This Privacy Policy describes how Simon Mathewson ("we", "us", or "our") collects, uses, and shares information in connection with your use of the SmartQuery application, including the website (https://smartquery.dev) and related services (collectively, the "Service"). We are committed to protecting your privacy and handling your data in an open and transparent manner, in compliance with the General Data Protection Regulation (GDPR).
1. Data Controller
The data controller responsible for your personal data is:
Simon Mathewsonc/o Postflex #9085
Emsdettener Str. 10
48268 Greven
Germany
Email: support@smartquery.dev
2. General Principles of Data Processing
SmartQuery is designed with a "local-first" approach. Core functions can run directly on your device without sending sensitive data to our servers. For enhanced functionality, such as account syncing, AI assistance, and cloud connectivity, we offer optional services that involve processing data on our secure infrastructure, as detailed in this policy.
3. Data We Collect, Purpose, and Legal Basis
a) When You Visit Our Website
When you access our website, your browser automatically transmits server log data, including your IP address, browser type, and time of access. This data is processed for the legitimate interest of ensuring the security and stability of our system (Art. 6(1)(f) GDPR).
b) When You Create an Account
To use features like connection syncing, SmartQuery Cloud, or the AI assistant, you must create an account. We collect:
- Email Address
- Password (hashed securely)
This data is processed to provide you with the account services you requested, based on the performance of a contract with you (Art. 6(1)(b) GDPR).
c) When You Subscribe to SmartQuery Plus
If you subscribe to SmartQuery Plus, we process payment information through our payment provider, Stripe. We do not directly collect or store your full credit card information. We collect:
- Billing Information: Such as your name and billing address, as required for invoicing.
- Subscription Status: We receive data from Stripe regarding the status of your subscription (e.g., active, canceled).
This processing is necessary for the performance of the subscription contract (Art. 6(1)(b) GDPR).
d) When You Save Connections to Your Account
You can save database connection configurations to your account. You can choose whether to save passwords and, if so, to store them in an encrypted format. This data is processed to perform the service you requested (Art. 6(1)(b) GDPR).
e) When You Use SmartQuery Cloud
SmartQuery Cloud acts as a proxy, allowing you to connect to your databases through our servers. When you use this feature, your database queries and the resulting data pass through our servers.
- Privacy Commitment: The content of your database queries and the data returned from your database are processed transiently to facilitate the connection. They are never logged, stored, or inspected on our servers.
This transient processing is technically necessary to provide the SmartQuery Cloud service, based on the performance of our contract with you (Art. 6(1)(b) GDPR).
f) When You Use the AI Feature
When you use the integrated AI assistant, we act as an intermediary to send data to the Google Gemini API on your behalf.
- Data Sent: We send your prompt and the database schema definitions (table structures, column names, types) to the Google Gemini API.
- Important: We never send any of your actual database content or records.
This processing is necessary to provide the AI feature as part of the Service, based on the performance of our contract with you (Art. 6(1)(b) GDPR).
g) Analytics and Performance Monitoring
We use Google Analytics and AWS CloudWatch RUM to understand service usage and monitor performance. These tools are only activated if you provide your explicit prior consent (Art. 6(1)(a) GDPR) via our cookie/consent banner. You can withdraw your consent at any time. We have enabled IP anonymization for Google Analytics.
4. Sharing Your Data & Third-Party Processors
We do not sell your personal data. We only share data with trusted third-party service providers (data processors) who help us operate our Service, under strict data processing agreements.
- Amazon Web Services (AWS): Our application and database are hosted on AWS servers located in Frankfurt, Germany.
- Stripe, Inc.: We use Stripe for payment processing for SmartQuery Plus subscriptions. Your payment data is sent directly to Stripe; we do not store your full payment card details. Stripe may process data in the U.S. under appropriate legal safeguards.
- Google LLC: We use Google's Gemini API for our AI feature and Google Analytics (with your consent). This involves sending data (as described above) to Google, which may process it in the U.S. under appropriate legal safeguards.
5. Data Storage Location
All of your primary account data (email, hashed password, connection settings) is stored on Amazon Web Services (AWS) servers located in Frankfurt am Main, Germany. By hosting within Germany, your data benefits from the high data protection standards of the GDPR and German law.
6. Your Rights Under GDPR
As a data subject, you have the right to access, rectify, erase, restrict processing of, and port your personal data. You also have the right to object to processing, withdraw consent, and lodge a complaint with a supervisory authority. To exercise your rights, please contact us using the details provided in Section 1.
7. Data Security
We use appropriate technical and organizational security measures, such as encryption and access controls, to protect your data against accidental or intentional manipulation, loss, destruction, or unauthorized access.
8. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on our website or by other means of contact.