Download Get started

Privacy Policy

Last updated: 2026-04-26

1. Introduction

This Privacy Policy explains how ByeSQL collects, uses, stores, and protects your personal data when you use our website (byesql.com), sign up to our waitlist, or use the ByeSQL application. Please read it carefully. By using our services you acknowledge the practices described here.

2. Data Controller

ByeSQL is operated by a legal entity currently being incorporated. For any privacy-related enquiries, contact us at support@byesql.com.

3. What Data We Collect and Why

Account data

When you sign in via Google OAuth or Microsoft OAuth, we receive your name, email address, and profile avatar from the identity provider. We use this to create and maintain your account. The OAuth provider processes your identity data as part of the authentication flow — please refer to their respective privacy policies for details on how they handle that data. Legal basis: performance of a contract.

Waitlist data

If you join our waitlist, we collect your email address to notify you when ByeSQL becomes available. Legal basis: consent. You can withdraw consent at any time by emailing support@byesql.com.

Database connection credentials

To connect your database, we collect the host, port, database name, username, and password. Passwords are encrypted at rest with AES-256; the encryption key is stored separately from the database. Legal basis: performance of a contract.

Database schema

ByeSQL introspects the structure of your database — table names, column names, data types, keys, and relationships — and caches it internally. This schema is sent to an external AI service provider to generate SQL from your natural language prompts.

ByeSQL does not access, read, or store the actual data inside your database — only its structure (schema). Legal basis: performance of a contract.

Natural language prompts

The plain-language queries you type are sent to an external AI service provider to be translated into SQL. Legal basis: performance of a contract.

Query history

We store your prompts, the generated SQL, and execution metadata (duration, row count, status). This lets you review past queries and helps us improve reliability. Legal basis: performance of a contract and legitimate interest.

Billing and payment data

When you subscribe to a paid plan, payment processing is handled entirely by Stripe, our third-party payment processor. ByeSQL does not collect or store your card number, bank details, or any other sensitive payment information. We receive from Stripe only non-sensitive billing metadata such as subscription status, plan type, and billing period. Please refer to Stripe's Privacy Policy for details on how they handle your payment data. Legal basis: performance of a contract.

Analytics data

We use an external analytics provider in two contexts:

  • Landing page: page views and session behaviour, to understand how visitors discover and navigate byesql.com.
  • Inside the app: feature usage, user flows, and product events, to understand how users interact with the product and where we can improve.

No financial data or database content is ever included in analytics events. Legal basis: legitimate interest. You can opt out by contacting support@byesql.com.

4. Third Parties We Share Data With

ByeSQL does not sell your data to any third party. We share data only with the following categories of sub-processors:

AI service provider

We use an external AI service provider to process your database schema and natural language prompts for two purposes: (1) generating SQL from your prompts, and (2) generating query suggestions shown in the UI. The provider does not use data submitted via the API to train its models.

Payment processor

We use Stripe to process payments for paid subscriptions. When you enter your payment details, those details are submitted directly to Stripe and never pass through ByeSQL's servers. Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available. See Stripe's Privacy Policy for more information.

Analytics provider

We use an external analytics provider to collect usage data on the landing page and inside the app, as described in section 3. No financial data or database content is ever shared with this provider.

5. Data Retention

  • Account data: deleted within 30 days of an account deletion request.
  • Waitlist data: retained until you request removal or the waitlist closes.
  • Database credentials: deleted immediately upon connection deletion.
  • Schema cache: deleted upon connection deletion.
  • Query history: automatically deleted after 12 months.
  • Billing metadata: retained for as long as required by applicable tax and accounting law (typically 7 years).
  • Analytics: per our analytics provider's data retention policy.

6. Your Rights Under GDPR

If you are located in the European Economic Area, you have the following rights:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion of your personal data ("right to be forgotten").
  • Restriction: request that we limit how we process your data.
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interest.
  • Withdrawal of consent: withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email support@byesql.com. You also have the right to lodge a complaint with the relevant data protection supervisory authority. The competent authority will be specified once the legal entity is incorporated.

7. Data Security

We take the following measures to protect your data:

  • Database credentials are encrypted at rest with AES-256; the encryption key is stored separately from the database.
  • ByeSQL operates in SAFE mode: only SELECT queries are executed. Your data can never be modified or deleted through ByeSQL.
  • Error messages are sanitised before being shown to users to prevent leaking internal information.
  • Sessions are managed with signed JWTs.
  • Authentication is handled exclusively via Google OAuth and Microsoft OAuth. ByeSQL stores no passwords.

8. Children's Privacy

ByeSQL is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us at support@byesql.com and we will delete it promptly.

9. Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you by email before the changes take effect. The "Last updated" date at the top of this page always reflects the most recent revision.

10. Contact

For any questions or requests regarding this Privacy Policy, contact us at support@byesql.com.