Privacy Policy

Last updated: March 29, 2026

1. Information We Collect

We collect the following types of information:

  • Account information: Email address, name, and organization (when you register).
  • Usage data: Conversion counts, API request logs, feature usage, and performance metrics.
  • Technical data: IP address, browser type, operating system, and device information.
  • Payment information: Processed securely by Stripe. We do not store full card numbers. We retain only the last four digits, card brand, and expiration date for display purposes.

2. How We Use Your Information

  • Provide, maintain, and improve the Service.
  • Process transactions and send billing-related communications.
  • Monitor usage patterns to enforce rate limits and prevent abuse.
  • Send service updates, security alerts, and support messages.
  • Aggregate anonymous usage statistics to improve conversion accuracy.

3. Data Sharing

We do not sell your personal data. We share information only in the following circumstances:

  • Service providers: Stripe (payments), cloud hosting providers (infrastructure), and email delivery services, all bound by data processing agreements.
  • BYOK LLM providers: When you use Bring Your Own Key mode, your SQL is sent to the third-party AI provider you selected (e.g., OpenAI, Anthropic).
  • Legal requirements: When required by law, court order, or to protect our rights.

4. Data Storage and Retention

Account and billing data is stored in PostgreSQL databases hosted on secure, encrypted infrastructure. Conversion history for dashboard users is retained for the duration of their subscription plus 30 days after cancellation. Free playground conversions are processed in-memory and not persisted.

When you delete your account, all associated personal data is permanently removed within 30 days, except where retention is required by law (e.g., tax records for 7 years).

5. Third-Party Services

We integrate with the following third parties:

  • Stripe: Payment processing. Subject to Stripe's Privacy Policy.
  • OAuth providers: GitHub, Google, and GitLab for authentication. We receive only the email and profile information you authorize.
  • Analytics: We use privacy-respecting analytics to understand usage patterns. No personal data is shared with advertising networks.

6. BYOK Data Handling

When using Bring Your Own Key (BYOK) mode, your API keys for third-party LLM providers (e.g., OpenAI, Anthropic) are transmitted directly to those providers and are never stored on our servers. SQL submitted for AI-assisted conversion is sent to the selected LLM provider for processing. We do not permanently store the SQL content sent through BYOK mode. Conversion results are retained only if you have an active dashboard subscription with conversion history enabled.

7. Cookies and Local Storage

We use essential cookies and browser local storage for authentication sessions, theme preferences, and CSRF protection. We do not use third-party tracking cookies or advertising cookies.

8. Your Data Rights (GDPR / CCPA)

Depending on your jurisdiction, you may have the following rights under the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), or similar privacy laws:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your account and all associated data (available in dashboard settings or via email).
  • Right to portability: Export your conversion history in standard formats (JSON, CSV).
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to object: Object to processing of your data for specific purposes.
  • Right to withdraw consent: Withdraw consent for optional data processing at any time.
  • CCPA right to know: Request details about the categories and specific pieces of personal information we have collected.
  • CCPA right to opt-out: We do not sell personal information, so this right is automatically fulfilled.

To exercise these rights, contact us at the email below or use the self-service options in your dashboard settings. We will respond to verified requests within 30 days (GDPR) or 45 days (CCPA).

9. International Data Transfers

Your data may be processed in the United States or other countries where our infrastructure providers operate. When transferring data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.

11. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at cmesakh@ymail.com.

Terms of ServiceRefund PolicyPlayground