Write2SQLWrite2SQL

Your data is safe with us

Security First

We built Write2SQL with security at every layer. Here's how we protect your data.

Encryption

  • At rest: All database credentials are encrypted with AES-256 before storage. Encryption keys are managed separately from application data.
  • In transit: All connections use TLS 1.2+ (HTTPS). No data is transmitted in plaintext.
  • Passwords: User passwords are hashed with bcrypt using a cost factor that makes brute-force attacks infeasible.

Database Connection Security

  • No data retention: We do not store, cache, or log the contents of your query results. Data passes through our servers during execution and is immediately discarded.
  • Read-only by default: All queries run in read-only mode unless Pro Mode is explicitly enabled. Destructive queries (DROP, ALTER, TRUNCATE) are always blocked.
  • Connection isolation: Each database connection is established per-request and terminated after use. Connections are never pooled across users.
  • Credential deletion: When you remove a connection, credentials are permanently deleted from our systems within 24 hours.

Query Safety

  • SQL injection prevention: All queries are parameterized and sanitized before execution. User input is never directly interpolated into SQL.
  • Query validation: Every query passes through a multi-layer validation pipeline that blocks dangerous patterns, enforces LIMIT clauses, and rejects DDL statements.
  • Row limits: Query results are automatically capped to prevent excessive data transfer.

AI & Data Privacy

  • Minimal data sent: Only your natural language prompt and database schema structure (table/column names and types) are sent to the AI provider. No actual data rows, credentials, or personally identifiable information are included.
  • No training: Your prompts and queries are not used to train AI models.
  • Provider: We use OpenAI's API with data processing agreements that prohibit use of customer data for model training.

Access Controls

  • Authentication: JWT-based authentication with secure token rotation and expiry.
  • Rate limiting: Aggressive rate limiting per user, per IP, and per API key to prevent abuse and brute-force attacks.
  • API key management: API keys are hashed before storage. Full key values are shown only once at creation time.
  • Audit logging: All authentication events, query executions, and administrative actions are logged for audit purposes.

Infrastructure

  • Secure hosting: Application servers run in isolated environments with minimal attack surface.
  • Security headers: Strict Content Security Policy (CSP), X-Frame-Options, X-Content-Type-Options, and other security headers are enforced on all responses.
  • Dependency monitoring: Automated scanning for known vulnerabilities in dependencies.