Privacy Policy

Last Updated: January 1, 2026

At Compass, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services, including our desktop application, website, and AI-powered database interaction features.

By using Compass, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly to us, including:

  • Account Information: Email address, name, and password (hashed and encrypted) when you create an account
  • Payment Information: Billing details processed securely through our payment provider, Paddle (we do not store complete payment card information)
  • Communications: Content of messages you send to us (e.g., support requests, feedback)

1.2 Automatically Collected Information

When you use our Services, we automatically collect:

  • Usage Data: Information about how you interact with our Services, including conversation metadata (timestamps, thread IDs), feature usage, and session duration
  • Device Information: Operating system version, application version, and unique device identifiers
  • Log Data: IP address, browser type, access times, and pages viewed when using our website

1.3 AI Interaction Data

To provide our AI-powered database assistance:

  • Conversation History: Your questions and AI responses are stored to enable conversation continuity and semantic memory features
  • Working Memory: Task lists and AI-generated analysis stored temporarily during active sessions
  • Database Investigation Data: When the AI investigates your database structure and schema, limited query results are sent to our AI service (Anthropic) for analysis. This helps the AI understand your database to generate accurate queries.
  • Query Metadata: Information about database queries generated by the AI, including SQL statements and execution patterns

1.4 Important Privacy Information

  • Database Credentials: Connection strings and passwords are stored exclusively on your local device using OS-native secure storage (keytar). We never have access to your database credentials.
  • Investigation Queries: When the AI investigates your database (e.g., exploring table structures, schemas, or sample data), limited query results are transmitted to our servers and Anthropic's AI service for analysis. You should be aware that this data is processed by third-party AI services.
  • Final Query Results: Results from final queries (displayed in the UI) remain local to your device and are not transmitted to our servers or AI services.
  • Data Minimization: Investigation queries are designed to use LIMIT clauses to minimize the amount of data transmitted. However, database schema information, table names, column names, and sample records may be sent to AI services.

2. How We Use Your Information

We use the collected information to:

  • Provide and Maintain Services: Deliver the core functionality of Compass, including AI-powered database assistance
  • Process Payments: Handle subscription billing and payment processing
  • Improve Our Services: Analyze usage patterns to enhance features, fix bugs, and develop new capabilities
  • Personalization: Enable features like conversation history, semantic memory recall, and custom themes
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Communications: Send service-related announcements, updates, and support messages
  • Compliance: Comply with legal obligations and enforce our Terms of Use

3. Third-Party Services and Data Sharing

We use select third-party services to operate Compass. We do not sell your personal information.

3.1 Third-Party Service Providers

  • Anthropic: AI model provider (Claude Sonnet 4.5) that processes your questions, conversation context, and database investigation query results to generate responses. When the AI investigates your database, query results including schema information, table structures, and limited sample data are transmitted to Anthropic's servers for analysis. Subject to Anthropic's privacy policy and data retention practices.
  • Paddle: Payment processing and subscription management. Paddle collects and processes payment information. Subject to Paddle's privacy policy.
  • Supabase: Authentication and database services for user accounts and subscription data. Subject to Supabase's privacy policy.

3.2 When We May Disclose Information

We may disclose your information in the following circumstances:

  • Legal Requirements: When required by law, subpoena, or legal process
  • Protection of Rights: To protect our rights, property, or safety, or that of our users or the public
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (users will be notified)
  • With Your Consent: When you explicitly authorize disclosure

4. Data Storage and Security

4.1 Where We Store Data

  • Cloud Storage: Account information, conversation history, and usage data are stored on secure cloud infrastructure (Supabase, LibSQL)
  • Local Storage: Database credentials, application settings, and cached conversation history are stored on your device using encrypted storage

4.2 Security Measures

We implement industry-standard security measures to protect your information:

  • Encryption: Data in transit is encrypted using TLS/SSL; database credentials are stored using OS-native secure storage (macOS Keychain, Windows Credential Manager)
  • Authentication: Secure authentication via Supabase with support for OAuth providers (GitHub)
  • Access Controls: Strict internal access policies and role-based permissions
  • Regular Audits: Periodic security assessments and vulnerability scanning

However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

  • Account Data: Retained for the duration of your account plus a reasonable period after deletion to comply with legal obligations
  • Conversation History: Stored indefinitely unless you delete conversations or your account
  • Payment Records: Retained as required by tax and accounting regulations (typically 7 years)
  • Log Data: Retained for up to 90 days for security and analytics purposes

6. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Data Portability: Request your data in a machine-readable format
  • Opt-Out: Opt out of marketing communications (service-related messages may still be sent)
  • Objection: Object to certain processing of your information

To exercise these rights:

  • Email us at: support@compass.example.com
  • Use the account settings in the dashboard
  • Delete conversations directly in the desktop app

We will respond to verified requests within 30 days. Note that we may need to verify your identity before processing certain requests.

7. Children's Privacy

Compass is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will take steps to delete such information promptly.

8. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to:

  • Maintain your session and authentication state
  • Remember your preferences and settings
  • Analyze usage patterns and improve our Services

You can control cookies through your browser settings. Note that disabling cookies may affect functionality.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using our Services, you consent to the transfer of your information to the United States and other countries where we operate.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information (with certain exceptions)
  • Right to opt out of the "sale" of personal information (we do not sell data)
  • Right to non-discrimination for exercising CCPA rights

To exercise these rights, contact us at support@compass.example.com.

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

  • Right of access and data portability
  • Right to rectification and erasure
  • Right to restrict or object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

Our lawful bases for processing include: contract performance, legitimate interests, and consent (where applicable).

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our website with a new "Last Updated" date
  • Sending an email notification to your registered email address
  • Displaying a notice in the desktop application

Your continued use of our Services after such notification constitutes acceptance of the updated Privacy Policy.

13. Do Not Track Signals

Our Services do not currently respond to "Do Not Track" signals from browsers. However, you can control tracking through your browser settings and cookie preferences.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Our Commitment to Your Privacy

We are committed to transparency and protecting your privacy. Your database credentials and data stay on your device. We only collect what's necessary to provide and improve our AI-powered services.

Testimonials

What our users say

See what our customers have to say about us.

I love how I can just ask questions in plain English instead of writing complex SQL. The conversation history is a game-changer—I can pick up right where I left off days later.
Briana Patton
Briana Patton
Operations Manager
The AI remembers context from earlier in our conversation, which makes exploring our PostgreSQL database feel like talking to a knowledgeable colleague. Saves me hours every week.
Bilal Ahmed
Bilal Ahmed
Data Analyst
Being able to switch between our production and staging databases in one place is incredibly convenient. The Ocean Breeze theme is easy on my eyes during long sessions.
Saman Malik
Saman Malik
Backend Developer
I love how I can just ask questions in plain English instead of writing complex SQL. The conversation history is a game-changer—I can pick up right where I left off days later.
Briana Patton
Briana Patton
Operations Manager
The AI remembers context from earlier in our conversation, which makes exploring our PostgreSQL database feel like talking to a knowledgeable colleague. Saves me hours every week.
Bilal Ahmed
Bilal Ahmed
Data Analyst
Being able to switch between our production and staging databases in one place is incredibly convenient. The Ocean Breeze theme is easy on my eyes during long sessions.
Saman Malik
Saman Malik
Backend Developer
    Privacy Policy | Compass