DBStencil← Back to home

Legal

Privacy Policy

Last updated: March 16, 2026

Overview

DB Stencil ("we", "our", or "us") is a visual database schema designer. This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to it. We keep this simple because we genuinely believe your data is yours.

What we collect

Account information. When you sign up, we collect your email address and a hashed password (we never store passwords in plain text). If you sign in via OAuth (e.g. GitHub or Google), we receive only the email and profile name from that provider.

Schema data. The database schemas, DBML, and diagrams you create are stored in our database so you can access them across devices. This data belongs to you.

Usage analytics. We use Vercel Analytics to collect anonymous, aggregated page-view data (no cookies, no fingerprinting, no personal identifiers). This helps us understand which features are used most.

Error logs. When something breaks, we log the error and basic request context to diagnose the problem. These logs are retained for 30 days and contain no schema content.

What we don't collect

  • Database credentials or connection strings — we never ask for them
  • Payment information — handled entirely by Stripe, we never see your card details
  • Third-party tracking cookies or ad-network data
  • Device fingerprints or cross-site tracking identifiers

How we use your data

We use your information solely to provide and improve DB Stencil. Specifically:

  • To authenticate you and secure your account
  • To store and sync your schemas across sessions
  • To send transactional emails (password resets, billing receipts)
  • To understand product usage at an aggregate level

We do not sell your data. We do not share it with advertisers. We do not use it to train AI models.

Data storage & security

Your data is stored on Supabase-hosted PostgreSQL in the EU (Frankfurt). Data in transit is encrypted with TLS 1.2+. Data at rest is encrypted by Supabase. Backups are retained for 7 days.

We follow principle-of-least-privilege for internal access: only the minimum staff necessary can query production data, and all access is logged.

Third-party services

We use the following sub-processors:

  • Supabase — database, authentication, storage
  • Vercel — hosting and edge network
  • Stripe — payment processing (paid plans)
  • Resend — transactional email delivery

Each processor is bound by a Data Processing Agreement and is GDPR-compliant.

Your rights

You can request a copy of all data we hold about you, correct inaccurate data, or permanently delete your account and all associated schemas. To do any of these, email us at [email protected] and we'll respond within 5 business days.

If you are in the EU or UK, you also have the right to lodge a complaint with your local data protection authority.

Cookies

We use a single, strictly necessary session cookie to keep you signed in. We set no advertising or analytics cookies. You can clear this cookie at any time by signing out.

Changes to this policy

If we make material changes to this policy, we'll notify you by email and update the "Last updated" date above. Continued use of DB Stencil after a policy change constitutes acceptance of the new policy.

Contact

Questions about this policy? Email us at [email protected].