Privacy Policy

Last updated: February 12, 2026

1. Introduction

AllSource ("we", "our", or "us") operates the AllSource platform, including the Chronos event store, query service, MCP server, and web dashboard (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and authentication credentials. If you sign up via OAuth (Google, GitHub), we receive your profile information from those providers.

2.2 Usage Data

We collect metrics about your use of the Service, including event ingestion counts, query volumes, API call frequency, and storage usage. This data is used for billing, capacity planning, and service improvement.

2.3 Event Data

You store event data in the AllSource event store. We do not access, analyze, or share the contents of your event data except as necessary to provide the Service (e.g., executing your queries). Your event data remains yours.

2.4 Technical Data

We automatically collect IP addresses, browser type, operating system, referring URLs, and device information when you interact with our web dashboard.

3. How We Use Your Information

  • Provide, operate, and maintain the Service
  • Process billing and enforce usage quotas
  • Send transactional emails (account verification, billing receipts, security alerts)
  • Monitor service health and prevent abuse
  • Improve the Service based on aggregate usage patterns
  • Respond to support requests
  • Comply with legal obligations

4. Data Storage and Security

Your event data is stored in the AllSource Core engine with write-ahead logging (WAL) and Parquet columnar storage. All data is encrypted in transit (TLS 1.2+). We implement industry-standard security practices including multi-tenancy isolation, role-based access control (RBAC), and comprehensive audit logging.

5. Data Retention

Event data retention depends on your plan tier (7 days for Developer, 90 days for Team, unlimited for Enterprise). Account information is retained while your account is active and for a reasonable period afterward for legal and operational purposes. You may request deletion of your account and associated data at any time.

6. Data Sharing

We do not sell your personal information. We may share data with:

  • Service providers who assist in operating the Service (payment processing, email delivery, infrastructure hosting)
  • Legal authorities when required by law, court order, or governmental regulation
  • Business transfers in connection with a merger, acquisition, or sale of assets

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to or restrict processing of your data
  • Withdraw consent at any time

To exercise these rights, contact us at hello@all.source.

8. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. Analytics, if enabled, use privacy-respecting methods without third-party trackers.

9. Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us for removal.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, contact us at hello@all.source.