Privacy Policy

Last updated: May 5, 2026

iDBQuery is a product of Intrazero. This policy explains what data we collect when you use the iDBQuery website (idbquery.com) and the iDBQuery web app, how we process it, and the choices you have. It applies in addition to any data-processing addenda we have signed with paying customers.

1. Data we collect

Account data: name, email address, hashed password (we never store plaintext passwords), workspace and project memberships, role.
Connected sources: the metadata you provide to connect a database, file, or live spreadsheet — host, port, database name, OAuth tokens, etc. Credentials are encrypted at rest with authenticated symmetric encryption (Fernet) and decrypted only server-side at query time.
Mirrored content: when you connect a Live Spreadsheet (Google Sheets / Excel Online), file upload, or BIM source, we cache the data you select into a per-source SQLite file so chat tools can answer fast. You choose which workbooks and tabs are mirrored. Removing the source deletes the cache.
Conversation history: chat messages, tool calls, query results, and produced artifacts (charts, tables, dashboards) are stored against your account so you can revisit them.
Telemetry: server-side request logs (path, status, timing) and limited application-event logs for reliability and abuse prevention. We do not run third-party analytics or advertising trackers on the marketing site or the app.

2. How we use the data

To operate the service: authenticate you, enforce permissions, run queries against your sources, render dashboards, and deliver email notifications you opt into.
To improve reliability: investigate errors, identify abuse, maintain capacity. We do not use customer data to train AI models.
To bill the service when applicable.

3. Use of Google APIs (Sheets / Drive)

iDBQuery's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Scopes we request: drive.file and spreadsheets.readonly. These grant access only to the specific spreadsheets or Google Docs you explicitly select via Google's Drive Picker; we cannot enumerate or read other files in your Drive. We may also request spreadsheets if you opt into write-back at the source level. Google Docs imports use the same drive.file scope — no additional permission required.
What we do with the data: For Sheets, we mirror rows of the tabs you pick into a per-source SQLite cache so the chat and report tools can answer fast. For Docs, we export the file as .docx and index its text into the same per-source store for semantic search. We do not sell, advertise against, or use this data for any purpose other than providing the service to you.
What we do not do: We never use Google user data to develop, improve, or train generalized AI/ML models. We never transfer Google user data to third parties for advertising, analytics, or unrelated services. We do not allow humans to read Google user data except (a) with your explicit consent, (b) for security investigations, (c) where required by law, or (d) when the data has been aggregated and anonymized for internal operations.
Deletion: removing a Google Sheets source from iDBQuery deletes the per-source SQLite mirror, cached workbook/tab metadata, and associated schema memory. Removing a Google Doc from a folder source deletes the exported .docx, all derived chunks, and embeddings. Revoking the OAuth grant from myaccount.google.com/permissions also stops all future API calls.

4. Use of Microsoft Graph (Excel Online)

Scopes: Files.Read.Selected, User.Read, offline_access. As with Google, we can only see workbooks you explicitly grant via the OneDrive Picker.
Same retention, deletion, and non-training commitments as Google data above.
You can revoke access at any time via myaccount.microsoft.com.

5. Sharing

We share data only with infrastructure providers strictly necessary to run the service (cloud hosting, transactional email, AI inference providers when you use chat — see below). We do not sell data. We do not share data with advertising networks. We disclose data when legally compelled, and we'll notify you unless prohibited from doing so.

6. AI inference

When you use the chat or report-builder, prompts and tool inputs (which can include rows from your sources) are sent to our AI model providers. We use providers with contractual commitments not to train on customer data. The list of providers is on our Security page; it changes as we evaluate new options.

7. Retention

Account data: kept while your account is active; deleted within 30 days of account deletion.
Source mirrors: deleted when the source is removed.
Audit logs: retained for at least 90 days for security; longer for paid plans with regulated retention requirements.
Marketing-site logs: 30 days.

8. Your rights

You can request access to, correction of, or deletion of your personal data at any time. EU/UK customers have the rights granted by GDPR/UK GDPR; California customers, the rights of the CCPA/CPRA. Email [email protected] and we'll respond within 30 days.

9. Security

See /security for a full account of encryption, RBAC, audit logging, and incident response.

10. Children

iDBQuery is not directed to children under 13 (or 16 in the EU). We do not knowingly collect data from children.

11. Changes to this policy

We'll post material changes here and notify active users by email. The "Last updated" date at the top reflects the current version.

12. Contact

Intrazero · [email protected] · Contact us

Last updated: May 5, 2026

1. Data we collect

Account data: name, email address, hashed password (we never store plaintext passwords), workspace and project memberships, role.

Connected sources: the metadata you provide to connect a database, file, or live spreadsheet — host, port, database name, OAuth tokens, etc. Credentials are encrypted at rest with authenticated symmetric encryption (Fernet) and decrypted only server-side at query time.

Mirrored content: when you connect a Live Spreadsheet (Google Sheets / Excel Online), file upload, or BIM source, we cache the data you select into a per-source SQLite file so chat tools can answer fast. You choose which workbooks and tabs are mirrored. Removing the source deletes the cache.

Conversation history: chat messages, tool calls, query results, and produced artifacts (charts, tables, dashboards) are stored against your account so you can revisit them.

Telemetry: server-side request logs (path, status, timing) and limited application-event logs for reliability and abuse prevention. We do not run third-party analytics or advertising trackers on the marketing site or the app.

2. How we use the data

To operate the service: authenticate you, enforce permissions, run queries against your sources, render dashboards, and deliver email notifications you opt into.

To improve reliability: investigate errors, identify abuse, maintain capacity. We do not use customer data to train AI models.

To bill the service when applicable.

3. Use of Google APIs (Sheets / Drive)

iDBQuery's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Scopes we request: drive.file and spreadsheets.readonly. These grant access only to the specific spreadsheets or Google Docs you explicitly select via Google's Drive Picker; we cannot enumerate or read other files in your Drive. We may also request spreadsheets if you opt into write-back at the source level. Google Docs imports use the same drive.file scope — no additional permission required.

What we do with the data: For Sheets, we mirror rows of the tabs you pick into a per-source SQLite cache so the chat and report tools can answer fast. For Docs, we export the file as .docx and index its text into the same per-source store for semantic search. We do not sell, advertise against, or use this data for any purpose other than providing the service to you.

What we do not do: We never use Google user data to develop, improve, or train generalized AI/ML models. We never transfer Google user data to third parties for advertising, analytics, or unrelated services. We do not allow humans to read Google user data except (a) with your explicit consent, (b) for security investigations, (c) where required by law, or (d) when the data has been aggregated and anonymized for internal operations.

Deletion: removing a Google Sheets source from iDBQuery deletes the per-source SQLite mirror, cached workbook/tab metadata, and associated schema memory. Removing a Google Doc from a folder source deletes the exported .docx, all derived chunks, and embeddings. Revoking the OAuth grant from myaccount.google.com/permissions also stops all future API calls.

5. Sharing

6. AI inference