WebDBPro ("we", "us", "our") operates the WebDBPro web application, desktop application, and related services (the "Service") available at app.webdbpro.com.
WebDBPro is the data controller for personal data collected through the Service. If you have any questions about how we handle your personal data, please contact us at privacy@webdbpro.com.
This Privacy Policy applies to all users of the WebDBPro web application and desktop application. By using the Service, you agree to the practices described in this policy. This policy should be read alongside our Terms & Conditions.
We collect the following categories of personal and account data:
If you register or log in via Google, GitHub, or Apple OAuth, we receive the following from the OAuth provider and store it on your account:
We do not receive or store your OAuth provider password.
When you save a database connection, we store:
If you connect an AI provider (OpenAI, Anthropic, OpenRouter), we store your API key encrypted at rest using AES-256-GCM. We store the encryption separately from the key. We do not display your API key in full after it has been saved — only a masked version is shown.
SQL queries you save are stored in our database with the query SQL encrypted at rest using AES-256-GCM. We also store the query name, description, tags, and associated connection ID.
Dashboard names, widget titles, chart types, layout positions, and references to saved queries are stored in our database in plain text.
We store your Stripe customer ID, subscription ID, plan name, and subscription status. We do not store payment card details. All payment processing is handled directly by Stripe. See Section 7 for more details.
We may collect basic technical data to operate the service, including:
We do not use third-party analytics tracking services (e.g. Google Analytics).
AI chat messages and query sessions are associated with your account. Chat sessions include the messages you send, the AI responses received, and the database schema context used. Chat history is retained while your account is active to allow you to restore previous sessions.
We use the data we collect for the following purposes:
| Purpose | Data used |
|---|---|
| Providing and operating the Service | Account info, connection credentials, saved queries, dashboards |
| Authenticating you and securing your account | Email, password hash, OAuth ID, JWT tokens |
| Processing subscriptions and payments | Email, Stripe customer/subscription IDs |
| Sending transactional emails | Email address (account verification, password reset, billing notifications) |
| Connecting to your external databases on your behalf | Connection credentials (decrypted in memory only during active use) |
| Routing AI queries to your chosen AI provider | AI API key (decrypted in memory only during active use), chat messages, schema |
| Security monitoring, debugging, and abuse prevention | IP address, access logs, error logs |
| Notifying you of material changes to our Terms or Privacy Policy | Email address |
We do not use your data for advertising, profiling, or sale to third parties. We do not share your personal data with any third party except as described in Section 7.
For users in the United Kingdom and European Economic Area (EEA), we process personal data on the following legal bases under the UK GDPR and EU GDPR:
We retain your data for the following periods:
| Data type | Retention period |
|---|---|
| Account information (email, profile) | Until account deletion or 2 years of inactivity |
| Password hash | Until account deletion |
| Database connection credentials | Until you delete the connection or your account |
| AI API keys | Until you remove the key or delete your account |
| Saved queries | Until you delete them or your account is deleted |
| Dashboards and widgets | Until you delete them or your account is deleted |
| Chat history | Until you clear your history or your account is deleted |
| Billing records (Stripe IDs) | 7 years (financial/legal compliance) |
| Server access logs | 90 days (rolling) |
When you delete your account, we will delete or anonymise your personal data within 30 days, except for data we are required to retain for legal or financial compliance reasons.
We implement the following security measures:
Despite these measures, no system is completely immune to security vulnerabilities. We recommend using a strong, unique password for your WebDBPro account and storing database credentials for accounts with the minimum necessary privileges.
If you believe your account has been compromised, please contact us immediately at security@webdbpro.com.
We use the following third-party services to operate WebDBPro. Each has its own privacy policy:
Subscription billing is handled by Stripe, Inc. Stripe processes your payment card details directly; we never see or store your card number, CVV, or full billing address. We share your email address with Stripe solely to create and manage your billing account. Stripe's processing of your payment data is governed by Stripe's Privacy Policy.
