Privacy Policy

Last updated: June 3, 2026

1. Introduction

This Privacy Policy explains how Universal DB AI ("we", "us", or "our") collects, uses, and protects your information when you use the Universal DB AI website, application, and related services (collectively, the "Service"). By using the Service, you agree to the practices described in this policy.

2. Information We Collect

• Account Information. Your name, email address, and authentication credentials provided via email magic‑link or OAuth providers (e.g., Google).
• Database Metadata. Connection strings, table names, column names, and schema descriptions that you explicitly upload or generate.
• Query Logs. Natural‑language questions, generated SQL statements, execution results (row counts, not full data unless capped), feedback ratings (👍/👎).
• Usage & Device Data. IP address, browser type, operating system, referring URLs, and timestamps (standard server logs & analytics).
• Payment Data. Billing name, email, and last‑4 digits via our payment processor (Stripe). We never store full card details.

3. How We Use Your Information

• To provide, maintain, and improve the Service.
• To generate accurate SQL answers to your questions.
• To monitor usage, prevent abuse, and enforce security limits.
• To send transactional emails (magic‑link, invoices, critical alerts).
• To comply with legal obligations and resolve disputes.

4. Legal Bases (GDPR)

We process personal data only when at least one of the following bases applies: (i) Contractual necessity (to deliver the Service you requested); (ii) Legitimate interests(security, analytics, product improvement); (iii)Consent (marketing emails); (iv) Legal obligation (book‑keeping, fraud prevention).

5. Data Sharing & Sub‑processors

We never sell your personal data. We share it only with:

• Infrastructure. AWS (hosting), Vercel (edge), Supabase or Fly.io (databases), Stripe (payments).
• AI Providers. OpenAI LLMs for natural‑language processing. Only anonymised query text and schema context is sent.
• Analytics. Plausible or Google Analytics (page views, no cookies for Plausible).
• Customer Support. Crisp, Intercom, or email ticket system if you contact us.

6. International Transfers

We store data in the United States and Europe. When data is transferred outside the EEA, we rely on Standard Contractual Clauses or an equivalent legal mechanism.

7. Data Retention

Account data is kept while you maintain an active subscription and up to 30 days after cancellation, unless a longer retention is required by law. Query logs are automatically purged after 90 days by default.

8. Your Rights

• Access to the personal data we hold about you.
• Correction or deletion of your data (subject to legal limits).
• Data porting (receive a copy in machine‑readable format).
• Object to or restrict certain processing activities.
• Withdraw consent at any time (marketing).

To exercise any of these rights, email us at contact@universal-db-ai.com.

9. Children’s Privacy

The Service is not directed to children under 13. We do not knowingly collect their data. If you believe a child provided us information, please contact us for deletion.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in‑app banner.

11. Contact Us

If you have questions about privacy, reach out at contact@universal-db-ai.com.