Privacy Policy

We take your privacy seriously. This policy explains how we handle your data.

Effective Date: January 1, 2025
Last Updated: January 1, 2025
Version: 2.0

Table of Contents

  1. Introduction
  2. Information We Collect
  3. How We Use Your Information
  4. Legal Basis for Processing
  5. Data Storage and Security
  6. Information Sharing and Disclosure
  7. Your Rights and Choices
  8. Data Retention
  9. International Data Transfers
  10. Cookies and Tracking Technologies
  11. Third-Party Services
  12. Children’s Privacy
  13. California Privacy Rights
  14. Changes to This Policy
  15. Contact Information

Introduction

Welcome to QryBit (“we,” “our,” or “us”). We provide cloud-based SQLite database hosting services that make database management simple, secure, and scalable. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (https://www.qrybit.dev) and services (collectively, the “Services”).

Our Core Privacy Principles:

  • Transparency: We’re clear about what data we collect and why
  • Security First: Your data is protected with enterprise-grade security
  • User Control: You maintain control over your data
  • No Data Sales: We never sell your personal information to third parties
  • Minimal Collection: We only collect what’s necessary to provide our Services

By using QryBit, you agree to the collection and use of information in accordance with this policy. If you disagree with any part of this policy, please discontinue use of our Services immediately.

Information We Collect

1. Information You Provide Directly

Account Registration Information

  • Basic Details: Full name, email address, username
  • Security Credentials: Password (stored using bcrypt hashing), optional two-factor authentication tokens
  • Organization Information: Company name, team name, role/title (optional)
  • Contact Preferences: Communication preferences, time zone

Billing and Payment Information

  • Payment Details: Credit/debit card information, bank account details (processed by Stripe)
  • Billing Address: Street address, city, state/province, postal code, country
  • Tax Information: VAT number, tax ID (where applicable)
  • Subscription Details: Plan type, billing cycle, payment history

Database and Content

  • SQLite Databases: Database files, schemas, and structures you upload
  • Database Metadata: File names, sizes, creation dates, modification dates, access patterns
  • Query History: SQL queries executed (retained for 30 days for debugging)
  • API Keys: Generated API tokens for programmatic access
  • Configuration Settings: Database connection settings, security rules, access permissions

Communications

  • Support Tickets: Messages, attachments, and correspondence with our support team
  • Feedback: Survey responses, feature requests, bug reports
  • Community Content: Forum posts, comments (if you participate in our community)

2. Information We Collect Automatically

Usage Information

  • Service Interaction: Features used, buttons clicked, pages viewed
  • Performance Metrics: Query execution times, database read/write operations, API calls
  • Error Logs: System errors, failed operations, debugging information
  • Session Data: Login times, session duration, logout events

Device and Technical Information

  • Device Details: Device type, operating system, browser type and version
  • Network Information: IP address, ISP, connection type
  • Location Data: Approximate geographic location based on IP address (country/city level)
  • Browser Storage: Cookies, local storage, session storage data

Analytics Data

  • Aggregated Metrics: Service usage patterns, feature adoption rates
  • Performance Analytics: Load times, response times, error rates
  • A/B Testing Data: Variant assignments, conversion metrics

3. Information from Third Parties

Authentication Providers

If you sign up using OAuth:

  • GitHub: Username, email, profile picture, repository permissions (if requested)
  • Google: Name, email, profile picture
  • Microsoft: Name, email, organizational information

Integration Partners

  • Cloud Storage: File metadata when importing databases from AWS S3, Google Cloud Storage, or Azure
  • Monitoring Services: Performance data from integrated monitoring tools
  • Payment Processors: Transaction confirmations, payment status updates

How We Use Your Information

Core Service Operations

  • Database Hosting: Store, manage, replicate, and backup your SQLite databases
  • Access Management: Authenticate users, manage permissions, enforce security policies
  • Performance Optimization: Monitor and optimize database performance, implement caching
  • Service Delivery: Process queries, handle API requests, manage connections

Account Management

  • User Authentication: Verify identity, manage sessions, implement security measures
  • Billing Operations: Process payments, generate invoices, manage subscriptions
  • Communication: Send transactional emails, service updates, security alerts
  • Support Services: Respond to inquiries, troubleshoot issues, provide technical assistance

Service Improvement

  • Product Development: Analyze usage patterns to develop new features
  • Performance Enhancement: Identify bottlenecks, optimize infrastructure
  • User Experience: A/B testing, user interface improvements
  • Bug Fixes: Diagnose and resolve technical issues

