1. Information We Collect
- Account: Email, name, profile picture via Google OAuth (auto-created on first sign-in)
- Payment: Stripe customer ID and subscription status only; Stripe handles all card data
- SQL Queries: Stored locally on your device. If you enable cloud sync, encrypted with AES-256 before upload
- AI Conversations: Stored locally; may be sent to AI providers (Anthropic, Google, OpenAI) for processing
- BigQuery Metadata: Table names and schemas cached locally for 24 hours; never shared with third parties or AI providers
- Analytics: Feature usage and performance metrics (opt-out available in Settings)
2. Data Storage
- Desktop: Tokens stored in OS keychain (macOS Keychain, Windows Credential Manager, Linux Secret Service)
- Web: Tokens in HTTP-only secure cookies
- Cloud sync: AES-256 encrypted; shared queries auto-expire after 7 days
- Infrastructure: Google Cloud Platform (Firestore); Stripe for payments (PCI DSS Level 1)
3. Third-Party Services
- Google Cloud: Authentication and BigQuery access
- Stripe: Payment processing (privacy policy)
- AI Providers: Anthropic, Google, OpenAI for Prism AI features
- Firebase Analytics: EU users get no-cookie mode; opt-out in Settings
4. Data Retention
- Account data deleted within 30 days of account deletion request
- Payment records retained 7 years per tax law
- Shared queries auto-expire after 7 days
- Analytics data retained 90 days
5. Your Rights
You can access, export, correct, or delete your data. EU users have GDPR rights including data portability. Contact contact@querylab.io to exercise these rights.
6. Security
All data encrypted in transit (TLS) and at rest (AES-256 for cloud-synced data). We will notify affected users of any data breach within 72 hours as required by GDPR.
7. Changes
Material changes announced via email 30 days in advance. Continued use after changes constitutes acceptance.
8. Contact
Email: contact@querylab.io