Legal

Privacy Policy

Last updated: March 26, 2026

1. Introduction

Datologist ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI-powered data query service (the "Service").

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and authentication credentials (via Google OAuth or email/password). If you subscribe to a paid plan, we collect billing information through our payment processor — we do not store full credit card numbers.

Database Credentials

When you connect a database, we collect your connection details (host, port, database name, username, and password or connection string). These credentials are encrypted at rest using AES-256-GCM and stored exclusively on our servers. Credentials are never transmitted to third parties, logged in plaintext, or exposed through our API.

Query History

We store the natural language questions you ask and the SQL queries generated by our AI agent. This enables your query history and conversation features. Query results — the actual data returned from your database — are streamed directly to your browser and are not persisted on our servers beyond the active session.

Usage Data

We collect standard usage analytics such as pages visited, feature usage, session duration, and browser/device information. This data is used to improve the Service and is not linked to your database queries or results.

3. How We Use Your Information

  • To provide and operate the Service, including connecting to your databases and processing your queries
  • To maintain your account, query history, and conversation context
  • To process subscription payments and manage your billing
  • To communicate with you about service updates, security notices, and support requests
  • To improve and optimize the Service based on aggregate usage patterns

4. How We Protect Your Data

  • Encryption at rest: Database credentials are encrypted using AES-256-GCM before storage
  • Encryption in transit: All data transmitted between your browser, our servers, and your databases uses TLS 1.2+
  • Query safety: Every SQL query is validated at the AST level using sqlparse/sqlglot to ensure it is a read-only SELECT statement before execution
  • No data persistence: Query results are streamed to your browser in real-time and are not stored on our servers
  • Access controls: Internal access to production systems is restricted and audited

5. AI and Your Data

Your data is never used to train AI models. When processing your queries, the AI agent accesses table metadata (table names, column names, data types) to understand your schema. Query results are used only to formulate the response to your question and are discarded after the session. We do not share your data with AI model providers for training purposes.

6. Data Sharing

We do not sell your personal information or database data. We may share limited information with:

  • Payment processors to handle subscription billing
  • Infrastructure providers who host the Service, under strict data processing agreements
  • Law enforcement when required by applicable law or valid legal process

7. GDPR Compliance

For users in the European Economic Area (EEA), we process personal data based on the following legal bases:

  • Contract performance: Processing necessary to provide the Service you subscribed to
  • Legitimate interest: Improving our Service, preventing fraud, and ensuring security
  • Consent: Marketing communications (you can opt out at any time)

You have the right to access, correct, delete, port, and restrict processing of your personal data. To exercise these rights, contact us at privacy@datologist.ai.

8. Data Retention and Deletion

We retain your account information and query history for the duration of your subscription. When you delete your account:

  • Database credentials are permanently deleted within 24 hours
  • Query history and conversation data are permanently deleted within 30 days
  • Account information is removed from active systems within 30 days
  • Encrypted backups containing your data expire within 90 days

You can request immediate deletion of all your data at any time by contacting privacy@datologist.ai.

9. Cookies

We use essential cookies to maintain your session and authentication state. We use analytics cookies to understand aggregate usage patterns. You can control cookie preferences through your browser settings.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Your continued use of the Service after such notification constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

Email: privacy@datologist.ai