Privacy Policy

Last updated: May 28, 2026

Queringo, Inc. ('Queringo', 'we', 'us', or 'our') operates an AI-powered business intelligence platform. This Privacy Policy explains what information we collect, how we use and protect it, and the rights you have over your data. By creating an account or using the service, you agree to the practices described here.

1. Information we collect

Account and profile information:

  • Name, work email address, and hashed password (Argon2id; never stored in plaintext)
  • Job title, company name, industry, and company size
  • Phone number (optional; used for security alerts and critical notifications on Enterprise)
  • Appearance preference (light, dark, or system) and preferred locale

Usage and query data:

  • Natural-language questions you submit and the generated SQL
  • Encrypted result snapshots retained for dashboard refresh (see Section 6)
  • AI-generated insight text, alert configurations, and alert payloads
  • Conversation history, dashboard layouts, and widget configurations
  • Usage metrics: query counts, token consumption, and latency measurements

Security and audit data:

  • IP addresses, browser and operating system identifiers, and device labels
  • Session activity timestamps and inactivity-timeout events
  • Audit log entries for every sensitive action (member changes, permission changes, data source connections, and billing events)

2. Information we never store

Queringo operates in a non-intrusive mode. We never copy your source tables into our systems. When we run a query against your connected data source, we:

  • Execute SQL via a read-only database credential that cannot modify your data
  • Return results to your browser and, if result-row retention is enabled, store a small encrypted snapshot for dashboard refresh only
  • Immediately discard the sample rows used during schema scanning and PII detection after use in memory; they are never written to disk

Your source database, warehouse, or data lake is never mirrored or replicated into Queringo infrastructure.

2a. Data from connected sources

When you connect a SaaS source (for example a commerce platform such as Shopify), Queringo processes the personal data of your customers held in that source, as your processor and only to provide analytics to you. We apply data minimisation: we read only the fields needed for analysis, such as names, email, and coarse geography (city, region, and country), and we do not read street addresses, postal codes, or phone numbers. These fields are masked by default (email hashed, names redacted) for users who lack reveal permission.

By default this data is queried live and is not stored. If you opt in to deep analysis for a source, we keep an encrypted, access-controlled copy to speed up complex questions, and you can turn it off at any time to delete it. We honour deletion signals from the connected platform, so when it tells us a customer or shop must be erased, we purge the corresponding stored data. Our Data Processing Addendum sets out the processor terms that govern this data.

3. How we use your information

  • To provide the service: run queries, generate SQL, produce AI insights, evaluate alert conditions, and render dashboards
  • To improve the product: aggregate, anonymised usage telemetry via our self-hosted analytics platform
  • To communicate: transactional emails (verification codes, alert notifications, billing receipts) and SMS for MFA and critical alerts
  • To enforce security: rate limiting, account lockout policies, fraud detection, and MFA enforcement
  • To comply with law: GDPR, CCPA, LGPD, and equivalent obligations in other jurisdictions

We do not use your query content, conversation history, or result data to train AI models.

4. How we protect your data

Encryption at rest: each Workspace gets a unique 256-bit Data Encryption Key (DEK) when it is created. The DEK is encrypted with a master key managed by AWS Key Management Service (KMS), a model known as envelope encryption. Sensitive fields (conversation messages, generated SQL, result snapshots, alert payloads, data source credentials, insight text, and schema annotations) are encrypted with AES-256-GCM via libsodium before being written to the database. An attacker with raw database access would see only ciphertext; they would also need access to KMS to decrypt it.

Field-level encryption is tiered by plan:

  • Starter: off by default; Workspace Admins can enable it in Settings
  • Growth: on by default; Workspace Admins can disable it (the action is confirmed and audit-logged)
  • Scale and Enterprise: mandatory and cannot be disabled

Encryption in transit: all traffic uses TLS 1.3. HTTP Strict Transport Security (HSTS) is enforced with a one-year max-age. Internal service-to-service traffic is encrypted over private AWS VPC links.

Access controls: data source credentials are stored only in encrypted form. We connect to your sources using a read-only role that cannot write to your data. Internal Queringo staff access to production systems requires MFA and is logged in the audit trail.

5. Cookies and tracking

We use first-party cookies for authentication, session management, and locale preference. We use PostHog, self-hosted on our own AWS infrastructure, for product analytics. No data is sent to PostHog's cloud. We do not use third-party advertising cookies or retargeting pixels. See our Cookie Policy for the full list.

6. Data retention

Result-row snapshots are stored for 30 days by default. Workspace Admins can shorten this window or disable result-row retention entirely in Settings, so that only the chart specification is kept and queries re-execute on each dashboard load.

Account data after cancellation: when you cancel your subscription, your data enters a GDPR grace period (default 90 days) before automated deletion. The exact window depends on your billing jurisdiction. During the grace period, you can reactivate by purchasing a plan. Account Admins can also extend the grace period in bounded increments up to the legal maximum for their jurisdiction, without restoring product access.

Permanent deletion: after the grace period, we run a purge job that removes PII columns, anonymises audit log entries (replacing user identifiers with hashes), and retains only the statutory financial records required by applicable law.

For accounts in strict-jurisdiction countries (EU/EEA, UK, Switzerland, Brazil under LGPD, California under CCPA/CPRA, and equivalents), right-to-erasure requests are honoured and PII is purged within 72 hours.

7. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access: request a copy of all personal data we hold about you
  • Rectification: correct inaccurate or incomplete personal data
  • Erasure: request deletion of your personal data
  • Portability: receive your data in a structured, machine-readable format
  • Restriction: ask us to pause processing your data in certain circumstances
  • Objection: object to processing based on legitimate interest

Self-service: you can export your data and request account deletion at any time from Settings, under Data and Privacy. To exercise a right that is not available via self-service, email privacy@queringo.com. We will respond within 30 days.

8. Sub-processors

We engage the following sub-processors to deliver the service:

Sub-processorPurposeLocation
Amazon Web ServicesCloud hosting, object storage, KMS, and email via SESGlobal (multi-region)
PaddlePayment processing and subscription management (global, Merchant of Record)United States / United Kingdom
RazorpayPayment processing for Indian customers (UPI AutoPay, e-mandate)India
ResendTransactional email deliveryUnited States
TwilioSMS verification and critical alert deliveryUnited States
PostHogProduct analytics (self-hosted on our AWS infrastructure)Our infrastructure

We will provide at least 30 days' notice before adding a new sub-processor. If you object, you may contact privacy@queringo.com before the change takes effect.

9. International data transfers

Data is processed primarily in AWS regions in the United States. For customers in the EU, EEA, and UK, we rely on the EU Standard Contractual Clauses (SCCs) for cross-border transfers. Enterprise customers can request specific AWS regions for data residency and execute a Data Processing Addendum (DPA) with region constraints. Contact legal@queringo.com to get started.

10. Changes to this policy

We will notify you of material changes by email and by updating the date at the top of this page at least 14 days before the change takes effect. Your continued use of the service after the effective date constitutes acceptance of the revised policy.

11. Contact

  • Privacy questions and data subject requests: privacy@queringo.com
  • Queringo, Inc., San Francisco, California, United States