Privacy Policy
Last updated: April 2026
This Privacy Policy explains how DBAudit collects, uses, and protects information when you use our website and application.
1. Information we collect
Information you provide directly
- Account profile data such as name and email address during sign up.
- Audit input data you submit, such as project name, project URL, API keys, and any optional test account credentials needed to run an audit.
- Saved database template data in your account, including connection identifiers and API keys such as project URL, anon key, or Firebase Web API key when you choose to save them.
Information collected automatically
- Authentication and session metadata, including session timestamps, IP address, and user agent where available.
- Security event logs related to authentication and account security actions.
- Browser theme preference: local storage key `dbaudit-marketing-theme` and a first-party cookie `dbaudit-theme` scoped to our domain so the same choice applies across marketing and app pages.
2. How we use information
- To create and secure accounts and maintain authenticated sessions.
- To run requested audits and deliver findings and reports in the product.
- To store and display your audit history, saved targets, and account settings.
- To enforce abuse protections such as rate limiting and bot checks at signup.
- To monitor security-related activity and investigate suspicious behavior.
3. Security and storage
- DBAudit stores account, session, audit, and security-event data in a PostgreSQL-backed application database.
- Sensitive audit job inputs - including database credentials - are encrypted with AES-256-GCM before storage and deleted as soon as the job completes or fails.
- Data in transit between your browser and DBAudit is encrypted using TLS.
- Access controls are enforced server-side so users can only access data tied to their own account.
While we take reasonable measures to protect your data, we do not warrant or guarantee that our security practices will prevent all unauthorized access, loss, or disclosure. Our obligations here are subject to the disclaimers and limitations of liability in our Terms of Use.
4. Cookies, local storage, and anti-bot services
- DBAudit uses authentication/session cookies required for sign-in and session continuity.
- Theme preference uses local storage (`dbaudit-marketing-theme`) and a first-party cookie (`dbaudit-theme`, where applicable) so light/dark mode stays consistent when you move between our marketing site and the signed-in product.
- Signup protection may use Cloudflare Turnstile. When enabled, Turnstile receives data needed to verify human interaction with the signup form.
5. Sub-processors
DBAudit uses the following third-party providers to operate the service:
| Provider | Purpose |
|---|
| Cloudflare Turnstile | Bot and abuse signals on signup |
| Emailit | Transactional email - auth, verification, contact |
| Creem | Payment processing and billing |
Infrastructure and database hosting providers may change over time. Data is stored and processed in the regions governed by whichever provider is in use at the time.
6. Sharing and disclosure
We do not sell your personal information. We may disclose information where required by law, to enforce our terms, or to protect the security of DBAudit and its users.
7. Data retention
We retain account, session, audit, and related security data while your account is active and as needed for operational, security, and legal purposes.
8. Your choices and requests
You can manage some information directly in your account. For privacy-related requests, contact DBAudit through our official support channels.
9. Changes to this policy
We may update this Privacy Policy to reflect product, legal, or operational changes. The "Last updated" date will be revised when material updates are made.