Security and Compliance

  • Threat Detection: Monitor for suspicious activity, prevent unauthorized access
  • Fraud Prevention: Detect and prevent fraudulent transactions
  • Legal Compliance: Meet regulatory requirements, respond to legal requests
  • Audit Trails: Maintain logs for security investigations

Marketing and Communications

  • Product Updates: Inform about new features, improvements (with consent)
  • Educational Content: Send tutorials, best practices, documentation updates
  • Promotional Offers: Special pricing, upgrades (only with explicit consent)
  • Community Building: Newsletter, blog updates, webinar invitations

We process your personal information under the following legal bases:

Contract Performance

Processing necessary to fulfill our service agreement with you:

  • Providing database hosting services
  • Managing your account
  • Processing payments
  • Providing customer support

Legitimate Interests

Processing for our legitimate business interests:

  • Improving and optimizing our Services
  • Detecting and preventing fraud
  • Ensuring network and information security
  • Direct marketing to existing customers (with opt-out option)

Processing to comply with legal requirements:

  • Tax and accounting obligations
  • Responding to lawful requests from authorities
  • Enforcing our terms of service

Processing based on your explicit consent:

  • Marketing communications to prospects
  • Non-essential cookies and tracking
  • Sharing data with third parties beyond service providers

Vital Interests

In rare cases, processing to protect vital interests:

  • Emergency situations affecting life or safety

Data Storage and Security

Security Measures

Technical Safeguards

  • Encryption at Rest: AES-256 encryption for all stored data
  • Encryption in Transit: TLS 1.3 for all data transmissions
  • Key Management: Hardware Security Modules (HSMs) for cryptographic key storage
  • Network Security: Web Application Firewall (WAF), DDoS protection, intrusion detection

Access Controls

  • Authentication: Multi-factor authentication required for all employee accounts
  • Authorization: Role-based access control (RBAC) with principle of least privilege
  • Audit Logging: Comprehensive logs of all data access and modifications
  • Employee Training: Regular security awareness training for all staff

Infrastructure Security

  • Data Centers: SOC 2 Type II certified facilities
  • Redundancy: Geographic distribution across multiple availability zones
  • Backup Strategy: Daily automated backups with point-in-time recovery
  • Disaster Recovery: RPO of 1 hour, RTO of 4 hours

Compliance Certifications

  • ISO 27001: Information security management
  • SOC 2 Type II: Security, availability, and confidentiality
  • PCI DSS: Payment card data security (via Stripe)
  • GDPR Compliant: EU data protection standards

Data Location

Primary data storage locations:

  • United States: AWS US-East-1 (Virginia), US-West-2 (Oregon)
  • European Union: AWS EU-Central-1 (Frankfurt), EU-West-1 (Ireland)
  • Asia-Pacific: AWS AP-Southeast-1 (Singapore) - available on request

Information Sharing and Disclosure

Service Providers

We share information with trusted third-party service providers:

  • Infrastructure: Amazon Web Services (hosting), Cloudflare (CDN/security)
  • Payment Processing: Stripe (payments), Paddle (international billing)
  • Communications: SendGrid (transactional email), Intercom (customer support)
  • Analytics: Plausible Analytics (privacy-focused analytics), Sentry (error tracking)
  • Security: Auth0 (authentication), DataDog (monitoring)

All service providers are bound by data processing agreements and confidentiality obligations.

We may disclose information when required by law:

  • Court orders, subpoenas, or legal processes
  • Government agency requests with proper authorization
  • Protection of our legal rights or property
  • Prevention of fraud or cybersecurity threats
  • Protection of public safety

Business Transfers

In the event of a merger, acquisition, or asset sale:

  • Users will receive 30 days advance notice
  • Option to export and delete data before transfer
  • Acquiring entity must honor this privacy policy

Aggregate Information

We may share anonymized, aggregated data:

  • Industry reports and benchmarks
  • Research publications
  • Marketing materials
  • No individual identification possible

With your permission, we may share data:

  • Team collaboration features
  • Third-party integrations you authorize
  • Public testimonials or case studies

Your Rights and Choices

Universal Rights

Access and Portability

  • View all personal information we hold about you
  • Export your data in machine-readable formats (JSON, CSV)
  • Obtain copies of your databases at any time
  • Access audit logs of data access

Correction and Update

  • Edit your profile information
  • Update billing details
  • Correct inaccurate data
  • Manage team member information

Deletion and Erasure

  • Delete your account and all associated data
  • Request removal of specific databases
  • Clear query history and logs
  • Note: Some data retained for legal/security purposes

Control and Restriction

  • Limit data processing to essential operations
  • Object to automated decision-making
  • Withdraw consent for optional processing
  • Manage cookie preferences

Communication Preferences

  • Opt-out of marketing emails (one-click unsubscribe)
  • Choose notification types and frequency
  • Select preferred communication channels
  • Manage digest email settings

Data Processing Controls

  • Enable/disable analytics collection
  • Control third-party integrations
  • Manage API access permissions
  • Configure data retention settings

Data Retention

Retention Periods

Data CategoryActive AccountAfter Account Closure
Account InformationDuration of account90 days
Database FilesPer your plan30 days grace period
Query Logs30 days rollingImmediately deleted
Access Logs12 months90 days
Billing Records7 years7 years (legal requirement)
Support Tickets2 years1 year
Analytics Data24 monthsAnonymized immediately
Backup Data30 days rolling7 days

Deletion Process

  • Automated deletion after retention period
  • Secure overwriting of storage media
  • Removal from all backup systems
  • Confirmation email upon completion

International Data Transfers

Transfer Mechanisms

We transfer data internationally using approved methods:

  • Standard Contractual Clauses (SCCs): EU-approved model contracts
  • Adequacy Decisions: Transfers to countries with adequate protection
  • Privacy Shield Successor: Compliance with any successor framework
  • Explicit Consent: For transfers requiring additional authorization

Regional Data Storage

You can request data residency in specific regions:

  • European Union (GDPR compliance)
  • United States (CCPA compliance)
  • Asia-Pacific (upon request)
  • Additional regions available for Enterprise plans

Cookies and Tracking Technologies

Essential Cookies

  • Session Management: Maintain login state
  • Security Tokens: CSRF protection, authentication
  • Load Balancing: Distribute traffic efficiently
  • User Preferences: Language, timezone settings

Functional Cookies

  • Feature Preferences: Dashboard layout, default views
  • Recent Activity: Last accessed databases
  • Development Tools: API testing preferences

Analytics Cookies

  • Usage Patterns: Feature adoption, user flows
  • Performance Monitoring: Page load times, errors
  • A/B Testing: Experiment variants

Marketing Cookies

  • Campaign Attribution: Track marketing effectiveness
  • Retargeting: Show relevant ads (only with consent)
  • Conversion Tracking: Measure campaign success
  • Browser settings to block/delete cookies
  • Cookie consent banner with granular controls
  • Cookie policy with detailed information
  • Regular cookie audits and updates

Third-Party Services

Essential Services

Services required for core functionality:

  • Stripe: Payment processing (PCI DSS compliant)
  • AWS: Infrastructure hosting (SOC 2 certified)
  • Cloudflare: Security and performance (ISO 27001)

Optional Integrations

Services you can choose to connect:

  • GitHub: Import databases from repositories
  • Slack: Notifications and alerts
  • Zapier: Workflow automation
  • Datadog: Advanced monitoring

Each integration requires explicit authorization and can be revoked at any time.

Children’s Privacy

  • Our Services are not intended for users under 16 years of age
  • We do not knowingly collect data from children under 16
  • If we discover such collection, we delete the data immediately
  • Parents/guardians can contact us to request data removal
  • Educational institutions must obtain parental consent

California Privacy Rights

Rights under CCPA

California residents have additional rights:

  • Right to Know: Categories and specific pieces of personal information collected
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt-out of sale of personal information (we don’t sell data)
  • Right to Non-Discrimination: Equal service regardless of privacy choices

Categories of Information

  • Identifiers: Name, email, IP address
  • Commercial Information: Purchase history, account type
  • Internet Activity: Usage data, interaction logs
  • Professional Information: Company, role

Exercising Your Rights

  • Submit requests via privacy@qrybit.dev
  • Verification required for security
  • Response within 45 days
  • Free service twice per 12-month period

Changes to This Policy

Update Process

  • Material changes announced 30 days in advance
  • Email notification to all active users
  • Prominent banner on website and dashboard
  • Changelog maintained with version history

Review Schedule

  • Annual review and update cycle
  • Immediate updates for legal requirements
  • User feedback incorporated quarterly
  • Industry best practices adoption

Version History

  • Version 2.0 (Current) - January 1, 2025
  • Version 1.5 - July 15, 2024
  • Version 1.0 - January 1, 2024

Contact Information

Primary Contact

Email: privacy@qrybit.dev

Data Protection

Email: data@qrybit.dev

EU

Email: eu-privacy@qrybit.dev

Response Times

  • General inquiries: 2 business days
  • Rights requests: 30 days (GDPR), 45 days (CCPA)
  • Security concerns: 24 hours
  • Urgent matters: Same business day

Thank you for trusting QryBit with your data. We’re committed to maintaining that trust through transparent practices and robust security measures.

Have questions about our privacy practices?

Contact our privacy team for any questions or concerns.

Contact Privacy Team