Privacy Policy

We collect information you provide directly: account details (name, email, password hash), usage data (queries executed, pages visited), and technical data (IP address, browser type, device information).

We use your information to: provide and maintain the Service, authenticate your identity, send transactional emails (login notifications, verification codes), monitor system health, and improve the Service.

Your data is stored in our self-hosted infrastructure. Passwords are hashed with PBKDF2-SHA256. Sessions are encrypted and stored in Redis with automatic expiration. All traffic is encrypted in transit via TLS.

We do not sell, trade, or rent your personal information to third parties. We may share data only when required by law, to protect our rights, or with your explicit consent.

We use essential cookies for authentication (session tokens). These cookies are httpOnly, secure in production, and expire after 7 days. We do not use tracking or advertising cookies.

You may: access your personal data via the Settings page, update your profile information, delete your account and associated data, and export your data. Account deletion is permanent and irreversible.

We retain your data for as long as your account is active. Query history is retained for 90 days. Audit logs are retained for 365 days. Upon account deletion, personal data is permanently removed within 30 days.

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notification.

For privacy-related inquiries, contact us at privacy@dxdata.co.