PlainQuery

Privacy Policy

Effective Date: October 6, 2025

Last Updated: September 6, 2025

1. Introduction

SQL Insights ("we," "us," "our," "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our database analytics platform and related services (collectively, the "Service").

By using our Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

  • Name and email address during registration
  • Password (stored as encrypted hash)
  • Profile information and preferences
  • Payment information (processed securely through Stripe)
  • Team and organization details

Database Connection Information:

  • Database host, port, and connection details
  • Database credentials (encrypted using AES-256 encryption)
  • Database schema metadata (table structures, column names, relationships)
  • Connection configuration settings

Query and Analysis Data:

  • Natural language prompts and questions
  • Generated SQL queries
  • Query execution results and metadata
  • Visualization configurations
  • Shared query settings and permissions
  • Query favorites and history

Communication Data:

  • Support requests and correspondence
  • Feedback and survey responses
  • Team invitation and collaboration messages

2.2 Information Automatically Collected

Technical Information:

  • IP address and geolocation data
  • Device information (browser type, operating system)
  • Session data and authentication tokens
  • API usage logs and request patterns

Usage Analytics:

  • Feature usage patterns and frequency
  • Query execution statistics and performance metrics
  • Team collaboration activities
  • Public sharing analytics
  • Subscription and billing usage data

Cookies and Tracking:

  • Authentication cookies (prefixed with "insightly")
  • Session management cookies
  • Preference and settings cookies
  • Cross-subdomain cookies for service functionality

2.3 Third-Party Integrations

OAuth Authentication:

  • Profile information from Google and GitHub (name, email, profile picture)
  • OAuth tokens for authentication (not stored permanently)

Database Connections:

  • Data accessed from your connected databases (PostgreSQL, MySQL, MongoDB, etc.)
  • Schema information and metadata
  • Query results (temporarily cached for performance)

Payment Processing:

  • Payment information processed through Stripe
  • Subscription and billing history
  • Invoice and payment method data

3. How We Use Your Information

3.1 Service Provision

  • Authenticate and manage your account
  • Connect to and query your databases
  • Generate SQL from natural language prompts
  • Execute queries and display results
  • Provide data visualizations and analytics
  • Enable team collaboration and sharing features
  • Process payments and manage subscriptions

3.2 Service Improvement

  • Analyze usage patterns to improve our algorithms
  • Monitor system performance and reliability
  • Develop new features and functionality
  • Optimize query generation accuracy
  • Enhance security measures

3.3 Communication

  • Send account verification and security notifications
  • Provide customer support and technical assistance
  • Send service updates and important announcements
  • Process team invitations and collaboration requests
  • Deliver password reset and account recovery assistance

3.4 Legal and Security

  • Comply with legal obligations and regulations
  • Protect against fraud, abuse, and security threats
  • Enforce our Terms of Service
  • Respond to legal requests and court orders

4. Data Storage and Security

4.1 Data Encryption and Protection

  • All database credentials encrypted at rest using AES-256 encryption
  • Application database encrypted at rest
  • All connections use TLS/SSL encryption
  • Secure authentication using JWT tokens
  • Password hashing using industry-standard bcrypt

4.2 Data Storage Architecture

  • Multi-tenant architecture with data isolation
  • Tenant-specific result databases for query output
  • Schema caching for performance optimization
  • Secure credential storage with encryption keys

4.3 Access Controls

  • Role-based access control (Owner, Admin, Member, Viewer)
  • Team-level data isolation and permissions
  • API rate limiting and authentication
  • Regular security audits and monitoring

4.4 Data Centers and Infrastructure

  • Data hosted in secure, industry-standard data centers
  • Regular backups and disaster recovery procedures
  • Monitoring and alerting for security incidents
  • Infrastructure managed through Docker and Kubernetes

5. Data Sharing and Disclosure

5.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for commercial purposes.

