Privacy Policy

Last updated: January 2025

TL;DR

We take your privacy seriously. We encrypt your database credentials, never store your business data permanently, and only collect the minimum information needed to provide our service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (optional)
  • Password (hashed and salted)

1.2 Database Connection Information

To provide our service, we collect and encrypt:

  • Database connection credentials (encrypted with AES-256-GCM)
  • Database hostname and port
  • Database schema information (table names, column names, data types)

1.3 Usage Information

  • Queries you submit (for improving AI accuracy)
  • Query execution times and error logs
  • Feature usage analytics

1.4 Payment Information

We use Stripe for payment processing. We never see or store your full credit card information.

2. How We Use Your Information

  • To provide our service: Connect to your databases and execute queries
  • To improve our AI: Train our models to generate better SQL queries
  • To communicate: Send service updates, security alerts, and support responses
  • To prevent abuse: Monitor for suspicious activity and enforce usage limits

3. Data Storage and Security

3.1 Encryption

Your database credentials are encrypted at rest using AES-256-GCM encryption. Connection strings are never stored in plain text.

3.2 Query Results

Query results are temporarily stored in memory for visualization purposes only. We do not permanently store your business data.

3.3 Access Controls

Only read-only SQL queries (SELECT, WITH) are allowed. Write operations (INSERT, UPDATE, DELETE, DROP) are blocked.

4. Data Sharing

We do not sell, rent, or share your personal information or database credentials with third parties, except:

  • Service Providers: AWS (hosting), Stripe (payments), Google (AI services) - all under strict data processing agreements
  • Legal Requirements: When required by law or to protect our rights

5. Data Retention

  • Account data: Retained until you delete your account
  • Query history: Retained according to your plan (7-365 days)
  • Query results: Cleared after 24 hours or when you close your session

6. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and all associated data
  • Export your query history
  • Opt-out of marketing communications

7-10. Additional Policies

7. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use third-party advertising cookies.

8. Children's Privacy

Our service is not intended for users under 18 years of age. We do not knowingly collect information from children.

9. International Data Transfers

Your data is primarily stored in US-based data centers. By using our service, you consent to this transfer and processing.

10. Changes to This Policy

We may update this policy from time to time. We'll notify you of significant changes via email or through the platform.

Contact Us

For privacy concerns or to exercise your rights, contact us at:

privacy@whoprompt.com