Privacy Policy

Last updated: 06/15/2026

This Privacy Policy explains how AI-First Analytics, Inc. ("we," "us," or "our") collects, uses, and handles information in connection with samtSQL (the "Service").

This Privacy Policy applies globally, including users located in the European Union and the United Kingdom.

1. Information We Collect

Depending on how you use the Service, we may collect the following categories of information.

a. Information You Provide

• Account information (such as name and email address)
• Billing-related information (handled by third-party payment processors)
• Database connection metadata that you provide for customer-managed database infrastructure access
• Data, queries, files, or other content you upload or submit to the Service ("Customer Data")
• Communications with us (such as support requests or emails)

b. Automatically Collected Information

• IP address
• Browser type, device information, and operating system
• Usage data (such as feature usage, timestamps, and interaction logs)

2. How We Use Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process transactions and manage subscriptions
• Improve functionality, performance, and reliability
• Monitor usage, prevent abuse, and ensure security
• Communicate with you regarding the Service
• Enforce our Terms of Use
• Comply with applicable legal obligations

3. Customer Data and Roles

You retain ownership of all Customer Data you submit to the Service.

Under samtSQL's customer-managed database infrastructure model, your primary data remains in infrastructure that you provision and control. We process Customer Data solely as necessary to provide, maintain, and improve the Service in accordance with our Terms of Use. We do not sell Customer Data.

For data protection purposes:

• We act as a data controller for account, billing, and usage information.
• We act as a data processor for Customer Data processed on your behalf.

4. Sign-In and Third-Party Authentication

You may sign in to samtSQL using Google, GitHub, or a magic link sent to your email address. Authentication is handled by Supabase, our identity provider.

Google Sign-In

When you choose Continue with Google, we receive information from Google that may include your email address, name, profile information, and Google user ID. We use this information solely to:

• Create and manage your samtSQL account
• Authenticate your sessions
• Associate your account with billing and usage records

We store your Google user ID and email address in Supabase Auth and in our application database. We do not access your Google account beyond the basic profile and email scopes required for sign-in (openid, email, profile).

samtSQL's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, sell it to data brokers, or use it for credit-worthiness or lending purposes.

GitHub Sign-In

When you choose Continue with GitHub, we receive your GitHub email address and profile information for the same account-management and authentication purposes described above.

Magic Link Sign-In

When you sign in via magic link, we collect the email address you provide and use it to send a one-time authentication link and to manage your account.

We do not sell authentication data. We share it only with subprocessors necessary to operate the Service, as described in Section 9.

5. Legal Bases for Processing (EU/UK Users)

Where required by applicable law, including GDPR and UK GDPR, we process personal information based on:

• Contractual necessity - to provide the Service and manage accounts
• Legitimate interests - to improve, secure, and monitor the Service
• Legal obligations - to comply with applicable laws and regulations
• Consent - where required, such as optional communications

6. Billing and Payment Processing

Payments are processed by third-party payment processors such as Stripe or Paddle, depending on your location and payment method.

We do not store full payment card information.

7. Data Storage and Security

We use commercially reasonable technical and organizational measures to protect information against unauthorized access, loss, misuse, and alteration.

Connection details and operational metadata are processed to execute authorized operations against your configured database engine. We recommend that you provide credentials with the minimum privileges required for your intended use.

No system is completely secure, and we cannot guarantee absolute security.

8. Data Retention

We retain personal information only as long as needed for the purposes described in this policy, for service operation, or to comply with legal requirements.

Operational logs, request metadata, and service telemetry may be retained for security, abuse prevention, billing, reliability, and audit purposes.

9. Third-Party Services

We use third-party service providers to support the operation of the Service. Depending on how you use samtSQL, information may be processed by:

• Supabase - authentication (Google, GitHub, and magic-link sign-in)
• Stripe or Paddle - payment processing and subscription management
• PromoteKit - affiliate referral tracking; if you arrive via a referral link, your email address may be shared with PromoteKit after you sign in to attribute your account to the referring affiliate
• Hosting, analytics, monitoring, and model inference providers that support Service delivery

These providers process information on our behalf under their own terms and privacy practices. We are not responsible for the privacy practices of third parties.

10. International Data Transfers

Your information may be processed in the United States and other jurisdictions where we or our service providers operate. Where required, we rely on appropriate safeguards such as standard contractual clauses.

11. Your Rights and Account Deletion

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, object, port, or withdraw consent for personal information processing.

You may exercise these rights by contacting us below. We may need to verify your identity before responding.

Requesting Account Deletion

You may request deletion of your account and associated personal data by emailing aifirstanalytics@gmail.com from the email address associated with your account. Upon verification, we will delete or anonymize your authentication identity, application account record, API tokens, and other personal data we control, typically within 30 days, except where retention is required by law or for legitimate operational purposes (such as resolving billing disputes).

Signing out of the Service ends your active session but does not delete your account. To fully remove your data, submit a deletion request as described above.

12. Age Requirements

The Service is not intended for users under the age of 18, consistent with our Terms of Use. We do not knowingly collect personal information from anyone under 18.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Continued use of the Service after changes become effective constitutes acceptance of the updated version.

14. Contact Information

AI-First Analytics, Inc.
aifirstanalytics@gmail.com
Headquartered in New York, USA
Incorporated in Delaware