Data Use & Security

Data use overview

Connection architecture

The connection runs between our server, your desktop application, and the API/LLM provider. You cannot add your own API keys – LLM access is provided through Pointer. Prompts and schema metadata are routed through our infrastructure to the LLM provider.

Why no bring-your-own API keys? Some users ask why they can't use their own OpenAI or Claude key. Our proxy lets us apply security filters that a direct connection cannot offer – for example, PII anonymization, query validation, or policy checks before requests reach the LLM. These protections run in our infrastructure and require traffic to pass through it. We are exploring options to support enterprise deployments with your own keys where appropriate.

Transit encryption and processing

All data in transit is encrypted with TLS. We do not store prompts, schema, SQL, or query results in memory or on disk – not temporarily, not for buffering, not for logging. Content is processed on-the-fly and forwarded; we do not see or display it. This applies to our security teams as well: we have no access to the content of your requests.

What we track

We track token consumption for billing and usage limits: when a request was made, how many tokens it used, associated user/account information, and whether the request was successful. Technical error codes (non-content) may be logged to improve service stability – for example, when a request fails and we need to diagnose the issue. We do not track, store, or log the actual content of your prompts, SQL, schema, or query results.

Where your data goes

Your database credentials and schema index stay on your device. Prompts, schema context, SQL queries, and query results are sent to the LLM provider for inference. We do not receive, store, or persist your prompts, SQL, query results, or database content.

• Your device – Credentials, schema index, and the Pointer application itself.
• Your database – Queries run locally against your database. We never connect to it.
• LLM provider – Prompts, schema, and (when the agent executes) query results may be sent to the provider for inference.
• Pointer (us) – We do not see, store, or display your prompts, SQL, query results, or database content. We only track token usage (timestamp, token count, user, success status). Technical error codes (non-content) may be logged to improve service stability.

What Pointer never receives

We do not have access to and never store:

• Your database credentials or connection strings
• Your schema index (it is built and stored locally)
• Your prompts or natural language questions
• Generated SQL queries
• Query results or any row data from your database

The connection involves our server, your desktop app, and the LLM provider. You cannot add your own API keys. We do not see, display, store, or log your prompts, SQL, or query results. Content is encrypted in transit (TLS) and processed on-the-fly without temporary storage.

When the agent executes

When you instruct the agent to run a task, it can execute SQL queries autonomously against your database. To reason about the results and continue the conversation, the agent may send those queries and their results to the LLM provider.

They are never sent to or stored by Pointer. We do not receive, persist, or log your SQL, query results, or database content.

Your data is not used for AI training

Your database content is never used to train AI models – not by us, and not for any models we or our partners operate.

Schema information, prompts, and (when the agent executes) query results may be sent to the LLM provider for inference only – to generate a response to your request. We never receive or store any of this. For whether a provider uses such data for training, please review each provider's terms and privacy policy (e.g., OpenAI, Google, Anthropic).

Certifications and third-party assessments

We are working towards industry certifications and third-party security assessments. Details will be published here as they become available.

Auditing

We conduct internal security audits and reviews of our infrastructure, processes, and codebase on a regular basis. Our goal is to identify and address risks before they become issues.

We are committed to at least annual third-party penetration testing and security assessments. Executive summaries of such reports may be made available to enterprise customers upon request.

For our website and account-related services, we maintain audit logs where applicable (e.g., access events, configuration changes). These logs support incident investigation and compliance. We do not log or persist prompts, SQL, or query results that flow through the Pointer application.

We aim to align our practices with relevant compliance frameworks (e.g., GDPR, SOC 2) as we grow. Specific compliance documentation is available upon request for qualified prospects.

Infrastructure security

The connection involves our server, your desktop application, and the LLM provider. You cannot add your own API keys. All traffic is encrypted with TLS. We do not store content – not in RAM, not on disk. We do not see or display it. We only track token usage (timestamp, token count, user, success status).

For our website (getptr.com), account management, and related services, we use industry-standard hosting and security measures. We assign access on a least-privilege basis and enforce strong authentication where applicable.

Client security

The Pointer desktop application connects to:

• Our servers – Connection and orchestration. You cannot add your own API keys; LLM access is provided through Pointer.
• LLM provider – For AI inference. Prompts, schema, and (when the agent executes) query results may be sent there. We do not receive, store, or log this data.
• Your database(s) – Locally, using credentials stored on your device.

