Privacy Policy

1. Introduction

BridgeDB, Inc. ("BridgeDB," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using BridgeDB, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, name, and authentication credentials when you create an account.
• Database Connection Details: Connection strings, hostnames, database names, and credentials you provide to connect your databases.
• Payment Information: If you subscribe to a paid plan, billing details are processed by our payment provider (Stripe) and not stored on our servers.
• Communications: Information you provide when contacting support or submitting feedback.

2.2 Information Collected Automatically

• Authentication Cookies: We use essential session cookies to keep you logged in. We do not use analytics or tracking cookies.

What we don't collect: We do not collect IP addresses, browser fingerprints, device identifiers, or use third-party analytics or tracking services.

2.3 Database Query Data

When you use BridgeDB to query your databases:

• We log the SQL queries executed for audit and debugging purposes
• We log query metadata (execution time, row counts, errors)
• We do NOT permanently store the actual query results from your database
• Query results are transmitted in real-time and not retained beyond the session

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service
• Process transactions and send related information
• Send administrative messages, updates, and security alerts
• Respond to your comments, questions, and support requests
• Detect, prevent, and address technical issues
• Comply with legal obligations

4. How We Protect Your Data

We implement security measures to protect your data:

• Encryption at Rest: Database connection strings are encrypted using AES-256-GCM before storage.
• Encryption in Transit: All data transmitted between your browser and our servers uses TLS.
• Access Controls: Your data is isolated to your account and requires authentication to access.
• Credential Security: Database credentials are encrypted and never logged in plain text.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

• Service Providers: Third parties who perform services on our behalf (hosting, payment processing, email delivery).
• Legal Requirements: When required by law, subpoena, or government request.
• Business Transfers: In connection with a merger, acquisition, or sale of assets.
• With Your Consent: When you explicitly authorize us to share your information.

Third-Party Services We Use

• Supabase: Authentication and database services
• Stripe: Payment processing
• Resend: Transactional emails
• Vercel: Hosting and infrastructure

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specifically:

• Account data is retained until you delete your account
• Query logs are retained for 90 days (or as specified by your plan)
• Billing records are retained for 7 years for legal compliance
• Backup data is retained for 30 days after deletion

7. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data.
• Correction: Request correction of inaccurate data.
• Deletion: Request deletion of your personal data.
• Portability: Request a machine-readable copy of your data.
• Restriction: Request restriction of processing in certain circumstances.
• Objection: Object to processing based on legitimate interests.

To exercise these rights, contact us at privacy@bridgedb.dev.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Data processing agreements with all third-party service providers
• Compliance with applicable data protection laws

9. Cookies and Tracking

We only use essential cookies required for the Service to function:

• Authentication Cookies: Session cookies managed by Supabase to keep you logged in securely.

We do not use analytics cookies, advertising cookies, or any third-party tracking. Disabling cookies will prevent you from staying logged in.

10. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected data from a child, we will delete it promptly.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the CCPA:

• Right to know what personal information is collected
• Right to know if your data is sold or disclosed
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising your rights

12. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under GDPR including:

• The right to access, update, or delete your information
• The right to data portability
• The right to withdraw consent
• The right to lodge a complaint with a supervisory authority

Our legal basis for processing includes: performance of contract, legitimate interests, and your consent where required.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on the Service. We encourage you to review this policy periodically.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@bridgedb.dev
• Contact form: bridgedb.dev/contact

For data protection inquiries in the EU, you may also contact your local data protection authority.