Privacy Policy
Last updated: June 20, 2026
This Privacy Policy explains what data SQLVerify ("we", "us", "our") collects, how we use it, and the choices you have. SQLVerify is operated by Dat Nguyen, an individual based in Hanoi, Vietnam. Contact us anytime at [email protected].
1. Data we collect
- Account data — your email address, and your name/avatar if you sign in with GitHub OAuth. Authentication is handled by Supabase; we never see or store a plaintext password.
- Content you submit — the SQL schemas and queries you submit for verification, and the resulting verification output (status, counterexample data, divergence reason).
- Usage data — IP address (used for rate limiting and abuse prevention), request timestamps, and verification run counts (used to enforce free-tier limits).
- Billing data — subscription plan and status. Payment card details are collected and processed directly by Lemon Squeezy, our payment processor; we never receive or store your card number.
- API keys — if you generate a per-user API key for CI/CD use, we store only a SHA-256 hash of the key, never the raw key itself, after the one-time display at creation.
2. How we use your data
- To operate the Service — running verification, authenticating you, displaying your run history.
- To enforce free-tier usage limits and manage paid subscriptions.
- To communicate with you about your account or the Service.
- On-demand AI explanations — only when you explicitly click "Explain" on a divergent result, we send the relevant query text and counterexample data to a third-party large language model provider (Anthropic Claude, OpenAI, or Google Gemini, depending on configuration) to generate a plain-English explanation. This never happens automatically — it requires your explicit action each time.
3. Sub-processors and third parties
We share data with the following service providers, each acting as a data processor on our behalf:
| Provider | Purpose | Data involved |
|---|---|---|
| Supabase | Database, authentication | Account data, submitted content, run history |
| Render | Application hosting (Singapore region) | All data, in transit and at rest on the server |
| Lemon Squeezy | Payment processing (Merchant of Record) | Billing/subscription data; card details handled entirely by Lemon Squeezy |
| Anthropic / OpenAI / Google | On-demand AI explanations | Query text and counterexample data — only when you click "Explain" |
We do not sell your data, and we do not use your submitted SQL or schema content to train any AI model.
4. Data retention
We currently retain verification run records (including submitted SQL, schema text, and results) until you request deletion. We do not yet have an automated retention/expiry policy or a self-service deletion flow — see Section 5 below for how to request removal of your data in the meantime.
5. Your rights
You may request access to, correction of, or deletion of your personal data and account content at any time by emailing [email protected]. We will respond and act on verified requests within a reasonable time. If you are located in the European Economic Area or another jurisdiction with statutory data rights, you may have additional rights under applicable law; contact us and we will do our best to accommodate them.
6. Cookies
We use a single essential, HttpOnly session cookie to keep you signed in. We do not currently use advertising or third-party tracking cookies.
7. Security
We use HTTPS for all traffic, passwordless authentication (magic link or OAuth, so we never store a plaintext password), SHA-256 hashing for API keys, and Postgres Row Level Security policies to scope database access. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
8. International data transfers
Our infrastructure is hosted in Singapore, and our AI sub-processors may process data in other countries (including the United States). By using the Service, you consent to your data being transferred to and processed in these locations.
9. Children's privacy
The Service is not directed to anyone under 18, and we do not knowingly collect data from children.
10. Changes to this policy
We may update this Privacy Policy from time to time. We'll update the "Last updated" date above, and for material changes we'll make reasonable efforts to notify you by email.
11. Contact
Questions or requests regarding this policy can be sent to [email protected].