S
SchemaChat

Privacy Policy

Last updated: March 2, 2026

SchemaChat ("we", "us", or "our") operates the SchemaChat web application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

Account Information

When you create an account, we collect your email address and any display name you choose to provide. Authentication is handled securely through Supabase.

Project Data

We store the database schemas you create, including table definitions, column configurations, relationships, roles, and policies. This data is necessary to provide the core functionality of our service.

Conversation History

Chat messages between you and the AI assistant are stored as part of your project data to maintain conversation context and enable iterative schema design.

Usage Data

We collect usage events such as AI message counts, exports, and project creation for rate limiting, analytics, and service improvement purposes.

2. How We Use Your Information

  • To provide and maintain the SchemaChat service
  • To process your schema designs through AI-assisted conversation
  • To enforce rate limits and prevent abuse
  • To improve our service based on aggregate usage patterns
  • To send you important service-related communications

3. Third-Party Services

We use the following third-party services to operate SchemaChat:

  • Anthropic (Claude API) — Your schema context and chat messages are sent to Anthropic's API to generate AI responses. Anthropic's data handling is governed by their privacy policy.
  • Supabase — Provides authentication and database hosting for your project data.
  • Vercel — Hosts the application and may collect standard web server logs including IP addresses.
  • Sentry — Collects error reports and performance data to help us maintain service reliability.

4. Data Retention

Your project data is retained for as long as your account is active. Usage events may be retained for up to 90 days for analytics purposes. You can delete individual projects at any time through the dashboard, which permanently removes the project and all associated data.

5. Data Security

We implement industry-standard security measures including:

  • Encrypted data transmission (HTTPS/TLS)
  • Row-Level Security (RLS) policies on all database tables
  • Authentication-gated API endpoints
  • CSRF protection on all state-changing operations
  • Rate limiting to prevent abuse

6. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data and account
  • Export your schema data (via the SQL/code export feature)
  • Withdraw consent for data processing

To exercise any of these rights, please contact us at the email address below.

7. Cookies

SchemaChat uses essential cookies for authentication session management. We do not use tracking cookies or third-party advertising cookies. Local mode uses localStorage to persist project data on your device.

8. Children's Privacy

SchemaChat is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at privacy@schemachat.com.