5.2 Authorized Sharing

We may share your information in the following circumstances:

With Your Consent:

  • When you explicitly authorize data sharing
  • Through public sharing features you enable
  • With team members according to your role settings

Service Providers:

  • Stripe for payment processing and subscription management
  • Resend for transactional email delivery
  • Cloud infrastructure providers for hosting and storage
  • Analytics providers for service improvement (anonymized data only)

Legal Requirements:

  • When required by law, regulation, or legal process
  • To protect the rights, property, or safety of our users
  • In connection with legal proceedings or investigations
  • To prevent fraud, abuse, or security threats

Business Transfers:

  • In connection with mergers, acquisitions, or asset sales
  • With appropriate privacy protections and user notification

5.3 Team and Collaboration Sharing

  • Data shared within teams according to role permissions
  • Public query sharing when explicitly enabled by users
  • Access to shared queries and visualizations
  • Team activity feeds and collaboration features

5.4 Database Data Handling

  • We access your database data only to execute your queries
  • Query results temporarily stored for performance and functionality
  • Schema metadata cached to improve service performance
  • No unauthorized access to your database content

6. Your Privacy Rights and Choices

6.1 Account Management

  • Access and update your profile information
  • Change your password and security settings
  • Manage team memberships and roles
  • Configure notification preferences

6.2 Data Control

  • Delete database connections and associated data
  • Remove stored query results and history
  • Control public sharing settings
  • Export your data in standard formats

6.3 Marketing Communications

  • Opt out of promotional emails (service emails will continue)
  • Manage communication preferences in your account settings
  • Unsubscribe links in all marketing communications

6.4 Privacy Rights by Jurisdiction

For EU/UK Residents (GDPR/UK GDPR):

  • Right to access your personal data
  • Right to rectify inaccurate information
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent

For California Residents (CCPA):

  • Right to know what personal information is collected
  • Right to know whether personal information is sold or disclosed
  • Right to say no to the sale of personal information
  • Right to access personal information
  • Right to delete personal information
  • Right to equal service and price

For Other Jurisdictions:

  • Rights as provided by applicable local privacy laws
  • Contact us for specific requests or questions

7. Data Retention

7.1 Account Data

  • User profile information: Retained while account is active
  • Account deletion: Data removed within 30 days of account closure
  • Legal holds: Data may be retained longer if required by law

7.2 Query and Results Data

  • Query history: Retained according to subscription plan
  • Result data: Cached temporarily for performance (typically 30-90 days)
  • Schema information: Updated periodically, older versions purged

7.3 Usage Analytics

  • Aggregated usage data: Retained for service improvement
  • Individual usage logs: Retained for 12 months
  • Security logs: Retained for 24 months

7.4 Communication Data

  • Support correspondence: Retained for 2 years
  • Email logs: Retained for 90 days
  • System notifications: Retained for 30 days

8. International Data Transfers

8.1 Data Processing Locations

  • Primary data processing in [PRIMARY_REGION]
  • Backup and disaster recovery in [BACKUP_REGION]
  • Service providers may process data in various locations

8.2 Transfer Safeguards

  • Adequate protection measures for international transfers
  • Standard contractual clauses with service providers
  • Compliance with applicable transfer mechanisms
  • Regular assessment of transfer safeguards

9. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

10. Third-Party Services and Links

10.1 Third-Party Integrations

Our Service integrates with various third-party services:

  • Authentication providers (Google, GitHub): Governed by their privacy policies
  • Payment processors (Stripe): Subject to their data handling practices
  • Database services: Your databases remain under your control
  • Infrastructure providers: Subject to our data processing agreements

10.2 External Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies.

11. Cookies and Tracking Technologies

11.1 Types of Cookies We Use

  • Essential cookies: Required for service functionality
  • Authentication cookies: Manage login sessions and security
  • Preference cookies: Remember your settings and preferences
  • Analytics cookies: Help us understand usage patterns (anonymized)

11.2 Cookie Management

  • Configure cookie preferences in your browser settings
  • Essential cookies cannot be disabled without affecting service functionality
  • Third-party cookies may be controlled through their respective settings

11.3 Do Not Track

Our Service does not currently respond to "Do Not Track" browser signals, but we provide various privacy controls through your account settings.