If you are behind a corporate proxy, you may need to whitelist our domains and those of the LLM providers we use.

AI requests

The connection runs between our server, your desktop application, and the API/LLM provider. You cannot add your own API keys. Prompts, schema, and query results are routed through our infrastructure to the LLM. All traffic is encrypted with TLS. We do not store content in memory or on disk – not even temporarily. We do not see or display it. We only track token usage: when a request was made, token count, user/account, and whether it succeeded.

Schema indexing

Pointer builds a schema index of your database so the agent can quickly understand table structure and generate accurate SQL. This index is created and stored locally on your device. It contains only:

• Table names and column names
• Data types and relationships (e.g., foreign keys)

No row data is indexed. No values from your tables. The index is never uploaded to our servers or any third party. It stays on your machine. You can delete it at any time by removing the local Pointer data for that database connection.

Community add-ons

We do not review community-developed add-ons. Community add-ons are created by third parties and have not been vetted by us for security, quality, or compliance. Add-ons may request access to your database – use them only from sources you trust. A full documentation of our add-on ecosystem will be provided as development continues.

Do not install add-ons from sources you do not trust. If you are unsure, do not install. Add-ons developed and officially published by Pointer are clearly marked in the Marketplace. When in doubt, verify that an add-on is an official Pointer add-on before installation.

Planned security features: We are working on add-on sandboxing and explicit permission prompts (e.g., "This add-on requests read access to table X") so you can see and approve what each add-on is allowed to do before it runs. These will be announced as they become available.

Review policy

Our own code: All Pointer core code and official add-ons undergo internal code review before release. We use peer review, automated checks, and security-focused scrutiny for changes that touch sensitive areas (authentication, credentials, data handling).

Official add-ons: Add-ons developed and published by Pointer are reviewed for security, functionality, and quality before they are released to the Marketplace. They are clearly marked as official Pointer add-ons.

Community add-ons: We do not review community-developed add-ons. They are created by third parties and are not vetted by us. See the Community add-ons section above.

Security and vulnerability reports: Reports submitted to us are triaged, investigated, and addressed according to severity. We acknowledge receipt within 5 business days and work to resolve issues as quickly as possible. See Vulnerability disclosures below.

Safe Mode guarantee

Safe Mode

One toggle. Zero writes. When Safe Mode is enabled, the agent can only execute read queries (SELECT, SHOW, etc.). No INSERT, UPDATE, DELETE, or DDL. Use it when exploring unfamiliar databases or when you want an extra safety layer.

Rollback

Undo any agent request, one by one. If the agent ran a query you did not intend, roll it back with a single click. Full history, full control.

Account deletion

You can delete your account at any time in the Settings dashboard (or via the account management area when available). This will delete all data associated with your account. We aim to remove your data within 30 days. Some backups may retain data for up to 30 days before purging.

Incident response

We maintain an incident response process to detect, contain, and resolve security incidents. When a significant security issue affects our infrastructure, website, or services, we will:

• Assess the scope and impact
• Contain and remediate the issue
• Notify affected users where appropriate and as required by law
• Document the incident and take steps to prevent recurrence

We do not store or persist your prompts, SQL, or database content. The impact of most infrastructure incidents on your data is limited to account and website-related information. We will communicate critical incidents via email or through the application when feasible.

Vulnerability disclosures

If you believe you have found a vulnerability in Pointer, please submit a report to us via the contact details on our Legal / Imprint page (mark your message for security). We commit to acknowledging reports within 5 business days and addressing them as soon as we are able. Critical incidents will be communicated to users.

Local storage

Database connection strings and credentials are stored locally on your device. We do not transmit or store them on our servers. Your database secrets stay on your machine, protected by your operating system. We recommend using strong passwords and keeping your system updated.

How we protect your information (website & services)

When you use our website or create an account, we apply industry-standard measures:

• Encryption in transit: TLS/HTTPS for all web traffic
• Encryption at rest: Sensitive data stored on our side is encrypted where feasible
• Access controls: Strict access policies and authentication for our systems
• No selling of data: We do not sell your personal data to third parties
• No advertising use: We do not use your data for advertising

Best practices

• Keep Safe Mode on for exploration and unfamiliar databases; turn it off only when you intend to run write operations
• Review generated SQL before executing, especially for complex or destructive operations
• Keep your operating system and Pointer updated for security patches
• Use strong, unique passwords for database accounts and limit privileges where possible

More information

Privacy Policy · Terms of Service · Legal / Imprint