Legal

Privacy Policy

Plain-English rules for how DBDock handles your information. We built it so your data stays where it belongs — in your databases and your buckets.

Last updated:

Who we are

DBDock ("DBDock", "we", "us") provides a hosted dashboard for database backups, restores, migrations, and scheduling. This policy explains what we collect, why, and the choices you have. It applies to the DBDock web app and marketing site at dbdock.xyz.

For privacy questions or to exercise your rights, contact us at privacy@dbdock.xyz. We act as the data controller for account data and as a data processor for the database credentials and operational data you enter to run backups on your behalf.

What we collect

DBDock collects the minimum data required to run your account and power the dashboard. Specifically:

  • Account data — your name, email, hashed password or OAuth identity (Google / GitHub).
  • Connection metadata — hostnames, ports, database engine, and encrypted credentials you choose to save.
  • Operational records — timestamps, sizes, status, and logs for backups, restores, migrations, schedules, and alerts.
  • Billing data — subscription plan and status (handled by Dodo Payments; we never see full card numbers).
  • Technical data — IP address, browser type, and request logs, kept short-term for security, rate-limiting, and abuse prevention.

What we never do

  • We do not read the contents of your databases. DBDock streams backups directly from your database to your storage bucket.
  • We do not store backup payloads on our servers. They land in your own bucket or DBDock Managed storage — depending on what you configure.
  • We do not sell, rent, or share your data with advertisers, and we never use your data to train models.

How we protect credentials

Every database and storage credential you save is encrypted at rest with AES-256-GCM before it is written to our database. The encryption key is managed separately from the ciphertext. Sessions use short-lived JWT access tokens with refresh-token rotation and are delivered over HTTPS only. Decrypted credentials are used transiently in memory to run the operations you request and are never returned to your browser.

How we use your data

We use the data above to:

  • Authenticate you and secure your account.
  • Run the backups, migrations, and schedules you configure.
  • Send alert deliveries (email, Slack, webhooks) you subscribe to.
  • Send transactional emails (OTP codes, billing receipts).
  • Bill you for paid plans and enforce plan limits.

Cookies & sessions

DBDock uses first-party cookies only — no third-party advertising or tracking cookies. They keep you signed in and gate access to shared dashboards. For the full list of cookie names, purposes, and lifetimes, see our Cookie Policy.

Sub-processors

We share limited data with a short list of trusted providers:

  • Dodo Payments — subscription billing and invoices.
  • SMTP / email provider — delivery of OTP codes and transactional email.
  • Google & GitHub OAuth — social login (only if you choose it).
  • Cloud hosting provider — where the DBDock app and its database run.
  • Managed storage infrastructure — only when you use DBDock Managed storage on an eligible plan.

You can also bring your own S3, R2, or Cloudinary account — those providers are not sub-processors because we never send them your data; you do.

International transfers

DBDock may process data on servers located outside your country. Where data leaves the EEA or UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses. You can request details of the safeguards that apply by emailing us.

Your rights

Depending on where you live (for example under GDPR or CCPA/CPRA), you may have the right to:

  • Access, correct, or delete the personal data we hold about you.
  • Export your data in a portable format.
  • Object to or restrict certain processing.
  • Opt out of the "sale" or "sharing" of personal data — note that DBDock does neither.
  • Withdraw consent and lodge a complaint with a supervisory authority.

Email privacy@dbdock.xyz to exercise any of these. We will not discriminate against you for doing so.

Retention & deletion

Operational logs are retained for up to 90 days. You can delete your account at any time from Settings → Danger zone — this removes your account, connections, schedules, and logs within 30 days, except where we must retain limited billing records to meet legal obligations. Backup files in your buckets or DBDock Managed storage are untouched — you control them.

Children

DBDock is a tool for developers and businesses and is not directed to children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, contact us and we will delete it.

Changes to this policy

We may update this policy as the product evolves. Material changes will be announced in-app or by email, and the "Last updated" date above will change. Continuing to use DBDock after an update means you accept the revised policy.

Contact

Questions about this policy or data requests? Email privacy@dbdock.xyz and we'll respond within 7 business days.