DBCraft

Legal

Privacy Policy

Last updated · 29 April 2026

This Privacy Policy explains how DBCraft (“DBCraft”, “we”, “us”) collects, uses, and protects information in connection with our website at dbcraft.io (the “Website”) and our self-hosted dashboard software (the “Software”).

It's short on purpose: most of the product runs on your infrastructure, so we can't see your data even if we wanted to. The boring details are below.

1. Summary

  • Self-hosted Software. The DBCraft application runs on infrastructure you control. Your databases, credentials, queries, and dashboards never leave your environment and are not transmitted to DBCraft.
  • Website analytics. We collect minimal, aggregated analytics on this Website to understand how it is used. We do not sell personal data, ever.
  • Email. If you email us or join a waitlist, we keep your email so we can reply or notify you.
  • No ads, no third-party trackers, no cross-site tracking pixels.

2. Data we collect

2.1 Software (self-hosted)

When you run DBCraft on your own infrastructure, the Software does not phone home, transmit telemetry, or share data with us. All data — including database connection strings, query results, dashboards, and user accounts — stays inside your deployment.

We may publish update notifications via a publicly available version manifest. Checking for updates is optional and can be disabled with an environment flag.

2.2 Website

When you visit dbcraft.io we may process:

  • Standard request data — IP address, user agent, referrer, requested URL. Used to serve the page, detect abuse, and produce aggregated analytics.
  • Aggregate analytics — page views, country (derived from IP, then discarded), device type, and similar non-identifying signals. We use privacy-friendly analytics that do not place advertising cookies.
  • Strictly necessary cookies — used only for things like preserving theme preference. We do not place advertising or cross-site tracking cookies.

2.3 Communications

If you email us at hello@dbcraft.io or join a Pro waitlist, we collect and retain your email address and the contents of your message so we can respond and (if you joined a waitlist) notify you when the relevant feature is available.

3. How we use information

  • To operate and secure the Website.
  • To improve the Website and Software based on aggregated usage.
  • To respond to your enquiries.
  • To notify waitlist members of product availability.
  • To comply with legal obligations.

We do not sell, rent, or trade personal data. We do not use your personal data to train machine-learning models.

4. Legal bases (UK / EU users)

Where the UK GDPR or EU GDPR applies, we rely on the following legal bases:

  • Legitimate interest — to operate, secure, and improve the Website, and to send replies you have asked for.
  • Consent — for waitlist sign-ups and any optional analytics that require consent under your local law.
  • Legal obligation — when we must keep records to comply with applicable laws.

5. Sharing

We share personal data only with service providers who help us run the Website and respond to enquiries, under written contracts that limit them to acting on our instructions. Today that includes:

  • Hosting — Vercel Inc., for serving the Website.
  • Email — our email provider for handling messages sent to hello@dbcraft.io.

We do not share data with advertisers or data brokers. We may disclose information if required by law or to protect rights and safety.

6. International transfers

Some of our service providers may process data outside your country of residence (for example, in the United States). Where required, we rely on standard contractual clauses or equivalent safeguards.

7. Retention

  • Aggregated analytics — kept for up to 24 months.
  • Email correspondence and waitlist entries — kept for as long as needed to respond to you, or until you ask us to delete them.
  • Server logs — kept for up to 30 days, then deleted or anonymised.

8. Your rights

Depending on where you live, you may have the right to access, correct, delete, or restrict the processing of your personal data, to object to processing, to data portability, and to lodge a complaint with a supervisory authority.

To exercise these rights, email hello@dbcraft.io. We will respond within 30 days. We don't require a specific form of request — plain English is fine.

UK / EEA — you can complain to your local data protection authority (e.g. the UK ICO).

California (CCPA / CPRA) — you have the right to know what personal information we hold, to request deletion, to correct inaccuracies, and to opt out of any “sale” or “share” of personal information. We do not sell or share personal information.

9. Security

We use industry-standard safeguards to protect the Website, including TLS in transit and access controls on internal systems. No system is perfectly secure, but we work to reduce the risk of unauthorised access.

Inside the Software, database credentials are encrypted at rest using AES-GCM, connections to your databases use TLS where supported, and SSH tunnels are available for connections that require them.

10. Children

The Website and Software are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please email us and we will delete it.

11. Changes to this policy

We may update this Policy to reflect changes in the Website, Software, or applicable law. When we make material changes, we will update the “Last updated” date at the top and, where appropriate, notify you by email or a notice on the Website.

12. Contact

Questions, requests, or complaints? Email hello@dbcraft.io. We read every message.