Privacy Policy

1. Data Controller

For the purposes of the GDPR and other applicable data protection laws, the data controller is:

2. Apple App Privacy Details

In accordance with Apple's App Store requirements, we declare the following regarding the data categories defined by Apple:

• •Data Not Linked to You: We do not link any data to your identity.
• •No Tracking: We do not track you. We do not link data collected from our app with third-party data for advertising purposes, or share data with a data broker.

3. Data Collection and Usage

We do not collect any personal data. We have designed TableAI so that we do not have access to your information.

• •No Accounts: We do not require you to create an account with us.
• •No Analytics: We do not use third-party analytics SDKs (like Google Analytics, Mixpanel, or Firebase) to track your behavior or usage within the app.
• •No Server Storage: We do not operate servers that store your database connections, SQL queries, or chat logs.
• •No Advertising: We do not display third-party advertisements in our app.

4. Where Your Data Is Stored

All data generated or used by TableAI resides in two places, both under your control:

1. Locally on Your Device: Your database connection details, API keys, and chat history are stored locally on your Mac using macOS native storage and Keychain.
2. iCloud (Apple): If you have iCloud enabled on your device, the app uses Apple's native CloudKit to sync your settings and data between your devices. This data is stored on Apple's servers, is encrypted end-to-end, and is governed by Apple's Privacy Policy. We (the Developer) cannot decrypt or access this data.

5. Use of Artificial Intelligence (BYOK)

TableAI allows you to interact with Large Language Models (LLMs) to generate SQL queries. This feature operates on a "Bring Your Own Key" (BYOK) model.

• •Supported Providers: TableAI supports multiple AI providers including OpenAI, Anthropic, Google, OpenRouter, Amazon Bedrock, Microsoft Azure OpenAI, and others. We may add support for additional providers in the future.
• •Data Transmission: When you send a message in the chat interface, the text of your message and relevant database schema information (table names, column names) are transmitted directly from your device to the third-party AI provider associated with the API Key you provided.
• •No Intermediary: This data goes directly to the AI provider. It does not pass through our servers.
• •Your Responsibility: You are responsible for the data you send to AI providers. Do not send sensitive personal data, confidential business information, or data protected under GDPR/CCPA to AI services unless you have reviewed and accepted the provider's data processing terms.
• •Third-Party Policies: We are not responsible for how third-party AI providers handle your data. Please review the privacy policy of your chosen provider:

6. Third-Party Services

Our app interacts with the following third parties:

7. Apple's Collection of Data

While we do not collect data, Apple Inc. automatically collects certain non-personal technical data related to the installation and performance of the App:

• •App Store Analytics: Apple may provide us with anonymous, aggregated statistics regarding downloads, sales, and crash reports. This data does not personally identify you and is processed by Apple as a data processor.
• •Crash Reports: If you opt in to share crash data with developers via macOS settings, Apple may share anonymized crash logs with us to help improve app stability.
• •Payments: All subscriptions and purchases are processed by Apple. We do not have access to your credit card information, billing details, or Apple ID.

8. Legal Basis for Processing (GDPR)

Under Article 6 of the GDPR, our legal bases for processing any data are:

• •Contract Performance: Processing necessary for the performance of the contract between you and us (providing the app functionality).
• •Consent: Where you choose to sync via iCloud or send data to AI providers, you do so by your own affirmative action.
• •Legitimate Interests: For responding to support inquiries you initiate.

Since we do not collect personal data on our servers, most GDPR processing obligations do not apply to us directly. Your data remains under your sole control.

9. Data Retention

• •Local Data: Retained on your device until you delete the app or clear its data. You control retention.
• •iCloud Data: Retained in your iCloud account until you delete it via iCloud Storage settings. Governed by Apple's retention policies.
• •Support Communications: If you email us for support, we retain correspondence for up to 2 years to provide ongoing assistance, then delete it unless legally required to retain.

10. Security

We take the security of your data seriously, even though we do not hold it ourselves.

• •Local Encryption: We rely on the native security features of macOS, including Keychain, to protect data stored on your device.
• •API Keys: Your third-party API keys are stored securely in macOS Keychain.
• •Transmission: Communications between the App and your database, or the App and AI providers, use HTTPS/TLS encryption.
• •No Cloud Servers: We do not operate backend servers that could be breached.

No method of transmission over the internet or electronic storage is 100% secure. While we use commercially acceptable means to protect your information, we cannot guarantee absolute security.

11. Your Rights Under GDPR (EU/EEA Users)

Under the General Data Protection Regulation (GDPR), you have the following rights. Because we do not collect or store your data on our servers, exercising most rights is straightforward:

• •Right to Access (Art. 15): You already have all your data on your device.
• •Right to Rectification (Art. 16): You can edit your connections and settings directly in the app.
• •Right to Erasure (Art. 17): Uninstall the app and delete local application support folders. For iCloud, delete via iCloud Storage settings.
• •Right to Restriction (Art. 18): You can stop using specific features at any time.
• •Right to Portability (Art. 20): Export your data from the app at any time.
• •Right to Object (Art. 21): Since we do not process your data, there is nothing to object to.
• •Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your EU member state. A list of authorities is available at edpb.europa.eu.

12. Your Rights Under CCPA (California Users)

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have specific rights:

• •Right to Know: We do not collect personal information about you.
• •Right to Delete: Delete the app and its local data to remove all information.
• •Right to Opt-Out of Sale: We do not sell your personal information. We have never sold personal information.
• •Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise any rights, contact us at mail@tableai.org.

13. International Data Transfers

When you use AI services via BYOK, your data may be transferred to servers located outside your country:

• •AI Providers: The AI providers supported by TableAI (OpenAI, Anthropic, Google, OpenRouter, Amazon AWS, Microsoft Azure, and others) may process data in the United States or other countries where they operate data centers. These transfers are initiated by you when you use the AI features with your own API keys.
• •iCloud: Apple stores iCloud data in accordance with their privacy policy, which may include servers in various countries.
• •Safeguards: When you choose to use these services, you consent to such transfers. We recommend reviewing each provider's data transfer mechanisms and safeguards. Many providers offer EU data residency options or have Data Processing Agreements (DPAs) that comply with GDPR requirements.

14. Children's Privacy

TableAI is not intended for use by anyone under the age of 13 (or under 16 in the EU/EEA). We do not knowingly collect personally identifiable information from children. If you are a parent or guardian and believe your child has provided personal data to a third-party service via our app, please contact the relevant service provider directly and contact us so we can assist.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. For significant changes, we may notify you through the app or via other means.

We encourage you to review this Privacy Policy periodically. Your continued use of the app after changes constitutes acceptance of the updated policy.

16. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have concerns about our privacy practices, please contact us: