Privacy Policy

This Privacy Policy applies to all components of the Tellus platform, including the web dashboard at tellusplatform.site, the Tellus API, all AI-powered analysis features, the Workspace and collaboration system, and any future products or services operated by Tellus. It applies regardless of how you access the Platform — through a web browser, programmatic API access, or any other means.

Tellus is a management interface. The Platform does not host your databases or take ownership of your data. When you connect a database to Tellus, your data remains on the external database infrastructure you have chosen — Tellus routes queries to it on your behalf. This distinction is foundational to understanding how data flows through the Platform and what we are and are not responsible for.

This Policy should be read in conjunction with the Tellus Terms of Service, available at tellusplatform.site/terms, which governs the overall relationship between you and Tellus and contains additional provisions relevant to data responsibility, credential security, and liability.

Tellus collects the minimum information necessary to provide, secure, and improve the Platform. We do not collect data speculatively or for purposes unrelated to the operation of the service.

Account and identity information. When you register for a Tellus account, we collect your email address, a password (stored only as a cryptographic hash — we never store or have access to your plaintext password), and any optional profile information you choose to provide such as a display name or organisation name. This information is used for authentication, account management, billing, and service communications.

Project and configuration data. When you create a Project by connecting a database, we store the configuration metadata required to operate that Project: the database provider type, hostname, port number, database name, and the name you give the Project. We also store your database Credentials in encrypted form — see §4 for the full technical handling model. Additionally, we store workspace and project membership records, including user IDs, assigned roles, and membership timestamps, which are used to enforce access controls.

Schema cache. To improve performance and reduce repeated queries against your Connected Database, the Platform periodically fetches and stores a lightweight cache of your database's structure — table names, column names, data types, index definitions, and constraint metadata. This cache does not contain the actual data rows stored in your tables. It is used to power features such as schema browsing, AI analysis, and query assistance within the Platform. See §5 for full details on how this is stored and managed.

Platform usage and operational data. The Platform automatically records operational data necessary for security, debugging, and billing: timestamps and action types for API calls (for example, that a query action was invoked on a particular Project at a particular time), HTTP response codes and error messages from failed operations, and aggregate usage metrics such as number of queries executed per billing period. This data does not include the contents of queries or the data returned by your Connected Databases.

AI scan results. When you invoke AI analysis features, the health scores, issue summaries, and recommendations generated as output are stored and associated with your Project so that you can review historical scan results. These stored results contain the AI's analysis output — they do not contain raw row data from your database.

Technical and device information. Standard technical information is collected automatically through your use of the Platform: your IP address (used for security monitoring and fraud prevention), browser type and version (used for compatibility diagnostics), and country or region derived from your IP address (used for latency optimisation and regulatory compliance monitoring). We do not collect precise geolocation data.

Communications. If you contact Tellus support or submit feedback, we retain those communications in order to respond to your enquiry and improve the Platform. We do not share support communications with third parties except as required by law.

Given that Tellus operates as a management interface over databases you own, it is important to be specific about the categories of data we deliberately do not collect or retain.

Your database row data. Records from your Connected Databases — the actual contents of your tables, documents, or collections — are fetched on demand and transmitted directly to your browser. They are not written to or retained in Tellus's own storage infrastructure. Transient, short-lived caching of recent query results may occur within the Platform's serving layer for performance purposes, but this cache is never written to persistent storage, expires within seconds to a few minutes, and is not accessible to any other user.

Query contents and history. The Platform does not log or persistently store the SQL statements, query filters, or document queries you execute against your Connected Databases. Operational logs record that a query action occurred on a Project and whether it succeeded or failed — they do not record what was queried or what data was returned.

Plaintext credentials. Database Credentials are encrypted before being written to any storage medium. Tellus never stores, logs, or transmits Credentials in plaintext. See §4 for the technical model.

Advertising data. Tellus does not use advertising cookies, tracking pixels, third-party analytics SDKs, or any other tools designed to build advertising profiles. We do not sell user data, and we do not share data with advertising networks or data brokers.

