also have the right to object at any time to the processing of your personal data for direct marketing purposes. You can opt out of marketing communications by clicking the “unsubscribe” link in any marketing email you receive, or by adjusting your preferences in your Dashtera account settings. You may also object to processing for usage analytics; we will provide mechanisms to opt out where applicable.

8.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time. This won’t affect the lawfulness of processing before withdrawal. You can withdraw your consent to specific processing activities by contacting us or by adjusting settings within your Dashtera account. Withdrawing consent stops marketing emails and non-essential analytics/cookies going forward and does not affect service-essential communications.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR or Finnish law. In Finland, this is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto). You can find their contact information here: https://tietosuoja.fi/en/contact-information.

8.9 Procedure for Exercising Rights

To exercise these rights, contact us at [email protected] or by mail at Tehdaskatu 24 B, 70620 Kuopio Finland. We may need to verify your identity before processing your request. We will respond to your request within one month of receipt, but this period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.

8.10 Exclusions

This Privacy Policy does not apply to any Personal Data collected by LightningChart other than Personal Data collected through the Services. This Privacy Policy also does not apply to any unsolicited information you provide to LightningChart through the Services or through any other means. This includes, but is not limited to, information posted to any public areas of the Services, such as forums, any ideas for new products or modifications to existing products, and other unsolicited submissions (collectively, “Unsolicited Information”). All Unsolicited Information shall be deemed to be non-confidential and LightningChart shall be free to reproduce, use, disclose, and distribute such Unsolicited Information to others without limitation or attribution. However, if any unsolicited submission contains Personal Data about an identifiable individual, we will handle that Personal Data in accordance with applicable data protection laws.

IX. International Data Transfers

LightningChart may transfer your personal data to countries outside the European Economic Area (EEA) (and, if applicable, the United Kingdom) for various purposes, such as data storage, processing by service providers, or to provide customer support. Some processors may be headquartered in the United States; transfers are governed by EU Standard Contractual Clauses and, where relevant, supplementary measures.

9.1 Transfer Mechanisms

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • Adequacy Decisions: We may transfer your personal data to countries that have been deemed to provide an adequate level of data protection by the European Commission. (For example, transfers to the United Kingdom are permitted under an adequacy decision.)
  • Standard Contractual Clauses: Where we use certain service providers in countries without an adequacy decision, we use specific contracts approved by the European Commission (Standard Contractual Clauses, or SCCs) which give personal data the same protection it has in Europe. For example, if we transfer data to US-based cloud or service providers for data storage or processing, we rely on SCCs to ensure the lawful transfer of data to the United States. In the case of such transfers, we will also conduct a transfer impact assessment to ensure the laws and practices of the destination country do not impinge on the effectiveness of the SCCs. Where necessary, we will implement supplementary measures to protect the data to an essentially equivalent standard as in the EEA.
  • Safeguards

In addition to the transfer mechanisms mentioned above, we implement appropriate technical and organizational safeguards to protect your data during and after the transfer, as outlined in Section 6.1 above. This includes encryption of data in transit, limiting access on a need-to-know basis, and careful vetting of foreign recipients.

X. Children’s Privacy

10.1 Age Restriction

Dashtera is not intended for use by children under the age of 18. We do not knowingly collect personal data from individuals under 18. If you are under the age of 18, please do not submit any Personal Data through the Services. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Data on the Services without permission. If you have reason to believe that a child under the age of 18 has provided Personal Data to LightningChart through the Services, please contact us, and we will endeavor to delete that information from our systems. If we become aware that we have collected personal data from a child under 18 without verification of parental consent, we will take steps to remove that information from our databases/servers.

10.2 Parental Consent

We do not offer any services that require parental consent for processing of data from children under the age of 16. In the unlikely event we did in the future, we would implement a process for obtaining verifiable parental consent before collecting any personal data from children under 16, as required by the GDPR. This process would include making reasonable efforts to verify that the person providing consent is the child’s parent or legal guardian.

(By making our service 18+, we inherently comply with various child protection laws (such as the U.S. Children’s Online Privacy Protection Act for under 13). We do not knowingly target or collect data from minors.)

XI. Sensitive Personal Data

We do not knowingly contact or collect sensitive personal data – this includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a person, or data concerning health, sex life or sexual orientation (as defined in GDPR Art. 9). Please consult Art. 9 GDPR for more information on what constitutes sensitive data. If you believe we have inadvertently collected such information, please contact us immediately so that we can either obtain your explicit consent (if required and appropriate) or delete the information.

XII. Other Terms and Conditions

Your access to and use of the Services is subject to the Terms of Service found at https://dashtera.com/term-of-services. Please review those documents, as they contain important provisions governing your use of Dashtera. In particular, the Terms of Service include disclaimers of warranties and limitations of LightningChart’s liability. For example, any Dashtera features offered as beta or experimental are provided on an “as-is” basis without guarantees, and Dashtera does not warrant that the Service’s results or analyses will be error-free or fit for a particular purpose. Use of the Services (and any reliance on the insights or data generated) is at your own risk and subject to those terms. This Privacy Policy and the Terms of Service together form the overall agreement governing your use of Dashtera. Use of cookies and similar technologies (including acquisition and analytics cookies) is further described in this Privacy Policy and, where provided, a Cookie Preferences interface in the Service.

