Privacy Policy

Greppilot ("we", "us", "our") operates the Greppilot platform at greppilot.com. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

By using Greppilot, you agree to the collection and use of information in accordance with this policy.

Account information. When you sign up, we collect your email address and name via Supabase Auth. We use this to authenticate you and manage your account.

Integration credentials. When you connect a database or API, we store the connection configuration (host, port, credentials). All integration credentials are encrypted at rest using AES-256-GCM before being written to our database. We never store credentials in plaintext.

Conversation history. Your chat messages with the AI agent are stored to provide context for follow-up queries and to improve your experience. Dashboard component configurations (chart types, queries, layouts) are also stored.

Usage analytics. We use PostHog for anonymous frontend analytics (pageviews, feature adoption, session replay). Sensitive inputs such as connection strings and API keys are excluded from session replay via CSS masking. No chat content or query data is sent to PostHog.

Query results. When you query a connected database or API, the results are processed in memory to generate charts and answers. We do not store, log, or persist your query results.

Your API keys (BYOK). If you use Bring Your Own Key mode, your Anthropic or other provider API key is stored only in your browser's localStorage and sent to our API via a request header. It is never written to our database.

We use the data we collect to:

• Authenticate you and manage your account
• Execute queries against your connected data sources on your behalf
• Provide AI-powered analytics and dashboard building via the chat agent
• Improve the product through anonymous usage analytics
• Send transactional emails (account-related notifications only)

We do not sell your data. We do not use your data to train AI models.

We use the following third-party services to operate Greppilot:

• Supabase — authentication and database hosting (US region)
• Anthropic / OpenAI — AI model providers for the chat agent (only when using Managed AI; BYOK users connect directly via their own key)
• PostHog — anonymous frontend analytics and session replay
• Langfuse — LLM observability (traces token usage and costs; sensitive fields are automatically redacted; no query result data is sent)
• Axiom — structured error logging (backend errors and warnings only; no user data)
• Paddle — payment processing for paid plans

We take the security of your data seriously:

• All integration credentials are encrypted with AES-256-GCM before storage
• All connections to our services use HTTPS/TLS
• Database access is restricted to authenticated, authorized users
• Query results are never persisted — they exist only in memory during processing
• Sensitive fields are automatically redacted from observability and logging systems

Your account data, conversation history, and dashboard configurations are retained for as long as your account is active. Integration credentials are deleted immediately when you remove an integration.

You can request full account deletion by contacting us at hello@greppilot.com. Upon deletion, all your data — including account information, conversations, dashboards, and stored credentials — is permanently removed.

Greppilot uses essential cookies for authentication (Supabase session tokens). PostHog may set analytics cookies for session tracking. We do not use advertising cookies or third-party tracking cookies.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Object to or restrict certain processing

To exercise any of these rights, contact us at hello@greppilot.com.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date. Your continued use of Greppilot after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy, contact us at hello@greppilot.com.