Privacy Policy

Effective date: 1 March 2026

1. Who We Are

DBMN.io ("we", "us", "our") operates the Dobermann VS Code extension and the dbmn.io website. This policy explains what data we collect, why, and how we protect it.

2. What We Collect

Registration Data

When you create an account, we collect:

Email address
Display name
Company name (optional)
Role and experience level (from registration questionnaire)

Usage Data

The extension reports aggregate usage counters to track product health and enforce licence limits. For a complete breakdown, see our Data Transparency page.

API call counts, batch counts, records processed, export/import counts (per week)
Approved Environment URLs you connect to
Extension version, VS Code version, OS platform

Payment Data

Payment processing is handled by Stripe. We do not store credit card numbers, CVVs, or full payment details. We receive only a Stripe customer ID and subscription status.

            What we never collect:
            API request or response bodies
Authentication tokens or credentials
CSV, JSON, or Excel file contents
User data from your configured API environments
Endpoint URLs, headers, or body templates

        

If your organisation requires zero telemetry, contact us at hello@dbmn.io.

3. How We Use Your Data

Authentication — Verify your identity and manage sessions
Licence enforcement — Apply correct feature access based on your licence
Product improvement — Understand which features are used to guide development
Support — Diagnose issues when you contact us
Billing — Process payments and manage subscriptions

We do not sell your data. We do not share your data with third parties except as required for service operation (Supabase for backend, Stripe for payments).

4. Data Storage & Security

Dobermann uses three local storage layers for your API data and one cloud layer for licence management. Your API data never leaves your machine.

4a. Credentials — VS Code SecretStorage API

Environment tokens, OAuth tokens, and session credentials are stored via VS Code's SecretStorage API. This uses your OS-level credential manager (macOS Keychain, Windows Credential Manager, or Linux libsecret). Credentials are encrypted at rest by the operating system and never touch our servers.

4b. Execution History — Local SQLite Database

A SQLite database (.active8/executions.db) ships as part of the extension and stores execution history and batch run metadata (status, record counts, timestamps). It lives entirely on your machine.

4c. Transaction Files — Local File Storage

Every transaction produces request, response, and log files saved to .active8/results/ in your workspace. Files are standard JSON — fully visible, diffable, and exportable.

            Your API data never leaves your machine. Every request, response, and log file is saved locally in your workspace as plain JSON files. You can inspect, diff, and audit every transaction Dobermann executes. Nothing is sent to our servers.
        

4d. Cloud (Supabase) — Licence & Telemetry Only

Supabase (PostgreSQL on AWS) stores only licence management data and telemetry counters. We use:

Row-Level Security (RLS) policies to ensure users can only access their own data
Encrypted connections (TLS) for all data in transit
Supabase Auth with JWT tokens for session management

No API data, credentials, or transaction content is stored in the cloud.

5. Data Retention

Account data — Retained while your account is active. Deleted within 30 days of account deletion request.
Usage tracking — Weekly counters retained for 12 months, then aggregated and anonymised.
Telemetry events — Daily aggregates retained for 12 months, then deleted.
Payment records — Retained as required by tax and financial regulations.

6. Your Rights

You have the right to:

Access — Request a copy of all data we hold about you
Correction — Update inaccurate information via your account page
Deletion — Request deletion of your account and associated data
Export — Receive your data in a portable format
Objection — Object to specific data processing activities

To exercise any of these rights, contact us at hello@dbmn.io.

7. Cookies

The dbmn.io website uses only essential cookies required for authentication (Supabase session tokens). We do not use advertising cookies, analytics trackers, or third-party tracking scripts.

8. Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Effective date" at the top reflects the latest version.

10. Contact

Questions about privacy? Contact us at hello@dbmn.io.