Data from unauthorised databases. The Platform has no mechanism to determine whether you are authorised to access a database you connect. We do not collect or inspect data from your Connected Databases beyond what is necessary to operate the features you use. The responsibility for ensuring you are authorised to connect each database rests entirely with you.

Database Credentials — including hostnames, ports, usernames, passwords, connection URIs, API keys, and service account files — are the most sensitive data handled by the Platform. This section describes the full technical and operational model governing how Credentials are protected.

Encryption at rest. All Credentials stored by the Platform are encrypted at rest using industry-standard symmetric encryption. Credential data is stored in association with your Project record and is never written to log files, diagnostic outputs, or any storage medium in plaintext form.

Operational access pattern. Credentials are decrypted exclusively at the moment a database operation is requested by an authenticated user, in the context of the server-side function handling that request. They are held in memory only for the duration of the operation and are discarded immediately afterward. Credentials are never returned in API responses, never exposed to browser-side JavaScript, and never transmitted to any party other than the Connected Database itself.

Internal access controls. Access to Credential data within Tellus's infrastructure is subject to strict internal access controls. No Tellus employee or contractor has routine access to the plaintext Credentials of any user account. Any access to Credential data for legitimate operational purposes (such as investigating a reported security incident) requires documented authorisation and is logged.

Short-lived authentication tokens. For database providers that use token-based authentication requiring periodic renewal — such as OAuth2-based providers — the Platform may cache short-lived access tokens (not the underlying private key or service account) to avoid redundant token exchange operations. These cached tokens are subject to the same encryption and access controls as static Credentials and expire automatically in accordance with the token's own validity period.

Credential deletion. When you delete a Project, all associated Credential data is deleted from the Platform's storage immediately and is not recoverable. Credential data is not retained in backups beyond the backup retention window applicable to the underlying infrastructure. Following Project deletion, you should also revoke the database user's access directly at your database provider to fully remove the Platform's ability to connect.

This section describes where and how the different categories of data collected by the Platform are stored, and the infrastructure providers involved in that storage.

Account, project, and configuration data — including your account profile, Project settings, encrypted Credentials, workspace memberships, and schema cache — is stored in a managed relational database service operated on your behalf within the Platform's infrastructure. This data is stored in the geographic region closest to your account's primary region at the time of creation, subject to the infrastructure provider's available regions. All data at rest is encrypted using AES-256 encryption.

Schema cache is stored as structured JSON metadata associated with each Project. It is refreshed automatically on a periodic schedule and on demand when you manually trigger a refresh. Schema cache does not contain row data. It is stored in the same geographic region as your Project configuration data and is subject to the same encryption standards.

AI scan results — the health scores, issue findings, and recommendations generated when you run an AI analysis — are stored as structured records associated with your Project, in the same infrastructure as your Project configuration data. These records persist until you delete them or delete the Project. They do not contain raw database records.

Transient query result cache is held in an in-memory data store and is used solely to serve repeated identical queries within a short time window without re-querying your Connected Database. This cache is never written to disk, never persisted across server restarts, and expires automatically within seconds to a few minutes. It is shared only within the context of a single Project and is not accessible across Projects or to other users.

Operational logs — API access logs, error logs, and audit logs — are stored in the Platform's logging infrastructure. These logs are retained for a rolling 90-day window, after which they are automatically deleted. Logs are used for security monitoring, debugging, and billing verification only.

Billing records are retained for seven years in accordance with applicable statutory accounting and tax obligations. Billing records contain transaction amounts, subscription plan details, and timestamps, but do not contain payment card numbers or other full payment instrument details (which are handled exclusively by our payment processor).

Geographic considerations. The Platform's primary infrastructure is provisioned in specific geographic regions. If you are subject to data residency requirements — such as an obligation to keep personal data within a specific jurisdiction — you should evaluate whether the Platform's storage regions meet your requirements before connecting databases that contain regulated data. Tellus does not currently offer customer-selectable storage regions, though we may introduce this capability in future.

