Legal

Privacy Policy

Effective date: February 20, 2026

This policy explains how DatavueX collects, uses, protects, and shares information when you connect databases, ask questions, and review results.

This document is a template written for the DatavueX product. It is not legal advice. Have qualified counsel review and adapt it for your jurisdiction and business before you rely on it in production.

1. Overview

DatavueX is an AI-powered database intelligence platform. This Privacy Policy explains what information we collect when you use the service, how we use and protect it, and the choices you have. It applies to our hosted product and, where noted, to self-hosted deployments you operate yourself.

We designed DatavueX around data boundaries: your database credentials are encrypted, generated queries are read-only by design, and self-hosting lets you keep prompts, schema, and results inside your own infrastructure.

2. Information We Collect

We collect the following categories of information:

  • Account information: your email address and authentication credentials, managed through our authentication provider. Passwords are stored only as salted hashes and are never accessible to us in plaintext.
  • Database connection details: host, port, database name, and credentials you provide to connect a data source. Credentials are encrypted with AES-256-GCM before storage and are never logged or returned in plaintext.
  • Schema metadata: table, column, and relationship information synced from your connected databases so the assistant can generate schema-aware queries.
  • Query activity: the natural-language questions you ask, the SQL generated in response, execution outcomes, and any error or retry information, stored as audit logs.
  • Model configuration: your choice of AI provider and, if you bring your own key, an encrypted copy of that API key.
  • Usage and technical data: log data such as timestamps, feature usage, and diagnostic information used to operate and secure the service.

3. Query Content and Your Database Data

When you ask a question, DatavueX sends your prompt and relevant schema context to a language model to generate SQL. Generated queries are constrained to read-only operations and are executed against your connected database to return results.

On our hosted product, prompts and schema context may be processed by third-party model providers strictly to generate responses. If you enable PII masking, sensitive columns are masked before results are surfaced. If you self-host with a local model, this content stays within your environment and is not sent to any third party.

We do not sell your database contents, query results, or prompts, and we do not use them to train third-party models.

4. How We Use Information

  • To authenticate you and operate your account.
  • To connect to your databases, sync schema, and generate and execute read-only queries on your behalf.
  • To provide self-healing retries, proactive insights, query history, and audit trails.
  • To secure the service, detect abuse, debug issues, and maintain reliability.
  • To communicate with you about service changes, security notices, and support requests.

6. How We Share Information

We share information only as needed to run the service:

  • Service providers: infrastructure, hosting, and AI model providers that process data under contract on our behalf.
  • Legal and safety: when required by law, regulation, legal process, or to protect the rights, property, and safety of our users and the public.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, with notice consistent with this policy.

7. Data Security

  • Database credentials and bring-your-own-key API keys are encrypted at rest using AES-256-GCM.
  • Generated queries are read-only by design to reduce the risk of unintended writes or destructive operations.
  • Access controls ensure resources such as connections, conversations, and audit logs are scoped to their owning account.
  • We maintain audit logs of query attempts and outcomes to support traceability and incident review.
  • No system is perfectly secure; we work to protect your data but cannot guarantee absolute security.

8. Data Retention

We retain account data for as long as your account is active. Connection metadata, schema, conversations, and audit logs are retained to provide history and traceability until you delete the associated resource or your account. Some records may be retained longer where required for legal, security, or accounting purposes.

9. Your Rights and Choices

Depending on your location, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can delete connections and their credentials at any time, and you can request account deletion.

To exercise these rights, contact us at privacy@datavuex.com. We will respond consistent with applicable law.

10. Self-Hosted Deployments

If you run DatavueX on your own infrastructure, you are the controller of the data processed within your deployment. In that configuration, database contents, prompts, schema, and query results can remain entirely inside your environment, including when you use a local model. This policy describes our hosted service; your own policies govern data you process in a self-hosted deployment.

11. International Data Transfers

Our hosted service may process data in countries other than your own. Where required, we use appropriate safeguards for cross-border transfers. Self-hosting lets you keep processing within a region you control.

12. Children's Privacy

DatavueX is not directed to children under 16 and is not intended for their use. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date above and, where appropriate, provide additional notice.

14. Contact Us

If you have questions about this Privacy Policy or how we handle data, contact us at privacy@datavuex.com.