SpiceDBLens Logo
SpiceDBLens
Privacy-First Approach

Privacy Policy

We believe in transparency. This policy explains exactly what data we collect, how we protect it, and your rights regarding your information.

Last updated: October 30, 2025

No IP Storage

We hash all IP addresses and never store the original

Optional Data

All personal info is optional - skip and still use the app

Local Storage

App data stays on your device - we can't access it

1

Introduction

SpiceDBLens ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and safeguard your information when you:

  • Visit our website at spicedblens.com
  • Download our desktop application
  • Use the SpiceDBLens desktop application
  • Subscribe to our newsletter or updates

Please read this privacy policy carefully. By using SpiceDBLens, you acknowledge that you have read and understood this policy.

Data Controller

SpiceDBLens is operated by Aiistic, Inc., which is the data controller responsible for your personal information.

Company: Aiistic, Inc.

Website: www.aiistic.com

Contact: legal@spicedblens.com

2

Information We Collect

2.1 Information You Voluntarily Provide

When you download SpiceDBLens, you may optionally choose to provide:

  • Email address - For product updates and communication
  • Name - To personalize communications
  • Company/Organization name - To understand our user base
  • Use case description - To improve features relevant to your needs
  • Referral source - To understand how you heard about us

Important

All of this information is completely optional. You can skip providing any information and still download and use SpiceDBLens without any restrictions or limitations.

2.2 Automatically Collected Information

Website Usage Data

  • Pages visited and time spent on pages
  • Browser type and version
  • Device type (desktop, mobile, tablet)
  • Referrer URL (website you came from)
  • General geographic location (country/region level only)

Download Tracking Data

  • Download timestamp and date
  • Operating system and platform (Windows, macOS, Linux)
  • Architecture (Intel, ARM, etc.)
  • Version of SpiceDBLens downloaded
  • Download completion status
  • Hashed IP address (see section 3 for details)
  • Approximate country/region (derived from IP, then discarded)

2.3 Desktop Application Data

The SpiceDBLens desktop application runs entirely on your local machine. We do not collect any data from within the application itself.

We do NOT collect:

  • Your SpiceDB connection details or credentials
  • Schema definitions or permissions data you work with
  • Queries you execute or test
  • Usage patterns within the application
  • Any files or configurations you create

The only network connections:

  • Direct connections to your SpiceDB instances (configured by you)
  • Optional update checks to our servers (can be disabled in settings)
3

Privacy Protection Measures

3.1 IP Address Hashing

We take your privacy seriously. We never store raw IP addresses. Here's our process:

  1. When you download SpiceDBLens, your IP address is temporarily processed
  2. We derive your country/region from the IP address
  3. The IP address is immediately hashed using SHA-256 with a salt
  4. The original IP address is discarded and never stored
  5. The hash is used only to prevent duplicate download counting

This hash cannot be reversed to obtain your original IP address, ensuring your anonymity while helping us maintain accurate statistics.

3.2 Data Minimization

We follow the principle of data minimization: we only collect data that is necessary for specific, legitimate purposes. We do not collect personal information "just in case" we might need it later.

3.3 Secure Storage

All data collected is stored securely using industry-standard practices:

  • Encrypted database connections (TLS/SSL)
  • Secure cloud infrastructure with regular security audits
  • Access controls limiting data access to essential personnel only
  • Regular backups with encryption at rest
4

How We Use Your Information

We use the collected information for the following purposes:

4.1 Product Improvement

  • Analyze which features are most used to prioritize development
  • Understand which platforms to prioritize for bug fixes and optimization
  • Identify usage patterns to improve user experience

4.2 Communication (Only with Your Consent)

  • Send release announcements for new versions
  • Notify you about important security updates
  • Share feature updates and improvements
  • Provide tips and best practices for using SpiceDBLens

Note: You can unsubscribe from these emails at any time using the link in any email we send.

4.3 Analytics and Statistics

  • Display public download counts on our website (aggregate numbers only)
  • Understand geographic distribution of our users (country level)
  • Track adoption trends over time
  • Measure the effectiveness of our documentation and resources

4.4 Legal Compliance

  • Comply with legal obligations and regulations
  • Respond to lawful requests from public authorities
  • Protect our rights and prevent fraud or abuse
5

Data Sharing and Disclosure

5.1 We Do Not Sell Your Data

We never sell, rent, or trade your personal information to third parties for marketing purposes. Your data is not a product we monetize.

