Privacy Policy

Last updated: January 2026

1. What We Collect

When you use dbaBrain.ai, we collect the following types of information:

Account Information

  • Name, email address, and organization name
  • Password (stored as a bcrypt hash, never in plaintext)
  • Billing information (processed by Stripe, not stored by us)

Database Metadata

  • Connection parameters (host, port, database name, username)
  • Passwords and SSL certificates (encrypted with AES-256-GCM at rest)
  • PostgreSQL version, extensions, and configuration parameters
  • Schema structure (table names, column types, index definitions)
  • Performance metrics (connections, queries/sec, cache ratios, replication lag)
  • Query text and execution statistics from pg_stat_statements
  • Active session information from pg_stat_activity
  • Log entries related to errors, slow queries, and warnings

What We Do NOT Collect

  • Your actual database row data (we never SELECT from your tables)
  • User personal data stored in your databases
  • File contents from your servers (beyond PostgreSQL configs)

2. How We Use It

  • To provide the Service - monitoring, analysis, and diagnostics
  • To build baseline models of your database environment
  • To detect anomalies and generate alerts
  • To provide AI-powered root cause analysis via Sage
  • To improve the Service and develop new features
  • To communicate with you about your account and the Service

3. Data Retention

Metric data is retained according to your plan tier: 7 days (Free), unlimited (Pro), custom (Enterprise). Account data is retained for the duration of your account plus 30 days after deletion. Database credentials are deleted immediately upon disconnecting a database or closing your account. Aggregated, anonymized data may be retained indefinitely for Service improvement.

4. Third-Party Services

We use the following third-party services:

  • Stripe - payment processing (PCI DSS compliant)
  • Anthropic (Claude) - AI analysis engine (no customer data is sent to train models)
  • Vercel - frontend hosting
  • Cloud infrastructure provider - backend and database hosting

We do not sell your data to third parties. We do not share your database metadata with third parties except as necessary to provide the Service.

5. Security

  • All credentials encrypted at rest with AES-256-GCM
  • All data in transit encrypted with TLS 1.3
  • SOC 2 Type II compliance (in progress)
  • Regular security audits and penetration testing
  • Role-based access control (Admin, Editor, Viewer)
  • Audit logging of all administrative actions
  • BYOK (Bring Your Own Key) encryption available on Enterprise plans

6. Your Rights

You have the right to:

  • Access your data - request a copy of all data we hold about you
  • Correct your data - update inaccurate information
  • Delete your data - request deletion of your account and all associated data
  • Export your data - download your metrics and configuration data
  • Restrict processing - limit how we use your data
  • Object to processing - opt out of non-essential data usage

To exercise any of these rights, contact us at privacy@dbabrain.ai. We will respond within 30 days.

7. Cookies

We use essential cookies only: session authentication tokens stored in localStorage. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. If we add analytics in the future, we will use a privacy-friendly solution (such as Plausible Analytics) that does not track individual users.

8. Contact

If you have questions about this Privacy Policy, please contact us at privacy@dbabrain.ai.