12. Security Measures

12.1 Technical Safeguards

  • End-to-end encryption for data transmission
  • Encryption at rest for stored data
  • Regular security assessments and penetration testing
  • Secure development practices and code reviews
  • Automated security monitoring and alerting

12.2 Administrative Safeguards

  • Employee access controls and background checks
  • Regular security training and awareness programs
  • Incident response procedures and breach protocols
  • Vendor security assessments and agreements

12.3 Physical Safeguards

  • Secure data center facilities with restricted access
  • Environmental controls and monitoring
  • Redundant power and network infrastructure
  • Physical security measures and surveillance

13. Data Breach Notification

In the event of a data breach that affects your personal information:

  • We will assess the scope and impact of the breach
  • Notify affected users within 72 hours when feasible
  • Provide details about the breach and steps taken to address it
  • Offer guidance on protective measures you can take
  • Comply with applicable breach notification laws

14. Privacy Policy Updates

14.1 Notification of Changes

  • We may update this Privacy Policy periodically
  • Material changes will be communicated via email or service notification
  • Continued use of the Service constitutes acceptance of updates
  • Previous versions will be archived and available upon request

14.2 Effective Date

  • Updates become effective on the posted effective date
  • Rights and obligations apply to information collected after updates
  • Contact us if you have questions about policy changes

15. Contact Information and Data Protection Officer

15.1 Privacy Inquiries

For questions about this Privacy Policy or our privacy practices:

Email: [PRIVACY_EMAIL]

Address: [COMPANY_ADDRESS]

Subject Line: "Privacy Policy Inquiry"

15.2 Data Protection Officer

If applicable to your jurisdiction, you may contact our Data Protection Officer:

DPO Email: [DPO_EMAIL]

Subject Line: "Data Protection Inquiry"

15.3 Supervisory Authority

If you are located in the EU/UK, you have the right to lodge a complaint with your local supervisory authority if you believe we have violated your privacy rights.

16. California Privacy Rights Notice

16.1 Categories of Personal Information Collected

As described in Section 2, we collect the following categories of personal information:

  • Identifiers (name, email, IP address)
  • Commercial information (subscription data, payment history)
  • Internet/network activity (usage logs, query history)
  • Professional information (team roles, database connections)

16.2 Purposes for Collection

We use personal information for the business purposes described in Section 3.

16.3 Sources of Personal Information

  • Directly from you through account registration and service use
  • Automatically through your interaction with our Service
  • From third-party authentication providers with your consent

16.4 Categories of Third Parties

We may share personal information with:

  • Service providers and business partners
  • Payment processors and billing services
  • Legal authorities when required by law

16.5 Sale of Personal Information

We do not sell personal information to third parties for monetary or other valuable consideration.

17. European Privacy Rights (GDPR)

17.1 Legal Basis for Processing

We process your personal information based on:

  • Contract performance: To provide our Service as agreed
  • Legitimate interests: To improve our Service and prevent fraud
  • Consent: For marketing communications and optional features
  • Legal obligations: To comply with applicable laws

17.2 Data Subject Rights

You have the right to:

  • Request access to your personal data
  • Rectify inaccurate personal data
  • Request erasure of your personal data
  • Restrict processing of your personal data
  • Object to processing of your personal data
  • Request data portability
  • Withdraw consent (where processing is based on consent)

17.3 Exercising Your Rights

To exercise your rights, contact us using the information in Section 15. We will respond to your request within one month.

This Privacy Policy is designed to help you understand how we collect, use, and protect your information. If you have any questions or concerns, please don't hesitate to contact us.