Privacy Policy
Last updated: 5 July 2026
This Privacy Policy is written in English, which is the authoritative version. Any translation (including the Polish section below) is provided for convenience only; the English version prevails in case of any discrepancy.
SQL Sage is a Windows extension for SQL Server Management Studio 22 — a developer productivity tool. We built it to send as little of your data through us as technically possible. This policy explains what we do and, just as importantly, what we never touch.
Contents
1Who we are
SQL Sage is an independent product operated by LUMA sp. z o.o., a company established in Poland with its registered seat at [REGISTERED ADDRESS] ("we", "us", "the vendor"). We are the data controller for the limited personal data described in this policy.
SQL Sage is not affiliated with Microsoft, Anthropic, or OpenAI.
You can reach us for any privacy matter at [CONTACT EMAIL].
2Scope of this policy
This policy covers the SQL Sage extension installed on your Windows machine, our public website, and the limited backend services we operate for licensing and updates. It does not cover the AI provider you connect to (Anthropic or OpenAI), your SQL Server, or the payments provider — see the relevant sections below for how those relationships work.
3What data is involved
SQL Sage is architected to minimise the personal data that reaches us. The categories of data involved are:
| Data | Where it lives | Does it reach us? |
|---|---|---|
| Your query text and database schema metadata (table / column / index names) | Sent by the extension to your AI provider as context | No — goes to your AI provider under your own account/key |
| Query result data (rows returned by your database) | Stays on your machine unless you explicitly opt in per session | No |
| BYOK API key and license key | Local, encrypted (Windows DPAPI) | No — never transmitted to us |
| AI provider credentials (Claude / ChatGPT sign-in) | Managed by the respective CLI on your machine | No — we never see, store, or transmit them |
| License identifier | Sent to our license-validation endpoint over HTTPS | Yes — an opaque identifier only, no personal data or query content |
| Update check | Anonymous HTTPS request to a static version file | Standard connection metadata only (e.g. IP in server logs) |
| Billing details (name, email, payment data, tax location) | Handled by our payments provider | No — collected and held by the Merchant of Record, not us |
| Support correspondence & newsletter email (if you contact us or subscribe) | Our contact / mailing systems | Yes — only what you send us |
4Data sent to the AI provider
When you use the chat, query help, or safe-execution features, the extension sends the following to your chosen AI provider (Anthropic or OpenAI) as context: your query text and database schema metadata — the names of tables, columns, and indexes.
Query result data (production data) is never sent unless you explicitly opt in for that session. A "Mask names" option replaces server and database identifiers with placeholders before anything leaves your machine.
Crucially, at launch the AI provider processes this data under your own account, subscription, or BYOK key. That means your direct relationship with Anthropic or OpenAI — their terms and privacy policy — governs how that data is handled. We are not an intermediary for AI inference and we do not resell access to AI models. We recommend you review your AI provider's privacy terms:
- Anthropic (Claude): anthropic.com/legal/privacy
- OpenAI (ChatGPT / API): openai.com/policies/privacy-policy
5Local, encrypted secrets
Two kinds of secret are stored only on your machine, encrypted at rest via the Windows Data Protection API (DPAPI), scoped to your Windows user account:
- Your BYOK API key (if you choose to provide one).
- Your SQL Sage license key.
These are never transmitted to us and never stored in plaintext, in the Windows registry, or in version control. Your AI provider sign-in tokens (for Claude Code or Codex) are managed entirely by those CLIs — SQL Sage only asks whether you are signed in; it never sees, stores, or transmits those credentials.
6Licensing & update checks
Trial. SQL Sage offers a 30-day free trial with no credit card required. The trial is tracked locally on your machine.
License validation. To confirm a paid license is active, the extension makes a periodic HTTPS request to our validation service (a Cloudflare Worker). This request sends only a license identifier — no personal data, no query content, no schema, no results.
Auto-update. To check for a new version, the extension makes a single anonymous HTTPS request to a static version file. Nothing about you, your machine, your database schema, or your queries is transmitted. As with any HTTPS request, our hosting provider's server logs may record standard connection metadata (such as IP address) transiently.
7Payments & billing
Purchases are processed by our payments provider, acting as Merchant of Record (MoR). The MoR is the seller of record: it collects and processes your billing information (name, email, payment method, and tax/location data), handles VAT/GST/sales tax, issues invoices, and manages chargebacks and refunds.
We do not receive or store your full payment card details. For payment-data privacy requests, the MoR acts as controller of that billing data; we will help route your request to them. See our Sub-processors page.
8Legal bases (GDPR)
Where the EU General Data Protection Regulation (GDPR) applies, we rely on the following legal bases:
- Performance of a contract (Art. 6(1)(b)) — license validation and delivering the product you purchased.
- Legitimate interests (Art. 6(1)(f)) — securing our services, preventing abuse, and providing update checks.
- Consent (Art. 6(1)(a)) — where you opt in, e.g. subscribing to our newsletter or opting in to send query results to the AI provider for a session. You may withdraw consent at any time.
