Privacy Policy

EFFECTIVE — JUNE 10, 2026

Short version: we collect what the product needs to run, we encrypt the sensitive parts, we sell nothing, and you can have it all deleted by emailing us.

What we collect and why

• Account data — your email address and a scrypt hash of your password (we cannot read the password). Used for login, alerts, and service email.
• Connection and storage credentials — the database URLs and S3/R2 keys you provide, encrypted with AES-256-GCM at rest. Used solely to run your backups.
• Backup contents — your database dumps pass through our worker during backup and restore drills, encrypted before upload. Drill restores happen in ephemeral scratch instances that are destroyed after row counts are read. We do not browse, mine, or analyze your data's contents.
• Backup metadata — snapshot sizes, timestamps, table names and row counts, drill results, and failure messages. Used for your ledger, alerts, anomaly detection, and the monthly drill report.
• Billing data — handled by Stripe. We store only your Stripe customer/subscription IDs and plan; card numbers never touch our servers.
• Usage analytics — see below.
• Server logs — IP addresses and requests, retained briefly for security (rate limiting, abuse prevention) and debugging.

Analytics

We use Google Analytics 4 (page analytics) and Microsoft Clarity (session replays and heatmaps) to understand how the site is used. Sensitive inputs — connection strings, storage keys, passwords — are masked from session recordings. If you block these scripts the product works fine.

Subprocessors

Third parties that touch slices of your data, and which slices:

• Stripe — payments and billing details.
• Cloudflare — DNS and traffic proxying (sees requests in transit).
• Resend — transactional email delivery (sees your email address and alert text, which can include database names and error messages).
• Anthropic — when a backup fails, the error text and database name (never credentials or data) may be sent to the Claude API to generate a plain-English diagnosis.
• Google / Microsoft — analytics, as above.
• Your storage provider — your encrypted artifacts, in your own bucket, under your own agreement with them.

What we never do

• Sell or rent your data — any of it, to anyone.
• Use the contents of your backups for anything other than backing them up and proving they restore.
• Send marketing email without consent. Service email (failure alerts, drill reports, resets) is part of the product.

Retention and deletion

• Backup artifacts follow your plan's retention window and are deleted automatically beyond it.
• Deleting a database in the dashboard removes its stored credentials and backup records.
• To delete your entire account and everything in it, email [email protected] from your account address. Deletion is completed within 30 days and confirmed by reply. Artifacts in your own bucket are yours and are never touched by account deletion.

Cookies

One httpOnly session cookie to keep you logged in, plus analytics cookies from the services above. No ad trackers.

Changes and contact

Material changes to this policy are emailed to account holders 14 days in advance. Questions, requests, or complaints: [email protected].