Security and privacy
Trust Center
A concise view of how datemydata handles source data, AI context, processors and current trust limits. Claims stay deliberately narrow until legal review is complete.
- Operator
- Philipp Senn, datemydata, Zurich
- Legal review
- DPA, TOMs, processors and provider terms are prepared for review.
- Updated
- May 29, 2026
What is in place today
Live SQL stays external
Native SQL live sources are queried in place. Uploads, REST snapshots, document chunks, exports and shares are separate product paths and may be stored encrypted when needed.
Credentials are encrypted
Connections use TLS. Stored connection credentials are encrypted with AES-256-GCM; stronger key-management claims stay out of public copy until reviewed.
Workspace controls
Workspace, role and token boundaries are checked server-side. Audit evidence exists for billing, admin and sensitive operational paths.
Selected AI context
AI providers receive only the context needed for a request, such as schema, tool inputs, query results or document snippets. Provider-specific terms remain under review.
Data flows by source type
The product does not use one blanket data promise. Storage and processing depend on the source type and the feature being used.
| Source path | Storage truth | AI context | Trust status |
| Native SQL live | Source data remains in the connected database; datemydata stores metadata, credentials ciphertext and conversation artifacts. | Selected schema, tool inputs and query results can be sent for the answer. | Allowed claim, source-specific. |
| Files and documents | Files, chunks, snapshots and exports can be stored encrypted in the workspace/object storage. | Relevant snippets or derived context can be used for answers. | Allowed with storage disclosure. |
| REST and remote spreadsheets | Depending on connector and plan, data is processed as snapshot or remote-live context. | Schema, previews and selected result context can be used. | Restricted by source type and plan. |
| AI providers | Provider logging and retention depend on the configured provider terms. | Only request-relevant context is transmitted. | Legal/provider review pending. |
Processor status
This MVP lists operational groups, not a final DPA schedule. Exact regions, DPAs and transfer terms are part of the review packet.
Railway / PostgreSQL
Runtime and primary database for app, workspace and project metadata.
region/DPA pending
Cloudflare / R2
DNS, routing and object storage for uploads and artifacts where configured.
region/DPA pending
Anthropic, OpenAI, Google
AI model providers used according to selected model and internal routing.
provider terms pending
PayPal / Resend
Payment processing, subscription status and transactional email delivery.
DPA/transfer review
Umami self-hosted
First-party, event-oriented analytics when enabled; no new external analytics subprocessor in H1/H2.
cookie/retention review
What we do not claim yet
The current posture is conservative on purpose. These claims stay blocked or restricted until evidence and legal review catch up.
No SOC 2 or ISO claim
datemydata is not presented as SOC 2 or ISO 27001 certified. Certification options remain a future decision.
No EU-only or Swiss-hosting claim
datemydata is operated by a Swiss company, but hosting and provider regions are documented separately and still under review.
No blanket GDPR-compliant claim
Privacy controls are documented, but DPA, TOMs, processors and transfers need legal review before stronger language.
No provider-wide no-training claim
datemydata does not train its own AI models on customer data. Provider-specific logging, retention and training terms are reviewed separately.