5.2 Aggregate Data Sharing

We may publicly share aggregated, non-personally identifiable information, such as:

  • "SpiceDBLens has been downloaded 50,000 times"
  • "Our users are in 75 countries"
  • "60% of downloads are for macOS"

This data cannot be used to identify individual users.

5.3 Third-Party Service Providers

We use the following third-party services that may process your data:

ServicePurposeData Processed
VercelWebsite hosting and CDNWebsite traffic, IP addresses (logs)
Database ProviderSecure data storageDownload records, optional user info
GitHubBinary file hosting and distributionDownload requests (GitHub's own analytics)
StripeOptional donation processingPayment information (handled entirely by Stripe)
PostHog/PlausiblePrivacy-first website analyticsAnonymous usage patterns, no cookies

All third-party providers are carefully selected for their commitment to data privacy and security.

5.4 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal processes (subpoenas, court orders)
  • Requests from law enforcement or government agencies
  • Circumstances involving potential threats to safety
6

Cookies and Tracking Technologies

6.1 Essential Cookies

We use minimal cookies required for essential website functionality:

  • Session cookies - To maintain your browsing session
  • Preference cookies - To remember your settings (e.g., dismissed banners)

6.2 Analytics Cookies

We use privacy-first analytics tools (PostHog or Plausible) that:

  • Do not use tracking cookies
  • Do not track users across websites
  • Do not create user profiles
  • Are GDPR compliant by default

6.3 No Third-Party Advertising

We do not use third-party advertising cookies or any ad tracking technologies. We do not participate in ad networks or behavioral advertising.

7

Your Privacy Rights

7.1 European Union Users (GDPR)

If you are in the European Union, you have the following rights:

  • Right to Access - Request a copy of all personal data we hold about you
  • Right to Rectification - Request correction of inaccurate or incomplete data
  • Right to Erasure - Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction - Request limitation of processing in certain circumstances
  • Right to Data Portability - Receive your data in a portable, machine-readable format
  • Right to Object - Object to processing of your data for certain purposes
  • Right to Withdraw Consent - Withdraw consent at any time (without affecting prior processing)

7.2 California Users (CCPA/CPRA)

If you are a California resident, you have additional rights:

  • Right to Know - Request disclosure of data collection and sharing practices
  • Right to Delete - Request deletion of personal information
  • Right to Opt-Out - Opt-out of the "sale" of personal information (we don't sell data)
  • Right to Non-Discrimination - Equal service regardless of privacy choices

7.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

  • Email: legal@spicedblens.com
  • GitHub Issues: Open a privacy-related issue on our repository

We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

8

Data Retention

We retain different types of data for varying periods:

  • Download tracking data - Retained indefinitely for historical analytics (fully anonymized)
  • Optional user information - Retained until you request deletion or opt-out
  • Email addresses - Retained while you are subscribed; deleted immediately upon unsubscribe
  • Website analytics - Aggregated data retained indefinitely; individual session data for 14 months maximum

You can request deletion of your data at any time by contacting us.

9

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

We ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Data Processing Agreements with all third-party processors
  • Regular security and privacy assessments
10

Security Measures

We implement multiple layers of security to protect your information:

  • Encryption in transit - All data transmitted over HTTPS/TLS
  • Encryption at rest - Database encryption for stored data
  • Access controls - Role-based access with principle of least privilege
  • Regular security audits - Periodic reviews and penetration testing
  • Secure development practices - Code reviews, dependency scanning, automated testing

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11

Children's Privacy

SpiceDBLens is not intended for children under the age of 13 (or 16 in the European Union). We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete that information.

12

Do Not Track Signals

Some browsers have a "Do Not Track" feature that signals websites you visit that you do not want to be tracked. We respect DNT signals and do not track visitors who have DNT enabled.

13

Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.

When we make changes:

  • We will update the "Last updated" date at the top of this policy
  • For significant changes, we will provide prominent notice on our website
  • If you have provided an email address, we may notify you directly

We encourage you to review this policy periodically.

14

Contact Information

If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

Data Controller

Aiistic, Inc.

www.aiistic.com

Privacy Inquiries

legal@spicedblens.com

General Contact

hello@aiistic.com

15

Additional Resources

For more information about data privacy and your rights:

Questions About Your Privacy?

We're here to help. Reach out to us anytime with questions or to exercise your privacy rights.

Contact Privacy Team