Security Posture: 100% Local

Secure by Design. Zero Telemetry.

TableAI is engineered for professional data environments. With a strictly zero-middleman architecture, your credentials, schemas, and query results never leave your local machine.

Zero Tracking SDKs

No analytics trackers, behavior monitors, or advertising components.

Zero Middlemen

Direct SQL connections. No cloud proxy, SaaS relay, or traffic interception.

Hardware Encryption

Passwords and API keys are secured natively via the macOS Keychain enclave.

Active Guardrails

Destructive operations require explicit confirmation. Safe Mode shields read-only data.

Strict Data Isolation

What data actually goes to the LLM?

TableAI enforces strict boundaries. Real database content and security credentials never leave your local machine.

Transmitted Context

Precise structural metadata is packaged to ensure high SQL accuracy without exposing real data.

Schema Metadata

Table names, structures, column names, data types, primary and foreign keys.

Table Statistics

Estimated row counts (e.g. ~1.5K rows) and active grid visible/total counts.

Editor Context

Currently written SQL in the editor, dialect name, enabled extensions, and chat history.

Never Transmitted

Execution happens 100% locally. Your private data stays exactly where it belongs.

Actual Database Rows

Table records, column values, and raw cell data are never read by or sent to the LLM.

Credentials & Passwords

Database passwords, SSH keys, and custom API keys remain isolated in the macOS Keychain.

Query Audit Logs

Local query history and execution audit logs are stored strictly on-device via GRDB.

Direct Pipeline & Storage

Bring Your Own API Key.
Zero Proxies.

Connect directly from your Mac to the model provider over TLS. Unlike traditional database assistants that route your queries through proprietary SaaS gateways, TableAI does not intermediate your traffic.

Direct connection without TableAI proxies
Keys stored strictly in macOS Keychain
Local offline support (Ollama)
No API keys synced to iCloud
Your Mac Local Env
TLS 1.3
Provider LLM API
End-to-End Security Zero Proxies • Encrypted
Any Database. Securely.

Localhost, VPN, and Cloud Connections

Secure Transport Layer

Connect to databases across local networks, corporate VPNs, or public clouds with built-in SSL support. Data is encrypted in transit using production-grade mechanisms:

  • SSL/TLS Modes: Support for Prefer, Require, Verify CA, and Verify Full modes.
  • Custom Trust Stores: Import custom CA certificates for self-signed infrastructure.
  • Mutual Authentication: Full support for client-side certificate validation (mTLS).

Native SSH Tunneling

Establish secure tunnels through bastion hosts without external shell dependencies or full TCP port forwarding:

  • Native Implementation: Utilizes Swift-native libraries; no external `ssh` process spawning.
  • In-Memory Decryption: Private keys remain encrypted on disk and are decrypted solely in volatile memory.
  • Remote SQLite over SSH: Connect to remote servers and query SQLite files directly over the tunnel.
Security Briefing

FAQs for Dev Teams & CTOs

Absolutely not. TableAI sends only structural database metadata (schema layouts, column definitions, table names) and your explicit chat messages to construct the SQL query. Your actual row data, records, and table contents are processed 100% locally on your machine and are never transmitted to the AI.

Passwords, SSH credentials, and LLM API keys are stored exclusively in the macOS Keychain. Sensitive driver-specific configuration values are isolated per connection. You can also configure TableAI to prompt for passwords "every time", keeping them in memory only without persisting them anywhere.

None. TableAI has a zero-middleman architecture. The application connects directly from your Mac to your database, and your Mac communicates directly with your chosen LLM provider (OpenAI, Anthropic, etc.). There is no TableAI proxy relaying or inspecting your traffic. Furthermore, TableAI contains zero telemetry or product analytics tracking.

No. TableAI uses iCloud to synchronize non-sensitive metadata (such as database hostnames, environment tags, and workspace layouts). However, hardware Keychain keys containing passwords and private keys are deliberately excluded and never synchronized to iCloud. You must securely enter your passwords individually on each Mac device.

Yes. TableAI allows you to provide a custom base URL for OpenRouter/OpenAI-compatible endpoints. This means you can point TableAI to a local instance of Ollama, Llama.cpp, or vLLM running on your local network, achieving a completely offline, air-gapped natural language to SQL workflow.