Back to Home

Privacy Policy

Last updated: February 26, 2026

This Privacy Policy explains how Querylab.io ("we", "us", "our") collects, uses, stores, and protects your personal data when you use Querylab.io (the "Service"), whether through the web application or the desktop application.

1. Data Controller

Querylab.io is the data controller responsible for your personal data. For questions or requests regarding your data, contact us at [email protected].

2. Information We Collect

2.1 Account Information

  • Google OAuth: Email address, display name, and profile picture (collected automatically on first sign-in)
  • Google Scopes: We request Google permissions incrementally. Only BigQuery access is required to use the Service; all others are optional and requested only when you use specific features:
    • BigQuery - Required to run queries (mandatory)
    • Cloud Platform (read-only) - Optional, to list your GCP projects
    • Cloud Platform (full) - Optional, for scheduled queries and saved queries
    • Google Drive (file-level) - Optional, for exporting results to Google Sheets. This scope only grants access to files you explicitly select or create through Querylab.io, not your entire Drive

2.2 Payment Information

  • Stripe processes all payments. We store only your Stripe customer ID and subscription status
  • We never see or store your credit card number, CVV, or full billing details

2.3 SQL Queries and Data

  • Local storage (default): Your SQL queries, tabs, and query history are stored locally in your browser (localStorage and IndexedDB) or desktop app. We do not have access to this data
  • Cloud sync (opt-in): If you enable "Store tabs encrypted on backend" in Settings, your tab data (including SQL query text and editor state) is encrypted with AES-256-CBC on our server before storage in Google Firestore. We cannot read the plaintext content. Query results (the actual data returned by BigQuery) are never stored on our servers
  • Shared queries and notebooks: When you share a query or notebook, it is encrypted client-side using AES-256-GCM. The encryption key exists only in the share URL fragment (never sent to our server). Shared notebooks are sanitized before encryption to remove user-specific fields (e.g., billing project). Shares auto-expire after 7 days
  • Saved queries: Saved queries are stored in Google Cloud Dataform repositories within your own GCP project, governed by your Google Cloud IAM policies
  • Query results: Query results are returned directly from Google BigQuery to your browser or desktop app. We never see, store, or process your query results

2.4 BigQuery Metadata

  • Table names and schemas are cached locally on your device for performance (up to 24 hours)
  • This metadata is never sent to our servers. It may be included in Prism AI conversations if you use AI features, in which case it is sent to the AI provider you select (see Section 2.5)

2.5 AI Conversations (Prism AI)

  • AI conversations are processed through our backend, which routes requests to the AI provider you select (Anthropic, Google, or OpenAI)
  • Conversations are stored locally in your browser (IndexedDB) only. We do not store AI conversations on our servers
  • On desktop, you may use CLI providers (e.g., Claude Code) which process conversations locally without our backend involvement
  • We use the API tier of each provider, where your data is not used for model training by default. Providers may retain data temporarily for abuse monitoring (typically 30-55 days). See each provider's API data policy: Anthropic, OpenAI, Google

2.6 Analytics

  • We collect feature usage and performance metrics (e.g., button clicks, query execution duration, bytes processed) using Firebase Analytics and a custom analytics pipeline
  • We never collect: SQL query text, table names, column names, query results, or any of your BigQuery data in analytics
  • EU users: Firebase Analytics runs in cookieless mode (no tracking cookies are set)
  • Opt-out: You can disable analytics entirely in Settings

2.7 Playground Mode (No Account Required)

  • Playground users are identified by an anonymous ID. We do not collect personal information or use browser fingerprinting for playground users
  • Playground queries are executed on a shared BigQuery project managed by us. Unlike logged-in users (whose queries go directly to their own Google Cloud), playground queries pass through our backend infrastructure
  • We may log playground queries for abuse prevention, service improvement, and enforcing fair-use limits. Do not enter sensitive, confidential, or proprietary information in Playground mode
  • We track aggregate usage (bytes processed, query count) to enforce fair-use limits
  • Playground data is automatically deleted after a period of inactivity