This section describes the specific purposes for which Tellus uses the data it collects. We do not use your data for purposes beyond those listed here without obtaining your consent or providing advance notice through a Policy update.

Platform operation. The primary use of all collected data is to operate the Platform: authenticating users, routing database queries to the correct Connected Database, enforcing Workspace access controls, populating the dashboard interface with schema and project information, and executing the specific operations you request.

Performance and reliability. Operational logs, error rates, and latency data are used to monitor platform health, diagnose and resolve technical issues, plan infrastructure capacity, and improve the reliability of the service. This usage is strictly internal — it is never shared with third parties except as described in §8.

Security and fraud prevention. IP addresses, session data, and access patterns are used to detect and prevent unauthorised account access, credential stuffing, denial-of-service activity, and other forms of platform abuse. If anomalous activity is detected on your account, we may use this data to suspend the account and notify you.

Billing and account management. Usage metrics — including the number of queries executed, AI scans run, and projects active in a billing period — are used to calculate your invoice, enforce plan limits, and process subscription changes. This data is not shared with advertisers or third parties for commercial purposes.

Product improvement. Aggregated, anonymised usage data — for example, which database providers are most commonly connected, which features are most frequently used, and which error types occur most often — is used to prioritise product development and improve the Platform. This analysis operates on aggregated statistics, not on individual user records or database contents.

Legal and compliance. In limited circumstances, data may be used to comply with applicable legal obligations, respond to lawful requests from government authorities, enforce these Terms, or protect the rights and safety of Tellus, its users, or third parties. See §8 for the specific circumstances under which data may be disclosed externally.

What we do not do with your data. Tellus does not sell your data to any third party. We do not use your data to build advertising profiles or for any form of behavioural advertising. We do not share your data with data brokers. We do not use data from your Connected Databases to train machine learning models operated by Tellus. We do not use your data for purposes beyond those described in this Policy without first updating this Policy and providing the notice described in §16.

The Platform's AI-powered features — including database health analysis, natural language query assistance, automated report generation, and AI-assisted data management — involve transmitting data from the Platform to third-party large language model (LLM) providers. This section is specific about what data is transmitted, to whom, and under what conditions.

What is transmitted to LLM providers. When you invoke an AI feature, the Platform constructs a prompt that includes schema metadata from your Connected Database — specifically table names, column names, data types, and index or constraint definitions — together with a limited number of sample records, typically between 10 and 100 rows, selected to represent the data patterns in the relevant tables. This information is sent to a third-party LLM API to generate the requested analysis or response.

What is not transmitted. Your database Credentials are never transmitted to LLM providers. The full contents of your database tables are not transmitted. AI features only send the data described above, and only when you actively invoke those features — they do not run in the background or transmit data without your explicit action.

LLM provider identity and policies. The Platform currently uses a cascade of third-party LLM providers to power AI features. The cascade is ordered by availability and latency; the first available provider handles each request. These providers operate under their own independent terms of service and privacy policies, which govern their handling of the data transmitted to them. Tellus does not have contractual control over how these providers store, process, or use prompt data beyond the provisions of our agreements with them. You are responsible for reviewing the data handling terms of each LLM provider before using AI features, particularly if your databases contain sensitive or regulated data.

Sensitive data advisory. If your Connected Databases contain personal data subject to data protection regulation (such as GDPR or CCPA), protected health information subject to HIPAA, financial records subject to PCI-DSS, legally privileged communications, or any other category of sensitive data, you should exercise careful judgement before invoking AI features on those databases. Tellus cannot guarantee that data transmitted to third-party LLM providers will not be retained, logged, or used by those providers for purposes permitted under their own terms. Disabling AI features for sensitive Projects is your responsibility.

Stored AI outputs. The health scores, issue findings, recommendations, and natural language responses generated as AI outputs are stored within the Platform and associated with your Project. These stored outputs contain the AI's analysis text — they do not contain raw records from your database. You may delete stored AI scan results at any time from your Project settings.

