TL;DR
GraphMyDB parses files locally by default. If you never start co-op, your SQL files, CSVs, and schemas stay in your browser. Optional accounts only store login, entitlement, and billing-related metadata for hosted features. Database content and schema files are not stored as account data.
1. Information We Do Not Collect
GraphMyDB is designed with privacy as a core principle. We do not collect:
- Your database schemas, SQL files, CSV data, or any uploaded files
- Your database contents as durable server-side project storage
- Raw IP addresses or hardware identifiers as stored account fields
- Usage patterns, click tracking, or behavioral analytics
- Cookies for tracking or advertising purposes
All file parsing, schema analysis, and diagram generation happens entirely within your web browser using JavaScript. By default, no schema data is transmitted to our servers or any third party for storage.
2. Optional Accounts and Billing
If you create an account to access hosted features, GraphMyDB stores only the minimum data required to authenticate you and enforce entitlements such as plan status, credit balance, and hosted usage limits. Email/password authentication is handled by Supabase Auth. Billing events may include Lemon Squeezy customer or subscription IDs.
We do not copy your schema files, SQLite databases, CSV contents, or generated diagrams into the account database. Account data is separate from your local working data.
3. Optional Co-op Sessions
If you explicitly enable co-op, GraphMyDB uses network connections to coordinate invited peers. This includes a lightweight signaling layer and peer-to-peer session sync. Invite codes include a room secret, and peers must authenticate with that secret before syncing document updates.
Co-op is optional. We do not store your project as a permanent server-side workspace. However, active collaboration sessions do involve network transmission while the room is live.
4. Local Storage
GraphMyDB may use your browser's localStorage to save non-sensitive user preferences such as:
- Theme preference (light/dark mode)
- Export count (to display a voluntary support prompt)
- Support prompt dismissal state
- Optional collaboration client identifiers used to keep live co-op peers distinct
Hosted account sessions for the website are stored in secure, HttpOnly cookies rather than browser-readable local storage. The VS Code extension webview may keep an isolated local session copy so the extension can continue authenticated API calls inside the webview runtime. The local preference data above never leaves your browser and can be cleared at any time through your browser settings.
5. Analytics
We use Vercel Analytics to collect anonymous, aggregated website performance metrics (page load times, visitor counts). Vercel Analytics is privacy-focused and does not use cookies, does not track individual users, and does not collect personally identifiable information. For more details, see the Vercel Analytics Privacy Policy.
6. Third-Party Services
GraphMyDB links to the following third-party services, each governed by their own privacy policies:
- Supabase - for optional account authentication and account metadata storage
- Lemon Squeezy - for optional subscriptions and credit purchases
- Ko-fi — for voluntary donations ( Ko-fi Privacy Policy)
- VS Code Marketplace — for the GraphMyDB VS Code extension ( Microsoft Privacy Statement)
We are not responsible for the privacy practices of these third-party services.
7. Children's Privacy
GraphMyDB does not knowingly collect any information from children under the age of 13. Since optional account data is limited to authentication and billing metadata, this policy applies to those hosted features as well.
8. Data Security
The website is served over HTTPS. Collaboration routes are designed for ephemeral signaling, and live peers must prove knowledge of the room secret before document sync begins. Optional hosted abuse controls use salted one-way fingerprints instead of storing raw IP addresses. As with any networked feature, active co-op sessions involve data in transit while the room is live.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.
10. Contact
If you have any questions about this Privacy Policy, please contact us at contact@graphmydb.online or visit our Contact page.