3. Legal Basis for Processing (GDPR)

Processing Activity Legal Basis
Account creation and authentication Contract performance (Art. 6(1)(b))
Payment processing Contract performance (Art. 6(1)(b))
Cloud sync of tabs (opt-in) Consent (Art. 6(1)(a))
AI conversation processing Contract performance (Art. 6(1)(b))
Analytics and product improvement Legitimate interest (Art. 6(1)(f))
Security and abuse prevention Legitimate interest (Art. 6(1)(f))

4. Data Storage and Security

  • Desktop app: Refresh tokens and sensitive credentials are stored in your OS keychain (macOS Keychain, Windows Credential Manager, or Linux Secret Service). Google tokens never leave your device
  • Web app: Authentication tokens are stored in HTTP-only secure cookies with rotation
  • Backend: Data is stored in Google Cloud Platform (Firestore). All data is encrypted at rest by Google Cloud and in transit via TLS
  • Cloud sync: Tab data is encrypted with AES-256-CBC using a server-side key before storage
  • Shared queries and notebooks: End-to-end encrypted with AES-256-GCM. The decryption key is in the URL fragment and never reaches our servers
  • Payments: Processed by Stripe (PCI DSS Level 1 certified)

5. International Data Transfers

Your data may be processed in the United States through our use of Google Cloud Platform, Stripe, and AI providers (Anthropic, Google, OpenAI). These transfers are protected by:

  • EU-US Data Privacy Framework (where applicable)
  • Standard Contractual Clauses (SCCs) as approved by the European Commission
  • The service providers' own GDPR compliance commitments

6. Third-Party Services

Service Purpose Data Shared
Google Cloud Platform Authentication, BigQuery access, data storage Account info, encrypted tab data (if opt-in)
Stripe Payment processing Billing info (managed by Stripe)
Anthropic AI assistance (Prism AI) Conversation content (when selected as provider)
Google AI (Gemini) AI assistance (Prism AI) Conversation content (when selected as provider)
OpenAI AI assistance (Prism AI) Conversation content (when selected as provider)
Firebase Analytics Product analytics Anonymous usage metrics (no PII, cookieless in EU)

7. Data Retention

  • Account data: Retained while your account is active. Deleted within 30 days of account deletion request
  • Payment records: Retained for 7 years per Belgian tax law
  • Shared queries and notebooks: Auto-expire and are deleted after 7 days
  • Analytics data: Retained indefinitely in anonymized form. No personal data is included in analytics (see Section 2.6)
  • Playground usage data: Automatically deleted after inactivity
  • AI conversations: Stored locally in your browser only. Clearing browser data removes all conversations

8. Your Rights (GDPR)

As a data subject under the GDPR, you have the right to:

  • Access: Request a copy of all personal data we hold about you
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Data portability: Receive your data in a structured, machine-readable format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests, including analytics
  • Withdraw consent: Where processing is based on consent (e.g., cloud sync), you may withdraw at any time

To exercise these rights, contact [email protected]. We will respond within 30 days as required by GDPR.

9. Cookies

  • Essential cookies: Used for authentication and session management. These are strictly necessary and do not require consent
  • Analytics: Firebase Analytics uses cookies for non-EU users. EU users receive cookieless analytics. You can opt out entirely in Settings
  • We do not use advertising cookies or third-party tracking cookies

10. Children's Privacy

Querylab.io is not intended for users under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

11. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Belgian Data Protection Authority (APD/GBA) within 72 hours and inform affected users without undue delay, as required by GDPR Articles 33 and 34.

12. Changes to This Policy

We may update this Privacy Policy. Material changes will be announced via email at least 30 days in advance. Continued use of the Service after changes take effect constitutes acceptance.

13. Contact

For privacy inquiries or to exercise your rights:

Email: [email protected]

You also have the right to lodge a complaint with the Belgian Data Protection Authority (APD/GBA) at www.dataprotectionauthority.be.