No AI model training on your data. Tellus does not use data from your Connected Databases to train, fine-tune, or evaluate any machine learning or AI model operated by Tellus. Data transmitted to third-party LLM providers is subject solely to those providers' policies regarding training data use.

Tellus does not sell, rent, or trade personal data to any third party. Disclosure of your data to external parties occurs only in the specific circumstances described in this section.

Infrastructure and service providers. Tellus uses a limited number of third-party infrastructure providers to operate the Platform. These providers process data only as instructed by Tellus, under contractual confidentiality obligations, and for the specific purpose of enabling Tellus to provide the Platform. They are not permitted to use your data for their own purposes. Categories of providers include cloud database and compute infrastructure, authentication services, payment processing, and in-memory caching services used for the transient query result cache and rate limiting described elsewhere in this Policy.

LLM providers (AI features only). As described in §7, schema metadata and limited sample records are transmitted to third-party LLM providers when you invoke AI features. This transmission occurs only upon your explicit action and only for the data associated with the specific Project and tables you are analysing.

Legal requirements. Tellus may disclose account information and usage data if required to do so by a valid and lawful legal process, including subpoenas, court orders, or government requests from authorities with jurisdiction. Where legally permitted, Tellus will notify you of such requests before disclosure. Tellus will not disclose data in response to requests that it believes to be unlawful.

Protection of rights. Tellus may disclose data where it believes in good faith that such disclosure is necessary to: protect the safety or security of any person; prevent fraud or abuse of the Platform; enforce the Tellus Terms of Service; or protect the legal rights or property of Tellus.

Business transfers. If Tellus undergoes a merger, acquisition, reorganisation, or sale of all or substantially all of its assets, user data may be transferred as part of that transaction. Tellus will notify affected users by email and through a notice on the Platform at least 30 days before any such transfer takes effect, and will describe any changes to the data handling practices that result from the transaction.

Tellus retains different categories of data for different periods, based on their purpose and applicable legal or contractual obligations.

Account and profile data is retained for the duration of your account's active life and for 30 days following account deletion, after which it is permanently purged. The 30-day window allows for account recovery in the event of accidental deletion.

Project configuration and encrypted Credentials are deleted immediately and permanently upon Project deletion. There is no grace period or recovery window for Credential data following Project deletion.

Schema cache is retained for the life of the associated Project and is deleted upon Project deletion.

AI scan results are retained until you explicitly delete them from your Project settings, or until the Project is deleted. There is no automatic expiry for AI scan results during the life of a Project.

Operational logs — API access logs, error logs, and security audit logs — are retained for a rolling 90-day window and are automatically deleted thereafter.

Transient query result cache expires automatically within seconds to a few minutes and is never written to persistent storage.

Billing records are retained for seven years from the date of the transaction, in accordance with statutory accounting and tax obligations. You may request a copy of your billing history at any time by contacting support@tellusplatform.site.

Requesting deletion. To request deletion of your account and all associated data, you may use the account deletion feature in your account settings or contact privacy@tellusplatform.site. Account deletion is permanent. It does not affect data held in your Connected Databases — those remain under your full control and are not modified by the deletion of your Tellus account.

The Tellus Platform integrates with and depends on a number of third-party services. This section identifies the categories of third-party services involved and describes their role in relation to your data.

Cloud infrastructure. The Platform's backend infrastructure — including databases that store your account, project, schema, and AI scan data — is hosted on managed cloud infrastructure provided by third parties. These providers store data in encrypted form and are bound by data processing agreements with Tellus. Their data handling practices are governed by their respective privacy policies and applicable data protection law.

Authentication services. User authentication — including account registration, login, and session management — is handled through a third-party authentication provider. This provider processes your email address and password hash for the purpose of verifying your identity. It does not have access to your Project data or Credentials.

Payment processing. If you subscribe to a paid plan, payment processing is handled by a third-party payment processor. Tellus does not store or have access to full payment card numbers, CVVs, or bank account details. The payment processor receives your billing information and payment details directly and is responsible for the security of that information under applicable financial regulations.

