Write2SQLWrite2SQL

Privacy Policy

Last updated: March 19, 2026

This Privacy Policy describes how Write2SQL ("Company," "we," "us," or "our") collects, uses, stores, and discloses information when you use our platform, API, and related services (the "Service"). By using the Service, you consent to the practices described in this policy. If you do not agree, you must not use the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your username, email address, and hashed password. We do not store plaintext passwords. If you subscribe to a paid plan, we collect billing-related information including transaction records and payment amounts. We do not store credit card numbers directly — all payment processing is handled securely by our third-party payment processor.

1.2 Database Connection Credentials

When you configure database connections, we collect and store encrypted connection details including host, port, database name, username, and password. All credentials are encrypted using AES-256 encryption at rest. We access these credentials solely to establish connections on your behalf. We do not read, copy, or retain the contents of your databases beyond what is technically required to execute your queries during an active session.

1.3 Query and Usage Data

We log natural language prompts submitted for AI query generation, generated SQL queries, query execution metadata (execution time, row count, error status), credit consumption, API usage patterns, and timestamps. We do not store query result data (the actual rows returned from your database).

1.4 Technical Data

We automatically collect IP addresses, browser type and version, device information, referring URLs, pages visited, and access timestamps. This data is collected through server logs and is used for security monitoring, abuse prevention, and service improvement.

1.5 Cookies

We use strictly necessary cookies for authentication and session management. We do not use advertising cookies or third-party tracking cookies.

2. How We Use Your Information

We use collected information to:

  • Provide, operate, and maintain the Service
  • Authenticate your identity and manage your account
  • Process payments and manage subscriptions
  • Execute database queries on your behalf
  • Generate AI-powered SQL queries from your prompts
  • Enforce rate limits, credit limits, and usage quotas
  • Detect, prevent, and respond to fraud, abuse, and security incidents
  • Comply with legal obligations
  • Improve the Service using anonymized and aggregated data

We do not sell your personal information to third parties. We do not use your data for advertising purposes.

3. Data Sharing and Disclosure

We may share your information only in the following circumstances:

  • AI Processing: Natural language prompts and database schema metadata are sent to third-party AI providers (currently OpenAI) for SQL generation. No database contents, credentials, or personally identifiable information are included in AI requests.
  • Payment Processing: Payment information is shared with our payment processor (Paddle) to process transactions securely.
  • Legal Requirements: We may disclose information if required by law, subpoena, court order, or governmental regulation, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfer: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4. Data Retention

Account data is retained for the duration of your account and for 30 days following account deletion. Query logs and usage data are retained for 90 days for operational purposes, after which they are permanently deleted or anonymized. Billing records are retained for 7 years to comply with tax and financial reporting obligations. Database connection credentials are permanently deleted within 24 hours of you removing the connection or deleting your account.

5. Data Security

We implement industry-standard security measures including AES-256 encryption for stored credentials, bcrypt hashing for passwords, TLS/HTTPS for all data in transit, SQL injection prevention and query sanitization, rate limiting and brute-force protection, and regular security audits. Despite these measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate personal data
  • Deletion: Request deletion of your personal data and account
  • Portability: Request your data in a machine-readable format
  • Objection: Object to processing of your personal data
  • Restriction: Request restriction of processing in certain circumstances

To exercise any of these rights, submit a request through your account settings. We will respond within 30 days.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from your jurisdiction. By using the Service, you consent to the transfer of your information to such countries. We take appropriate safeguards to ensure your data remains protected in accordance with this Privacy Policy.

8. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete such information promptly.

9. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access.

10. Changes to This Policy

We may update this Privacy Policy at any time. Changes will be posted on this page with an updated effective date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy. For material changes, we will notify you via email or a prominent notice in the Service.