Privacy Policy

Last updated: February 2025

1. Introduction

QueryNest ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our natural language database query service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (optional)
  • Password (encrypted)
  • Workspace and team information

2.2 Database Connection Information

To provide our service, we collect:

  • Database host, port, and database name
  • Database credentials (encrypted with AES-256-GCM)
  • Database schema metadata (table names, column names, data types)

2.3 Usage Data

We automatically collect:

  • Natural language queries you submit
  • Generated SQL queries
  • Query execution metadata (timing, row counts)
  • Feature usage and interaction patterns

2.4 What We Do NOT Collect or Store

  • Query results: We do not store the actual data returned by your queries
  • Your database content: We only read schema metadata, not your actual data
  • Sensitive credentials: Passwords are encrypted and never logged

3. How We Use Your Information

We use collected information to:

  • Provide and maintain our service
  • Generate SQL queries from natural language
  • Improve query accuracy and AI model performance
  • Send service-related communications
  • Process payments and manage subscriptions
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

4. Data Security

We implement robust security measures:

  • Encryption at rest: All sensitive data encrypted with AES-256-GCM
  • Encryption in transit: All connections use TLS 1.3
  • Read-only access: We only execute SELECT queries on your database
  • Access controls: Role-based permissions and audit logging
  • Regular security audits: Periodic security assessments

5. Data Sharing

We may share information with:

  • Service providers: Cloud hosting, payment processors, email services
  • AI providers: Anthropic (for query generation) - only schema metadata and queries, never your actual data
  • Legal authorities: When required by law or to protect rights

We do not sell your personal information to third parties.

6. Data Retention

We retain your account information as long as your account is active. Query history is retained for 90 days by default. Database credentials can be deleted at any time by removing the database connection. Upon account deletion, we remove your data within 30 days, except where retention is required by law.

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and data
  • Export your data
  • Object to data processing
  • Withdraw consent

To exercise these rights, contact us at support@querynest.io.

8. BYOK (Bring Your Own Key)

If you use the BYOK feature with your own Anthropic API key, your queries are sent directly to Anthropic using your key. Your API key is encrypted and stored securely. You can remove it at any time from your workspace settings.

9. Cookies

We use essential cookies for authentication and session management. We do not use tracking or advertising cookies. You can disable cookies in your browser settings, but this may affect service functionality.

10. International Data Transfers

Your data may be processed in countries outside your residence. We ensure appropriate safeguards are in place, including standard contractual clauses where required.

11. Children's Privacy

Our service is not intended for users under 16 years of age. We do not knowingly collect information from children.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the service. Continued use after changes constitutes acceptance.

13. Contact Us

For privacy-related questions or concerns:

Email: support@querynest.io