If you choose to sign in using Google, GitHub, or Apple, that provider will share your email address and provider user ID with us. We do not receive your OAuth provider password. Your use of those sign-in services is governed by the respective provider's terms and privacy policy. We only request the minimum scopes needed to identify you (email and basic profile).
We use an SMTP mail service to send transactional emails (account verification, password resets, billing notifications). Your email address is used solely for this purpose.
The WebDBPro Service is hosted on servers located in the United Kingdom or European Union. Server access logs may be retained by our hosting provider in accordance with their data processing terms, with which WebDBPro maintains appropriate data processing agreements.
When you send a message in an AI chat session, WebDBPro transmits:
How AI providers store, process, or use data submitted via their APIs is governed by each provider's own privacy policy and terms of service. WebDBPro is not responsible for how third-party AI providers handle data sent through their APIs. Please review:
The WebDBPro desktop application (Windows) stores database connection credentials locally on your device in an encrypted file. Locally-stored credentials are not transmitted to WebDBPro servers.
The desktop application uses your WebDBPro account (via JWT token) to authenticate with the WebDBPro server for features that require server-side processing (dashboards, saved queries, sharing, AI chat when using a server-stored connection). When using local connections in the desktop app, queries are executed directly from your machine to the target database without passing through WebDBPro's servers.
The desktop application does not collect telemetry, analytics, or usage data and does not phone home for any purpose other than authenticated API calls you explicitly initiate.
The WebDBPro web application uses a minimal number of essential cookies required for the service to function:
We do not use:
The web application may use browser localStorage or sessionStorage
to store application state (e.g. open tabs, editor content, UI preferences). This data remains
on your device and is not transmitted to WebDBPro servers, except as part of normal authenticated
API requests.
Depending on your location, you may have the following rights regarding your personal data. For users in the UK and EEA, these rights are provided by the UK GDPR and EU GDPR respectively.
You have the right to request a copy of the personal data we hold about you. You can access most of your account data directly within the application. For a full subject access request, contact privacy@webdbpro.com.
You have the right to request correction of inaccurate personal data. You can update your profile information directly in the application settings. For other corrections, contact us.
You have the right to request deletion of your personal data. You can delete your account from the application settings, which will trigger deletion of your account data. We will complete deletion within 30 days, except for data we must retain for legal or financial reasons (see Section 5).
You have the right to request that we restrict the processing of your data in certain circumstances (e.g. while a dispute is being resolved). Please contact us to exercise this right.
You have the right to receive your personal data in a structured, machine-readable format. Contact us to request a data export.
You have the right to object to processing based on legitimate interests. Where we rely on legitimate interests, you may object by contacting us, and we will assess whether our interests override your rights in the specific circumstances.
Where we process data on the basis of your consent, you may withdraw that consent at any time by contacting us or adjusting your account settings. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.
If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the relevant data protection supervisory authority:
We encourage you to contact us first at privacy@webdbpro.com so we can attempt to resolve your concern directly.
To exercise any of the rights above, please contact us at privacy@webdbpro.com with your request. We will respond within 30 days. We may ask you to verify your identity before fulfilling a request.
WebDBPro hosts its services within the United Kingdom or European Union and does not ordinarily transfer personal data to countries outside these regions.
However, when you use AI features, your chat messages and schema context are transmitted to the AI provider you have chosen, which may process data in the United States or other countries. These providers are subject to their own data transfer compliance mechanisms (e.g. EU-US Data Privacy Framework, Standard Contractual Clauses). Please review each AI provider's privacy policy for details.
If we need to transfer personal data outside the UK/EEA in the future, we will ensure appropriate safeguards are in place as required by applicable data protection law.
The WebDBPro Service is intended for use by individuals who are at least 18 years of age (or the age of legal majority in their jurisdiction). We do not knowingly collect personal data from children under 18.
If you believe that a person under 18 has provided personal data to WebDBPro, please contact us at privacy@webdbpro.com and we will take steps to delete that data promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:
Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this page periodically.
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:
This Privacy Policy was last reviewed and updated on 27 February 2026 and reflects our current data practices. For questions about our Terms of Service, please see our Terms & Conditions.