Privacy Policy

1. Introduction

STEPlus ("we," "our," or "us") operates the ChatWithDB platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered database analytics service. We are committed to protecting your privacy and ensuring the security of your data.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Name (optional)
• Password (encrypted using bcrypt with salt)

2.2 Database Connection Information

To provide our service, we store:

• Database host, port, and database name
• Database credentials (encrypted with AES-256-GCM)
• SSL/TLS configuration preferences
• Connection metadata (type, name, creation date)

2.3 Usage Data

We automatically collect:

• Query history and chat sessions
• Feature usage patterns
• Error logs and performance metrics

3. How We Use Your Information

We use collected information to:

• Provide, maintain, and improve our AI analytics services
• Process natural language queries and generate SQL
• Create visualizations and data exports
• Send service notifications and updates
• Provide customer support
• Detect and prevent fraud or abuse
• Comply with legal obligations

4. Data Security

We implement industry-leading security measures:

• Encryption at Rest: All database credentials are encrypted using AES-256-GCM encryption
• Encryption in Transit: All communications use TLS 1.3
• Access Controls: Role-based access with principle of least privilege
• Authentication: JWT tokens with short expiration and refresh token rotation
• Infrastructure: Hosted on SOC 2 Type II certified infrastructure
• Monitoring: 24/7 security monitoring and intrusion detection

5. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Chat history is preserved and delatable anytime when you want. Upon account deletion, we remove all personal data within 30 days, except where retention is required by law. Anonymized, aggregated data may be retained indefinitely for service improvement.

6. Data Sharing

We do not sell your personal information. We may share data with:

• AI Service Providers: Query text (not database credentials) is sent to AI providers (OpenAI, Anthropic, Google, DeepSeek) to generate SQL. These providers have their own privacy policies.
• Infrastructure Providers: Cloud hosting and CDN services
• Legal Requirements: When required by law or to protect rights
• Business Transfers: In connection with mergers or acquisitions

7. Your Rights

Depending on your location, you may have rights to:

• Access your personal data
• Correct inaccurate data
• Delete your data ("right to be forgotten")
• Export your data in a portable format
• Restrict or object to processing
• Withdraw consent at any time

To exercise these rights, contact us at support@steplus.co.

8. Cookies and Tracking

We use essential cookies for authentication and session management. We use analytics cookies (with consent) to understand usage patterns. You can control cookie preferences in your browser settings. We do not use third-party advertising cookies.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) for transfers outside the EEA/UK.

10. Children's Privacy

ChatWithDB is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If we learn we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 30 days before the changes take effect. Your continued use after changes constitutes acceptance.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: