Privacy Policy

“DB AI Magic”, “we”, “us” refers to the operator of dbide.app. We are the data controller for personal data you submit when creating an account or contacting support. For data you process through the service (your databases, your queries, your reports), we act as a data processor on your behalf — see the Data Processing Addendum.

We collect three categories of data:

• Account data: name, email, profile photo (via Google OAuth), organisation name, role.
• Workspace data: connection metadata (host, port, encrypted credentials), saved queries, datasets, dashboards, AI chat transcripts, audit logs.
• Operational data: request logs, error traces, IP address, browser user agent, feature usage metrics. Retained for 90 days.

We do not store the contents of your database tables. Result rows are streamed to your browser and held only in memory; nothing is persisted on our side unless you explicitly save a dataset or export.

• To provide and operate the service you signed up for.
• To authenticate you and protect against abuse and account takeover.
• To improve the product based on aggregate, de-identified usage patterns.
• To communicate with you about incidents, billing and product updates you've opted into.

We rely on contract (to provide the service you paid for), legitimate interest (to operate and secure the service), and consent (for optional analytics and marketing emails — you can withdraw consent at any time from your account settings).

When you use AI Chat, the user message, an extracted schema summary and generated SQL are sent to our AI provider for the duration of the request. Provider responses are returned to you and stored alongside the chat thread. Our AI provider does not train on your prompts. You can clear individual chats or delete your entire AI history from Settings → AI.

We use a small number of vetted infrastructure providers (cloud hosting, transactional email, error monitoring and an AI model provider). The current list, along with what each processes and where, lives at /legal/security and is updated when it changes.

• Account data: kept until you delete your account.
• Workspace data: kept until you delete it from the product or close your organisation.
• Backups: rolling encrypted backups are retained for 30 days, then automatically purged.
• Operational logs: 90 days.

Depending on where you live, you may have the right to access, correct, export or delete your personal data, and to object to or restrict its processing. Most of these can be done in-product. For anything else, email privacy@dbide.appand we'll respond within 30 days.

Data is stored in the region you select when you create your organisation (currently us-east-1 or eu-west-1). When data must cross borders for support or operations, we rely on the EU Standard Contractual Clauses and equivalent transfer mechanisms.

Privacy questions: privacy@dbide.app. Everything else: hello@dbide.app.