DBAudit
Sign inGet started

Privacy Policy

Last updated: April 2026

This Privacy Policy explains how DBAudit collects, uses, and protects information when you use our website and application.

1. Information we collect

Information you provide directly

  • Account profile data such as name and email address during sign up.
  • Audit input data you submit, such as project name, project URL, and credentials needed to run an audit.
  • Saved database template data in your account, including project URL and optional anon key when you choose to save it.

Information collected automatically

  • Authentication and session metadata, including session timestamps, IP address, and user agent where available.
  • Security event logs related to authentication and account security actions.
  • A local browser preference value used for marketing site theme selection (`dbaudit-marketing-theme`).

2. How we use information

  • To create and secure accounts and maintain authenticated sessions.
  • To run requested audits and deliver findings and reports in the product.
  • To store and display your audit history, saved targets, and account settings.
  • To enforce abuse protections such as rate limiting and bot checks at signup.
  • To monitor security-related activity and investigate suspicious behavior.

3. Security and storage

  • DBAudit stores account, session, audit, and security-event data in a PostgreSQL-backed application database.
  • Certain sensitive audit job inputs are encrypted before they are stored for queued and scheduled audit execution.
  • We apply server-side validation and access controls so users can only access data tied to their own account.

4. Cookies, local storage, and anti-bot services

  • DBAudit uses authentication/session cookies required for sign-in and session continuity.
  • The marketing site uses browser local storage for theme preference only, based on the `dbaudit-marketing-theme` key.
  • Signup protection may use Cloudflare Turnstile. When enabled, Turnstile receives data needed to verify human interaction with the signup form.

5. Sharing and disclosure

We do not sell your personal information. We may disclose information where required by law, to enforce our terms, or to protect the security of DBAudit and its users.

6. Data retention

We retain account, session, audit, and related security data while your account is active and as needed for operational, security, and legal purposes.

7. Your choices and requests

You can manage some information directly in your account. For privacy-related requests, contact DBAudit through our official support channels.

8. Changes to this policy

We may update this Privacy Policy to reflect product, legal, or operational changes. The "Last updated" date will be revised when material updates are made.