Privacy Policy

Effective Date: August 16, 2025

Last Updated: August 22, 2025

1. Introduction

Query Lab (“we,” “us,” “our,” or the “Company”) operates the website https://querylab.dev (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the “Last Updated” date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates.

2. Information We Collect

We collect information about you in various ways when you use our Service. The information we may collect includes:

Important Note About Database Access

Query Lab connects to your databases through encrypted, read-only connections. We do not store your actual database data on our servers. We only cache metadata (table names, column names, and sample data) to improve performance and provide database schema information.

Personal Information

  • Names (first and last)
  • Email addresses
  • Profile pictures/avatars
  • Billing and payment information (processed securely through our payment processors)
  • User-generated content that you provide through the Service

Technical Information

  • IP addresses
  • Device information (including device type, operating system, browser type and version)
  • Location data (derived from IP address or as permitted by your device settings)
  • Usage analytics and behavior (including pages visited, features used, and interaction patterns)
  • Query history (SQL queries executed through our service, stored with timestamps and connection information)
  • Database connection metadata (encrypted database connection details and SSH tunnel configurations)

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. This includes Mixpanel analytics for understanding user behavior and improving our Service. Cookies are files with a small amount of data which may include an anonymous unique identifier. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

3. How We Use Your Information

We use the information we collect or receive:

  • To provide and maintain our Service including monitoring usage and troubleshooting issues
  • To manage your account and provide customer support
  • To process transactions and send you related information, including purchase confirmations and invoices
  • To send administrative information such as changes to our terms, conditions, and policies
  • To improve our Service by analyzing how users interact with various features
  • To generate AI-powered embeddings for business definitions to enable semantic search functionality
  • To maintain query history for audit trails and user convenience
  • To provide database introspection and cache metadata for improved performance
  • To enforce our terms, conditions, and policies
  • To comply with legal obligations and protect our rights and the rights of others
  • To prevent fraud and enhance the security of our Service
  • For business transfers in connection with any merger, sale of company assets, financing, or acquisition

4. Disclosure of Your Information

We may share information we have collected about you in certain situations:

Service Providers

We may share your information with third-party service providers that perform services for us or on our behalf, including:

  • Clerk - Authentication and user management services
  • Stripe - Payment processing and billing management
  • OpenAI - AI-powered text embeddings for business definitions search
  • Railway - Cloud hosting and infrastructure services
  • Mixpanel - Analytics and user behavior tracking
  • Email delivery and customer communications
  • Technical support and customer service

These service providers are contractually obligated to keep your information confidential and use it only for the purposes for which we disclose it to them.

Business Transfers

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

Legal Obligations

We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process.

Vital Interests and Legal Rights

We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person, or as evidence in litigation in which we are involved.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When we no longer have a legitimate business need to process your personal information, we will either delete or anonymize it.

Specific Retention Periods

  • Query history: Retained for the duration of your subscription plus 30 days
  • Database metadata: Cached during active use, refreshed periodically, deleted when connection is removed
  • Business definitions: Retained for the duration of your subscription
  • Billing information: Retained for 7 years for tax and accounting purposes
  • Account information: Retained until account deletion

We maintain records indefinitely for the following purposes:

  • Legal compliance and record-keeping requirements
  • Resolving disputes
  • Enforcing our agreements
  • Business analytics and Service improvement (in anonymized form)

6. Security of Your Information

We use administrative, technical, and physical security measures designed to protect your personal information, including:

  • AES-256-GCM encryption for all sensitive data including database connection credentials and SSH keys
  • Multi-tenant data isolation ensuring your organization’s data is completely separate from other users
  • OAuth 2.1 security protocols for API access with time-limited access tokens
  • Read-only database connections to prevent unauthorized data modifications
  • SSH tunnel support for secure connections to private databases

While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.

7. Your Data Protection Rights

Depending on your location, you may have certain rights regarding your personal information:

  • Access - You may request copies of your personal information
  • Correction - You may request that we correct any inaccurate or incomplete information
  • Deletion - You may request that we delete your personal information, subject to certain exceptions
  • Data Portability - You may request that we transfer your data to another organization
  • Objection - You may object to our processing of your personal information

To exercise any of these rights, please contact us at support@querylab.dev. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

8. Children’s Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@querylab.dev, and we will take steps to delete such information.

9. International Users

As we operate in the United States, your information will be transferred to, stored, and processed in the United States. By using our Service, you consent to the transfer of your information to the United States and acknowledge that the data protection laws of the United States may be different from those in your country.

10. California Privacy Rights

California residents have specific rights regarding their personal information under the California Consumer Privacy Act (CCPA). These rights include:

  • The right to know what personal information we collect, use, disclose, and sell
  • The right to request deletion of personal information
  • The right to opt-out of the sale of personal information (we do not sell personal information)
  • The right to non-discrimination for exercising privacy rights

To exercise these rights, California residents may contact us at support@querylab.dev.

11. Third-Party Services

Our Service may contain links to third-party websites and services that are not operated by us. We strongly advise you to review the privacy policies of these third parties. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

12. Governing Law and Dispute Resolution

This Privacy Policy and your use of our Service are governed by and construed in accordance with the laws of the United States, without regard to its conflict of law principles.

Any dispute arising out of or relating to this Privacy Policy or our privacy practices shall be resolved through binding arbitration in accordance with the rules of the American Arbitration Association. The arbitration shall be conducted in the United States, and judgment on the arbitration award may be entered in any court having jurisdiction thereof.

13. Limitation of Liability

TO THE FULLEST EXTENT PERMITTED BY LAW, QUERY LAB SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS OR REVENUES, WHETHER INCURRED DIRECTLY OR INDIRECTLY, OR ANY LOSS OF DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES RESULTING FROM YOUR USE OF THE SERVICE OR THIS PRIVACY POLICY.

14. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated “Last Updated” date and the updated version will be effective as soon as it is accessible. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.

15. Contact Information

If you have questions or comments about this Privacy Policy or our privacy practices, please contact us at:

Query Lab

Email: support@querylab.dev

Website: https://querylab.dev

For data deletion requests or to exercise your privacy rights, please contact us with “Privacy Request” in the subject line.

For customer support inquiries, please email us at support@querylab.dev. We aim to respond to all inquiries within a reasonable timeframe.

This Privacy Policy was last updated on August 22, 2025