Dabase

Privacy Policy

Last Updated: June 28, 2025

This Privacy Policy describes how Simon Mathewson ("we", "us", or "our") collects, uses, and shares information in connection with your use of the Dabase application, including the website (https://dabase.dev) and related services (collectively, the "Service"). We are committed to protecting your privacy and handling your data in an open and transparent manner, in compliance with the General Data Protection Regulation (GDPR).

1. Data Controller

The data controller responsible for your personal data is:

Simon Mathewson
c/o Postflex #9085
Emsdettener Str. 10
48268 Greven
Germany
Email: dabase@simonmathewson.com

2. General Principles of Data Processing

Dabase is designed with a "local-first" approach. This means that core functions of the application run directly on your device, and we do not have access to your databases or the data within them. All database queries and data processing happen locally.

3. Data We Collect and Why

a) When You Visit Our Website

When you access our website https://dabase.dev, your browser automatically transmits data to our server. This data is temporarily stored in a log file and may include:

  • Your IP address
  • Date and time of access
  • Name and URL of the retrieved file
  • The website from which the access was made (Referrer URL)
  • The browser you are using and, if applicable, the operating system of your computer

This data is processed for the legitimate interest of ensuring a smooth connection, guaranteeing the security and stability of the system, and for administrative purposes (Art. 6(1)(f) GDPR).

b) When You Create a Free Account

If you choose to create a free account to sync your database connections, we collect the following personal data:

  • Email Address
  • Password (hashed)

This data is processed for the purpose of providing the account and sync functionality, which constitutes the performance of a contract with you (Art. 6(1)(b) GDPR).

c) When You Save Connections to Your Account

If you use an account, you can save your database connection configurations to our cloud infrastructure. You have control over what is saved:

  • You can choose whether to save passwords for your connections.
  • If you opt to save them, you can choose to store them in an encrypted format.

The legal basis for processing this data is the performance of the service you requested (Art. 6(1)(b) GDPR).

d) When You Use the AI Feature (Gemini API)

Dabase offers an optional integration with the Google Gemini API.

  • To use this, you must provide your own Gemini API key.
  • When used, your prompt and the database schema definitions (table structures, column names, types) are sent to the Google Gemini API.
  • We do not send any of your actual database content.
  • The processing of this data is initiated by you. We do not act as the data controller for the information you send to Google. Your use of this feature is subject to Google's Privacy Policy.

e) Google Analytics

We use Google Analytics to understand how users interact with our website, which helps us improve the Service.

  • Legal Basis: We will only use Google Analytics if you have given your explicit consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time through the cookie settings on our website.
  • IP Anonymization: We have activated IP anonymization, so your IP address is truncated by Google within the European Union or other parties to the Agreement on the European Economic Area before being transmitted to the USA.
  • Data Processing Agreement: We have a data processing agreement (DPA) with Google.

4. Data Storage and Location

All data related to your optional cloud account (email, hashed password, connection settings) is stored on servers provided by Amazon Web Services (AWS).

  • Location: The servers are located in Frankfurt am Main, Germany.
  • This ensures that your data is stored within the European Union and benefits from the high data protection standards of the GDPR.

5. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of Access (Art. 15 GDPR): You can request information about your personal data that we process.
  • Right to Rectification (Art. 16 GDPR): You can request the correction of inaccurate or incomplete personal data.
  • Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR): You can request the deletion of your personal data stored by us.
  • Right to Restriction of Processing (Art. 18 GDPR): You can request that we restrict the processing of your personal data.
  • Right to Data Portability (Art. 20 GDPR): You can request to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to Object (Art. 21 GDPR): You can object to the processing of your personal data based on legitimate interests.
  • Right to Withdraw Consent (Art. 7(3) GDPR): You can withdraw your consent at any time (e.g., for Google Analytics).
  • Right to Lodge a Complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority.

To exercise your rights, please contact us using the details provided in Section 1.

6. Data Security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction, or unauthorized access by third parties. This includes encrypting sensitive data like passwords.

7. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons.

Back to Home
© 2025 Simon Mathewson
ImprintTerms of UsePrivacy Policy