Privacy Policy

Last updated: May 1, 2026

dbOrbit is built around a single rule: your database credentials, queries, and data never leave your device. This policy explains what we do collect, what we never collect, and the rights you have over your information.

1. Local-First Architecture

dbOrbit is a local-first application. All sensitive data — database credentials, SSH private keys, connection configurations, saved queries, query history, schema cache, and recovery email — is stored exclusively on your device.

We use the platform's hardware-backed secure enclave (iOS Keychain on iPhone and iPad, Android Keystore on Android) combined with AES-256 encryption via SQLCipher for all application-level storage. The encryption key is generated randomly on first launch, stored in the secure enclave, and never transmitted off the device.

The only exceptions are explicitly opt-in or strictly limited: anonymized analytics, recovery-email OTP delivery, and GitHub backup (when you choose to enable it). These are described below.

2. Data We Collect

We collect a minimal amount of anonymized usage telemetry to improve the application. Every event passes through an on-device privacy scrubber before transmission.

Product analytics (Mixpanel)

• App events: screen views, feature usage flags (e.g. "connection created", "query executed"), session duration
• Device class (phone vs. tablet) and operating-system family (iOS / Android)
• App version and build number
• A randomly generated install identifier — not linked to any account, email, or device fingerprint

Crash and performance reporting (Sentry)

• Anonymized stack traces with file paths and line numbers
• Device model category and OS version
• Performance metrics: screen render times, navigation timings, memory pressure events

Both providers receive only data that has been scrubbed of any potentially sensitive content on the device prior to network transmission. You can disable analytics entirely from Settings → Appearance.

3. Data We Never Collect

The following data is never collected, transmitted, logged, or stored on our servers under any circumstances:

• Database passwords, SSH private keys, or any connection credentials
• SQL query content, query results, execution plans, or query parameters
• Database names, table names, column names, or schema details
• Host addresses, IP addresses, port numbers, or connection strings
• Recovery email addresses (for auth purposes only — not stored on our servers in any record we can read)
• PIN codes, biometric identifiers, or authentication tokens
• Any data stored in or retrieved from your connected databases
• Keystroke logs, clipboard contents, screen recordings, or screenshots

Our analytics infrastructure is designed so that it is technically impossible for sensitive database information to reach our servers. The on-device scrubber operates on event payloads before they are serialized for network transmission.

4. Third-Party Services

The following processors are involved in delivering the service:

• Mixpanel — anonymized product analytics (privacy policy)
• Sentry — crash and performance reporting (privacy policy)
• RevenueCat — subscription state and entitlement sync (privacy policy)
• ZeptoMail (Zoho) — recovery-email OTP delivery (privacy policy)
• GitHub — when you opt-in to encrypted backup, your encrypted backup blob is stored in your own GitHub repository (privacy policy)
• Apple App Store / Google Play — app distribution and in-app purchase processing (subject to platform privacy policies)

We do not sell, rent, or trade personal information to any third party for marketing purposes.

5. Encryption & Security

On the device, all sensitive storage uses AES-256 via SQLCipher, PBKDF2-SHA256 for PIN hashing, and AES-256-GCM with a PIN-derived key for optional GitHub backup. Network traffic to your databases uses TLS via the operating system's networking stack. SSH tunneling uses standard SSHv2 with password or key authentication.

For a deeper technical overview, see our Security architecture page.

6. Data Retention

• Local data — retained on your device until you uninstall the app or use Settings → Security → Clear All Data
• Anonymized analytics events — retained for up to 12 months, then aggregated and deleted
• Crash and performance reports — retained for 90 days
• Hosted database data — retained for 30 days after subscription cancellation
• Customer support correspondence — retained for 24 months from the date of last contact
• Subscription / billing records — retained as required by tax and accounting laws (typically 7 years)

7. Your Rights — GDPR (European Economic Area, UK, Switzerland)

If you are located in the EEA, the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation and equivalent laws:

• Right of access — request a copy of personal data we process about you
• Right to rectification — request correction of inaccurate or incomplete data
• Right to erasure ("right to be forgotten") — request deletion of your personal data, subject to legal retention obligations
• Right to restriction of processing — request that we limit processing in certain circumstances
• Right to data portability — receive your data in a structured, commonly used, machine-readable format
• Right to object — object to processing based on legitimate interests, including profiling
• Right to withdraw consent — withdraw any consent previously given, without affecting the lawfulness of processing prior to withdrawal
• Right to lodge a complaint — with your local data protection authority

The legal bases on which we rely include: performance of a contract (delivering the app and any subscription you have purchased), legitimate interests (improving the app, preventing abuse, securing the service), and consent (analytics, recovery-email OTP). To exercise any right, email support@dborbit.io. We respond within 30 days.

8. Your Rights — CCPA / CPRA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

• Right to know — what personal information we collect, the sources, purposes, and any third parties with whom it is shared
• Right to delete — request deletion of personal information we have collected
• Right to correct — request correction of inaccurate personal information
• Right to opt out of sale or sharing — we do not sell or share personal information for cross-context behavioral advertising
• Right to limit use of sensitive personal information — we do not collect sensitive personal information beyond what is described in this policy
• Right of non-discrimination — you will not receive degraded service for exercising any of these rights

To exercise these rights, email support@dborbit.io. We will verify your identity using the email address associated with your account and respond within 45 days, with one 45-day extension permitted under the CCPA.

9. International Data Transfers

dbOrbit operates from the United States. Anonymized analytics may be processed by Mixpanel (United States) and Sentry (United States, with European data-region option). Where personal data is transferred from the EEA, UK, or Switzerland to the United States or another third country, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission, as supplemented by the UK International Data Transfer Addendum where applicable
• The EU-U.S. Data Privacy Framework (or its successor mechanism) where the recipient is certified
• Additional safeguards such as encryption in transit (TLS) and at rest (AES-256)

10. Children's Privacy

dbOrbit is a developer tool and is not directed to children under the age of 16. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, contact us at support@dborbit.io and we will delete it. This policy is consistent with the Children's Online Privacy Protection Act (COPPA) and the GDPR's Article 8 protections for children.

11. Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top of the page reflects the latest revision. Material changes — those that meaningfully expand the scope of data collection or change the legal basis for processing — will be communicated via in-app notification at least 14 days before they take effect. Continued use of the app after the effective date constitutes acceptance of the revised policy.

12. Contact

For privacy questions, data subject requests, or any other matter related to this policy, please contact:

• Email: support@dborbit.io
• Subject line: "Privacy request" — for fastest routing
• Postal: Metronio Technologies (postal address available on request)

For users in the EEA / UK, you may also lodge a complaint with your local supervisory authority.