Legal

Privacy Policy

Last updated: May 2026

Calyphant takes your privacy seriously. This policy explains what information we collect, why we collect it, and how we protect it. We try to write this in plain English — not legal boilerplate.

If you have questions about anything here, email us at privacy@calyphant.com.

What we collect

  • Account information — Your email address, name, and password (hashed, never stored in plaintext).

  • Database connection metadata — Host, port, database name, and cloud provider. We do not store your raw connection URL or credentials in plaintext after testing.

  • Usage data — Query history, schema changes, and backup records associated with your workspace. This is core to the product.

  • Billing data — Payment information is handled entirely by Flutterwave. We store your plan tier and billing currency, not card numbers.

  • Logs and diagnostics — Error logs, request IDs, and Sentry traces for debugging. These are anonymized where possible and retained for 30 days.

What we do NOT collect

  • We never read or log the actual contents of your database beyond what you explicitly query in the app.

  • We do not sell your data to anyone.

  • We do not run ads. Your workspace is not a product we sell to advertisers.

  • We do not use your data to train AI models.

How we use your data

  • To run the product — your data is required to provide the service.

  • To send transactional emails — verification, password resets, billing receipts.

  • To improve reliability — aggregated, anonymized usage patterns help us understand what to fix and what to build.

  • To communicate about the product — only if you've opted in. You can unsubscribe from any email.

Data security

  • All data is encrypted at rest (AES-256) and in transit (TLS 1.2+).

  • Database connection credentials are encrypted before storage and decrypted only on the server when making connections.

  • We use Sentry for error tracking and Oracle Cloud Infrastructure for hosting.

  • Access to production systems is restricted and logged.

Data retention

  • Your data is retained as long as your account is active.

  • If you delete your account, your data is soft-deleted immediately and permanently deleted within 30 days.

  • Query history is retained for 90 days. You can clear it manually at any time.

  • Backup files are subject to your plan limits and can be deleted by you at any time.

Your rights

  • You can export your data at any time from the workspace settings.

  • You can request deletion of your account and all associated data by emailing us.

  • If you're in the EU or UK, you have rights under GDPR including access, correction, erasure, and portability.

Third-party services

  • Flutterwave — Handles all payment processing. Your payment data goes directly to them.

  • Sentry — Error monitoring. We configure Sentry to scrub sensitive data before sending.

  • Oracle Cloud — Infrastructure hosting. Data stored in their data centers.

  • SendPulse — Transactional emails (verification, password resets).

Cookies

  • We use a single session cookie to keep you logged in. It is httpOnly and secure.

  • We do not use tracking cookies or third-party analytics scripts.

  • There is no cookie banner because we have nothing invasive to disclose.

Changes to this policy

  • If we make material changes to this policy, we'll notify you by email at least 14 days before the change takes effect.

  • Minor clarifications may be made without notice. The 'last updated' date at the top reflects the most recent version.

Questions? Email privacy@calyphant.com.