In-memory caching. A third-party serverless caching service is used to support the transient query result cache and the Platform's rate limiting system. This service holds short-lived, expiring data only — it does not store persistent user data. Cached query results are subject to the transient retention described in §9.

Large language model providers. As described in §7, third-party LLM APIs are used to power AI features. These providers receive schema metadata and limited sample records when AI features are invoked. They are not subprocessors in the traditional sense — they receive data as part of a prompt and generate a response, operating under their own independent terms of service.

Your Connected Database providers. The external database providers you connect to the Platform — MySQL hosting providers, MongoDB Atlas, Firebase/Firestore, Neon, self-hosted databases, and others — are entirely independent third-party services. Tellus interacts with them on your behalf but does not control their infrastructure or data handling. Your relationship with these providers is governed exclusively by your agreements with them.

Tellus implements a set of technical and organisational measures designed to protect the data processed by the Platform. These measures are subject to periodic review and update as the threat landscape and best practices evolve.

Encryption at rest. All persistent data stored by the Platform — including account data, Project configuration, encrypted Credentials, schema cache, and AI scan results — is encrypted at rest using AES-256 encryption. Encryption keys are managed through a dedicated key management service with restricted access controls.

Encryption in transit. All data transmitted between your browser and the Platform, and between the Platform's backend services and your Connected Databases, is encrypted using TLS 1.2 or higher. Unencrypted connections are not accepted by any Platform endpoint.

Authentication and authorisation. Every operation on the Platform requires a valid authenticated session, verified using a signed JSON Web Token. Access to specific Projects and Workspaces is checked against a role-based access control model on every operation. Requests from users without the required access level are rejected with an appropriate error response.

Rate limiting. Platform operations are rate-limited per user to protect against automated abuse and to prevent excessive load on Connected Databases. Rate limits are applied on a sliding window basis and vary by operation type — lighter limits apply to standard read operations and tighter limits apply to resource-intensive operations such as AI scans. Users who exceed rate limits receive an appropriate error response and a retry guidance.

Credential isolation. As described in §4, database Credentials are never returned to the browser or transmitted to any party other than the Connected Database. They are accessible only through the server-side operation handling layer, under authenticated and access-controlled conditions.

Vulnerability disclosure. If you discover a security vulnerability in the Tellus Platform, we ask that you report it responsibly by emailing security@tellusplatform.site before public disclosure. We are committed to acknowledging reports within 48 hours, investigating them promptly, and communicating our remediation timeline to the reporter.

Limitations. No security system is infallible. While Tellus implements the measures described above and continuously works to improve them, we cannot guarantee that the Platform will never be subject to a security incident. In the event of a breach affecting your data, Tellus will notify you as required by applicable law and will provide information about the nature of the incident and the steps being taken to address it.

Depending on your jurisdiction, you may have a range of rights with respect to your personal data. Tellus is committed to respecting and facilitating the exercise of these rights. This section describes what rights may be available to you and how to exercise them.

Right of access. You may request a copy of the personal data that Tellus holds about you. This includes your account information, Project configuration metadata, and any other data in our systems associated with your account. It does not include data in your Connected Databases, which are under your own control.

Right to rectification. If the personal data we hold about you is inaccurate or incomplete, you may request that it be corrected. For most account information, you can make corrections directly through your account settings without contacting us.

Right to erasure. You may request deletion of your Tellus account and all associated personal data. As described in §9, account deletion is permanent. Billing records are subject to statutory retention requirements and may be retained for up to seven years notwithstanding an erasure request.

Right to data portability. You may request your account data in a structured, machine-readable format. We will provide an export of your account profile, Project configuration metadata, and AI scan results within 30 days of a verified request.

Right to object. You may object to the use of your data for purposes beyond Platform operation — specifically, the use of aggregated usage data for product improvement purposes described in §6. To opt out of this use, contact privacy@tellusplatform.site.

Rights related to AI features. The transmission of data to third-party LLM providers is an action you initiate explicitly by invoking AI features. You may exercise your right to restrict this transmission simply by not using AI features. There is no background data transmission to LLM providers and no opt-out mechanism is needed beyond choosing not to invoke those features.

