Privacy Policy

We collect the following data when you use QueryCanvas: • Account information: your email address, name, and profile picture (from Firebase Auth). • Workspace data: workspace names, slugs, member roles. • Usage metadata: query counts, AI query usage, feature interactions — used to enforce plan limits and improve the product. • Billing information: handled entirely by Stripe. We store only a Stripe customer ID and subscription ID — never raw card data. • Technical data: IP addresses, browser/device information collected in server logs for security and debugging. We do NOT collect or store the contents of your databases. We do not read, copy, or analyze your underlying data.

We use collected data to: • Authenticate and authorize your access to the Service. • Process billing and manage your subscription. • Enforce plan limits (connections, seats, AI queries). • Send transactional emails (account verification, team invites, scheduled reports, payment receipts). • Improve the product through aggregated, anonymized usage analytics. • Respond to support requests and investigate security incidents.

Database credentials (passwords, API keys, OAuth tokens) are encrypted end-to-end using AES-256-GCM before being stored. We cannot read them. They are never logged, never transmitted to third parties, and are decrypted only in memory during query execution on our servers — immediately discarded after use. We have no ability to access your actual database data.

We use the following third-party services: • Firebase Authentication (Google) — user identity and authentication. • Stripe — payment processing and subscription management. • SendGrid — transactional email delivery. • Anthropic Claude API — AI-powered query generation (only your schema structure is sent, not your data). • Railway — cloud hosting infrastructure. Each third party has its own privacy policy. We recommend reviewing them for services you interact with directly.

We retain your data for as long as your account is active. When you delete your account, all personal data and workspace data is permanently deleted within 30 days, except where retention is required by applicable law (e.g., billing records for tax compliance). Encrypted database credentials are deleted immediately upon connection deletion.

Depending on your location, you may have the right to: • Access the personal data we hold about you. • Request correction of inaccurate data. • Request deletion of your account and data. • Request a portable export of your data. • Opt out of non-essential communications. To exercise these rights, email privacy@querycanvas.io. We will respond within 30 days.

We use essential cookies for authentication and session management. See our Cookie Policy at /cookies for full details.

For privacy questions or data requests, contact us at privacy@querycanvas.io.