PgbeamTechnical Preview

Privacy Policy

Effective: March 1, 2026

1. Identity & Contact

PgBeam ("we", "us", "our") operates the PgBeam platform, including our website, APIs, proxy services, and dashboard. For privacy-related inquiries, contact us at privacy@pgbeam.com.

2. Data We Collect

Account data: Name, email address, and authentication credentials when you create an account.

Organization data: Organization name, slug, member roles, and project configurations.

Usage and billing data: Query counts, cache hit rates, connection metrics, data transfer volumes, and Stripe subscription details.

Technical data: IP address, user agent, and session metadata collected during authentication (stored in the sessions table).

Transient cache data: Query results cached in-memory in the nearest data plane region. Cache data is not persisted to disk and is evicted automatically based on TTL and memory pressure.

3. What We Don't Store

Query results: Cached query results are held transiently in-memory only and are never written to disk or persisted.

Plaintext credentials: Database passwords are encrypted at rest using AES-256-GCM. We never store or log plaintext database credentials.

4. Legal Bases (GDPR Art. 6)

We process your personal data on the following legal bases:

Contract performance: Processing necessary to provide the PgBeam service, manage your account, and fulfill billing obligations.

Legitimate interest: Service security, fraud prevention, usage analytics for service improvement, and infrastructure monitoring.

Consent: Marketing communications (you can opt out at any time via your dashboard email preferences or by contacting us).

5. Your Rights

Under GDPR and applicable privacy laws, you have the right to:

Access — Request a copy of the personal data we hold about you. Rectification — Correct inaccurate personal data. Erasure — Request deletion of your personal data. Portability — Receive your data in a structured, machine-readable format. Restriction — Request that we limit processing of your data. Objection — Object to processing based on legitimate interest.

6. How to Exercise Your Rights

You can export your account data directly from your dashboard settings. To request erasure, you can delete your account through the dashboard. For all other requests, contact us at privacy@pgbeam.com. We will respond within 30 days.

7. Data Retention

We retain data for the following periods:

Sessions: 30 days after expiry. Soft-deleted projects: 90 days (then permanently purged). Query insights: 90 days. Usage data: 365 days. Audit logs: 2 years. Account data: Retained until you delete your account.

8. International Transfers

Your data may be processed in the following locations: AWS (US East, US West, EU Ireland, Asia Pacific Mumbai, Singapore, Tokyo), Vercel (United States), PlanetScale (managed PostgreSQL), and Stripe (payment processing). Where data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms.

9. Sub-Processors

We use the following sub-processors to deliver the service:

Amazon Web Services (AWS) — Infrastructure hosting (6 global regions). Vercel — Dashboard and marketing site hosting. PlanetScale — Managed PostgreSQL database. Stripe — Payment processing and subscription management. BetterStack — Uptime monitoring and log management. GitHub — Source code hosting and container registry.

10. Analytics

We use Vercel Analytics, which is a cookieless, privacy-focused analytics service. It does not use cookies, does not track users across sites, and does not collect personally identifiable information. No cookie consent banner is required.

11. Children

PgBeam is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us at privacy@pgbeam.com.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Categories of personal information collected: Identifiers (name, email, IP address), commercial information (subscription and billing data), and internet activity (usage metrics, session data).

No sale of personal information: We do not sell, rent, or share your personal information for monetary or other valuable consideration.

Your rights: Right to know what personal information we collect and how it is used. Right to delete your personal information. Right to opt-out of the sale of personal information (not applicable as we do not sell data). Right to non-discrimination for exercising your privacy rights.

To exercise your CCPA rights, contact us at privacy@pgbeam.com or use the data export feature in your dashboard.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 30 days before taking effect. Continued use of the Service after changes take effect constitutes acceptance.

Contact

Questions about this Privacy Policy? Contact us at privacy@pgbeam.com.