- Legal obligation (Art. 6(1)(c)) — tax and accounting duties, met primarily through our payments provider as Merchant of Record.
9Sub-processors
We use a small number of sub-processors to operate the service: Cloudflare (static hosting, the license-fulfilment Worker and its key-value store, and installer storage) and our payments provider (Merchant of Record). At launch, Anthropic and OpenAI are your providers (via your own account or BYOK), not our sub-processors. The full, current list — with roles and locations — is maintained on our Sub-processors page.
10Retention
- License records (license identifier and status) are retained for as long as the license is active and for a reasonable period afterward to support renewals, transfers, and fraud prevention.
- Local data (BYOK key, license key, trial state, chat history) lives only on your machine and is removed when you uninstall or delete it.
- Billing records are retained by the Merchant of Record per their policy and applicable tax law.
- Support and newsletter data are kept until you ask us to delete them or unsubscribe.
11International transfers
Our infrastructure providers operate globally. Where personal data is transferred outside the European Economic Area, such transfers are covered by appropriate safeguards (for example, the European Commission's Standard Contractual Clauses) implemented by the relevant provider. Any data you send to your AI provider is transferred under your own agreement with that provider.
12Your rights
Under the GDPR you have the right to: access your personal data; request rectification or erasure; restrict or object to processing; data portability; and to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with a supervisory authority — in Poland, the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, UODO).
To exercise these rights, contact us at [CONTACT EMAIL]. For requests about payment and billing data, we will help you direct the request to our payments provider, which controls that data as Merchant of Record.
13Security
We follow a data-minimisation and least-custody approach: secrets stay on your machine encrypted via DPAPI, our license service transmits only opaque identifiers over HTTPS, and we never take custody of your AI provider tokens. No method of transmission or storage is perfectly secure, but we design the product so that there is very little sensitive data on our side to protect in the first place.
14Children
SQL Sage is a professional developer tool and is not directed at children. We do not knowingly collect personal data from anyone under the age of 16.
15Changes to this policy
We may update this policy as the product evolves — notably before any hosted/keyless AI feature ships (see section 4). When we make material changes, we will update the "Last updated" date and, where appropriate, notify you.
16Contact
LUMA sp. z o.o.
[REGISTERED ADDRESS]
[CONTACT EMAIL]
// The following is a Polish translation provided for convenience. The English version above is the legally binding text.
Polityka prywatności (wersja polska — informacyjnie)
Wersja angielska ma moc rozstrzygającą. Poniższe tłumaczenie na język polski ma charakter wyłącznie informacyjny; w razie rozbieżności obowiązuje wersja angielska.
SQL Sage to rozszerzenie dla SQL Server Management Studio 22 działające w systemie Windows — narzędzie zwiększające produktywność deweloperów. Działa w modelu BYOK (własny klucz): nie sprzedajemy dostępu do modeli AI ani inferencji, nie przepuszczamy Twoich zapytań przez nasze serwery, a Twój klucz API (BYOK) oraz klucz licencyjny są przechowywane lokalnie na Twoim urządzeniu, zaszyfrowane mechanizmem Windows DPAPI — nigdy nie są przesyłane do nas.
Administrator danych: LUMA sp. z o.o., z siedzibą w Polsce ([REGISTERED ADDRESS]), kontakt: [CONTACT EMAIL].
Dane wysyłane do dostawcy AI: treść Twojego zapytania oraz metadane schematu bazy (nazwy tabel, kolumn, indeksów). Dane wynikowe zapytań (dane produkcyjne) nigdy nie są wysyłane bez Twojej wyraźnej zgody dla danej sesji. Opcja „Mask names" maskuje nazwy serwera i bazy. W momencie startu produktu dostawca AI (Anthropic/OpenAI) przetwarza te dane na podstawie Twojego własnego konta lub klucza BYOK — regulują to Twoje umowy z tym dostawcą.
Licencjonowanie i aktualizacje: 30-dniowy darmowy okres próbny bez karty. Walidacja licencji wysyła przez HTTPS wyłącznie identyfikator licencji (bez danych osobowych i treści zapytań). Sprawdzanie aktualizacji to pojedyncze anonimowe zapytanie HTTPS o plik wersji.
Płatności: obsługiwane przez naszego dostawcę płatności działającego jako Merchant of Record (sprzedawca formalny) — to on pobiera dane rozliczeniowe, VAT, wystawia faktury i obsługuje zwroty.
Twoje prawa (RODO): dostęp, sprostowanie, usunięcie, ograniczenie i sprzeciw wobec przetwarzania, przenoszenie danych, cofnięcie zgody oraz skarga do Prezesa UODO. Wnioski: [CONTACT EMAIL]; wnioski dotyczące danych płatniczych kierujemy do dostawcy płatności (MoR).
Pełną, wiążącą treść znajdziesz w wersji angielskiej powyżej.