Mask Databases
DocumentationPricingLoginGet started

Privacy Policy

Last updated: April 15, 2026

This Privacy Policy describes how Mask Databases ("we", "us", "our") collects, uses, stores, and shares personal information when you use Mask Databases (the "Service") — a platform for working with databases through natural-language prompts (for example in English) instead of writing traditional queries and schemas by hand—the compiler turns those prompts into real database code, and Mask Databases stores and syncs that compiled output, exposes APIs, and provides documentation so your team stays aligned.

The Service is operated from Pakistan and may be used by customers locally and internationally. By using the Service, you agree to this Policy. If you do not agree, please do not use the Service.

1. Who we are

The Service is provided by Mask Databases. For privacy requests, contact contact@maskdatabases.com.

2. Information we collect

  • Account and profile data: name, email address, password (stored using strong one-way hashing — we do not store your plain password), optional profile details you choose to provide, and security settings such as two-factor authentication configuration.
  • Usage and technical data: IP address, browser type, device identifiers where available, timestamps, pages or screens viewed, API usage, compile and sync activity associated with your projects, and diagnostic logs needed to operate and secure the Service.
  • Project and content data: project names, API keys we issue for your projects, and data you upload or sync through the Service (for example compiled prompts, models, metadata, and related artifacts) as required to provide sync and collaboration features.
  • Payment-related data: subscriptions are purchased through Paddle (paddle.com), our Merchant of Record. Paddle collects and processes your card or wallet details; we do not receive or store your full card numbers or CVV. We store limited billing metadata returned by Paddle — such as your Paddle customer ID, subscription ID, plan name, billing period dates, and transaction references — needed to activate and manage your subscription on our platform.
  • Cookies and similar technologies: we use cookies or local storage where needed to keep you signed in, remember preferences, and protect against abuse. You can control cookies through your browser settings; disabling essential cookies may limit functionality.

3. Information we do NOT collect

We do not knowingly collect:

  • Full credit or debit card numbers, CVV codes, or PINs — card payments are processed entirely by Paddle on their secure infrastructure. We never receive or store raw card data.
  • Biometric identifiers, government-issued ID numbers, or health information.
  • Precise GPS location — we may infer approximate location from IP address for fraud prevention.

4. How we use information

  • Provide, maintain, and improve the Service (including compilation, sync, APIs, and documentation).
  • Authenticate users, enforce limits associated with your plan, and prevent fraud or misuse.
  • Verify manual payments, activate subscriptions, and manage billing records.
  • Communicate with you about your account, security, legal notices, and (where permitted) product updates.
  • Comply with law, respond to lawful requests, and protect our rights and users.
  • Analyze aggregated or de-identified usage to improve reliability and performance.

5. Legal bases (where applicable)

Depending on your location, we rely on one or more of: performance of a contract with you; legitimate interests in operating a secure SaaS product (balanced against your rights); consent where we ask for it (for example marketing emails); and legal obligation.

6. Third-party services

We use subprocessors and integrations that may process data on our behalf, including:

  • Paddle (paddle.com) — our Merchant of Record for subscription payments. Paddle processes cardholder data under its own PCI-compliant terms and privacy policy. We receive subscription metadata from Paddle (customer ID, subscription ID, billing dates) via secure webhooks.
  • Cloud hosting, email delivery, and authentication providers (e.g. SMTP, OAuth providers such as Google when you choose Google sign-in).
  • AI model providers used by the Mask Databases compilation pipeline when you use compile features — prompts or schema text you submit may be sent to those providers strictly to generate outputs you request.
  • Analytics or error reporting if we enable them; we aim to configure such tools to minimize personal data.

Each provider is contractually or legally required to protect personal data only as needed to deliver their service.

7. We do NOT sell your data

We do not sell, rent, or trade your personal information to any third party for marketing or advertising purposes. Data is only shared with the third-party services described above as needed to provide the Service.

8. Retention

We keep information for as long as your account is active and as needed to provide the Service, comply with law, resolve disputes, and enforce our agreements. Project data is retained until you delete it or delete your account, subject to backup and legal retention requirements.

Payment and invoice metadata may be retained for audit, accounting, and anti-fraud obligations for up to seven (7) years where required.

9. Security

We use industry-standard measures including encryption in transit (HTTPS in production), access controls, rate limiting, and secure handling of secrets. Passwords are hashed with bcrypt. No method of transmission or storage is 100% secure; we encourage strong passwords and two-factor authentication where available.

10. International transfers

Data may be processed in Pakistan and in countries where our hosting or AI providers operate. Where required, we implement appropriate safeguards (such as contractual clauses) compatible with applicable law.

11. Your rights

Depending on applicable law, you may have the right to:

  • Access, correct, or delete certain personal data.
  • Object to or restrict certain processing, or withdraw consent where processing is consent-based.
  • Request a copy of data you provided in a portable format (where applicable).
  • Lodge a complaint with a supervisory authority in your country or region.

To exercise these rights, email contact@maskdatabases.com. We may need to verify your identity before fulfilling requests.

12. Children

The Service is not directed at children under 16 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children.

13. Changes

We may update this Policy from time to time. We will post the revised version on this page and update the "Last updated" date. Material changes may require additional notice as required by law.

14. Contact

Mask Databases
Email: contact@maskdatabases.com
Related pages: Terms of Service | Refund Policy | Pricing.