XIII. Changes to this Privacy Policy

13.1 Notification of Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. If we make material changes to this Privacy Policy, we will notify you by email (sent to the email address specified in your account) or by means of a notice on the Dashtera platform prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. Your continued use of the Services after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy.

13.2 Effective Date

This Privacy Policy was last updated on November 11, 2025.

XIV. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), provides you with specific rights regarding our collection and use of your personal information. We also adhere to California Civil Code §1798.83 (the “Shine the Light” law) for direct marketing disclosures. As a California consumer, you have the following rights:

  • Right to Know/Access: You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. This includes the categories of personal information we collected, the categories of sources of that information, the business or commercial purposes for collecting it, the categories of third parties with whom we share it, and the specific pieces of personal information we have collected about you. (The categories of personal information collected and disclosed about consumers are described in Section II “Information We Collect,” and the categories of third parties to whom personal information may be disclosed are described in Section V “Data Sharing and Disclosure.”) Upon a verifiable request, and subject to the CCPA’s limitations, we will provide the requested information. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the address specified in this paragraph. Separately, we do not sell your personal information.
  • Right to Data Portability: As part of your right to access, you may request to receive the specific pieces of personal information we have about you in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the information to another entity.
  • Right to Deletion: You have the right to request that we delete personal information we have collected from you (and direct our service providers to do the same), subject to certain exceptions. Please see the “Data Deletion” section above (Section 7.2) for more details on how we handle deletion requests and the situations where we may retain data as permitted by law.
  • Right to Correction: You have the right to request that we correct inaccuracies in your personal information. If any personal data we maintain about you is incorrect, you may request that we correct it. (Note: You can also directly correct and update most of your information via your account settings, as described in Section 8.2 “Right to Rectification.”)
  • Right to Opt-Out of Sale/Sharing: You have the right to opt out of the sale of your personal information or the sharing of your personal information for cross-context behavioral advertising. However, we do not sell your personal information, and we do not share your personal information with third parties for cross-context behavioral advertising purposes. Because we do not engage in such practices, we do not provide a “Do Not Sell or Share My Personal Information” link at this time. If this changes in the future, we will update this Privacy Policy and provide appropriate opt-out mechanisms. We do not sell data or share it for cross-context behavioral advertising; Google Analytics advertising features are disabled.
  • Sensitive Personal Information: In the course of providing Dashtera, we do collect certain data that California law considers “sensitive personal information” (for example, account login credentials and payment card information). We only use sensitive personal information for purposes that are necessary to provide the Services (such as authentication/security or processing payments) and not for purposes like profiling or targeted advertising. Therefore, the CPRA right to limit the use of sensitive personal information is not applicable to our processing, as we do not use or disclose sensitive information beyond what is permitted under Section 1798.121 of the CPRA.
  • Right to Non-Discrimination: You have the right not to receive discriminatory treatment from us for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you a different price, or provide a different level or quality of services just because you exercised your privacy rights. We do not offer consumers financial incentives, price differences, or any service differences in exchange for personal information, nor do we penalize anyone for exercising rights.
  • Shine the Light (Direct Marketing Disclosures): Separately from the CCPA, California’s “Shine the Light” law allows customers to request certain information about our disclosure of personal information to third parties for their own direct marketing purposes. Because we do not disclose personal information to third parties for independent direct marketing without consent, in most cases there will be no such information to provide. Nonetheless, you may contact us to make a Shine the Light request. Within thirty (30) days of receiving such a request (no more than once per calendar year), we will provide a report of any relevant disclosures in the prior calendar year. This report would include the categories of personal information disclosed for third-party direct marketing purposes and the names/addresses of those third parties. We reserve the right not to respond to requests not submitted to the designated address or as otherwise required by law.

How to Exercise Your California Rights: If you are a California resident and wish to exercise any of the rights described above, you may contact us with your request by email at [email protected] (with the subject line “California Privacy Rights Request”) or by mail at the address provided in Section XV. Please specify which right you intend to exercise. We will take steps to verify your identity before fulfilling your request (for example, by requiring you to log into your account or provide certain information to match our records). If you have an authorized agent submit a request on your behalf, we will also need to verify the agent’s authority (for instance, by receiving a written permission from you or a copy of a power of attorney, and verifying your identity directly).

We will confirm receipt of your request within 14 business days and aim to respond to verifiable requests within 45 calendar days. If we need more time (up to an additional 45 days), we will inform you of the reason and extension period in writing.

XV. Contact Us

15.1 Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, or if you wish to exercise your rights or provide feedback, please contact us:

We will address your inquiry or request as promptly as possible in accordance with applicable law.

Dashtera-logo-for-dark
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.