How to exercise your rights. To exercise any of the rights described above, contact privacy@tellusplatform.site with a description of the right you wish to exercise and, where applicable, what data the request relates to. We will respond within 30 days. We may ask you to verify your identity before processing certain requests.

The Platform is not directed at and is not intended for use by individuals under the age of 16, or under the age of majority in the jurisdiction where they reside, whichever is higher. Tellus does not knowingly collect personal data from children. If you are a parent or guardian and believe that a child in your care has provided personal data to Tellus, please contact privacy@tellusplatform.site and we will take steps to delete that data promptly.

If Tellus becomes aware that it has inadvertently collected personal data from a child without appropriate parental consent, we will take immediate steps to delete that information from our systems.

Tellus's infrastructure is hosted in specific geographic regions, and your data may be processed in a country different from the one in which you are located. In such cases, Tellus relies on lawful transfer mechanisms recognised by applicable data protection law — such as standard contractual clauses, adequacy decisions, or other approved transfer frameworks — to ensure that your data receives an appropriate level of protection regardless of where it is processed.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, and your data is transferred to a country that has not been deemed to provide an adequate level of data protection, Tellus will ensure that appropriate safeguards are in place as required by GDPR or the applicable UK or Swiss equivalent. You may contact privacy@tellusplatform.site to request information about the specific transfer mechanisms applicable to your data.

If you are subject to data residency requirements that restrict where your data may be processed, you are responsible for evaluating whether the Platform's infrastructure regions meet those requirements before connecting databases that contain regulated data.

The Platform uses a minimal set of cookies and similar technologies strictly necessary for its operation. We do not use advertising cookies, tracking pixels, or third-party analytics tools for the purpose of profiling users or enabling targeted advertising.

Authentication cookies. A session cookie is used to maintain your authenticated session after login. This cookie is essential to the Platform's operation — without it, you would need to log in on every page navigation. This cookie is a first-party, HttpOnly, Secure cookie and is not accessible to JavaScript. It expires when you log out or when your session naturally expires.

Preference and state cookies. The Platform may set cookies or use browser local storage to remember your in-application preferences — such as display settings, last-viewed Project, or UI state. These are first-party only and are used solely to improve your experience within the Platform. They do not track behaviour across other websites.

No third-party tracking. Tellus does not embed third-party tracking scripts — including Google Analytics, Meta Pixel, or similar tools — in the Platform. No cross-site tracking of any kind is performed. Your activity within the Platform is not shared with advertising networks or used to build behavioural profiles for commercial purposes.

Cookie management. You may configure your browser to reject or delete cookies, though doing so will prevent you from maintaining a logged-in session in the Platform. As Tellus does not use non-essential cookies, there is no cookie consent banner or preference centre — the only cookies present are those strictly necessary for authentication and basic functionality.

Tellus may update this Privacy Policy when the Platform's data practices change materially — for example, when a new category of data is collected, when a new third-party provider is engaged, or when data is used for a new purpose. Material changes will be communicated by email to the address associated with your account and by a prominent notice on the Platform, provided at least 14 days before the changes take effect.

The revision date at the top of this page reflects the date this Policy was last updated. If you continue to use the Platform after a revised Policy takes effect, you accept the updated terms. If you do not agree to the revised Policy, you must discontinue your use of the Platform and request account deletion in accordance with §9. For minor, non-material changes — such as typographical corrections or clarifications that do not alter the substance of our data practices — Tellus may update this Policy without advance notice, though the revision date will always reflect any change.

For privacy enquiries, requests to exercise your rights, or reports of suspected privacy violations, please contact Tellus using the following channels.

Privacy enquiries and rights requests:
privacy@tellusplatform.site

Security vulnerability disclosure:
security@tellusplatform.site

Billing and account support:
support@tellusplatform.site

Website:
tellusplatform.site

Tellus  ·  Privacy Policy v2.0  ·  Effective April 15, 2026  ·  tellusplatform.site