Privacy Policy
Last updated: November 4, 2025
Privacy at a Glance
You own your data
Your workspace data lives in your database, not ours
Anonymous analytics
We can't identify you from usage statistics
No data selling
Ever. Period. We never sell your information
Full control
Delete, export, or update your data anytime
At Bases, privacy isn't an afterthought—it's foundational to how we built our product. We believe you should own your data, understand what we collect, and have complete control over it.
By using our Service, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Information You Provide
- Account Information: Email address, name, password (encrypted)
- Database Connection Information: Connection strings, database credentials (encrypted at rest)
- Payment Information: Processed and stored by Stripe (we do not store card details)
- Support Communications: Messages sent through contact forms or email
1.2 Information We Collect Automatically
- Usage Data: Pages visited, features used, time spent, interactions
- Device Information: Browser type, operating system, IP address
- Analytics Data: Via Vercel Analytics (anonymized)
- Log Data: Error logs, access logs (retained for debugging)
1.3 Your Database Content
We operate on a "Bring Your Own Database" (BYOD) model. Your data remains in your PostgreSQL database. We access your database only:
- To provide the Service (read, write, update, delete operations you initiate)
- To display your data in the interface
- Never for analytics, marketing, or any other purpose
What we DON'T collect:
- Your user ID or email in analytics
- Table names or base names
- Record data or field values
- IP addresses (beyond temporary logging)
- Any personally identifiable information in analytics
Example: We can see "50 users applied the CRM template this week" but we can't see "John Smith applied the CRM template."
2. How We Use Your Information
We use collected information to:
- Provide, maintain, and improve the Service
- Process your transactions and manage subscriptions
- Send transactional emails (welcome, password reset, receipts)
- Respond to support requests and inquiries
- Monitor usage and detect technical issues
- Prevent fraud and abuse
- Comply with legal obligations
We do NOT use your information for:
- Selling or sharing with third parties for their marketing
- Training AI models
- Behavioral advertising
3. Data Sharing and Disclosure
We share your information only in these circumstances:
3.1 Service Providers
- Stripe: Payment processing (PCI-compliant)
- Resend: Transactional email delivery
- Vercel: Hosting and analytics
- Your Database Provider: Supabase, Neon, Railway, or your custom PostgreSQL host
3.2 Legal Requirements
We may disclose your information if required by law, court order, or government request, or to:
- Comply with legal obligations
- Protect our rights and property
- Prevent fraud or abuse
- Protect user safety
3.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any change in ownership.
4. Data Security
We implement security measures to protect your information:
- Encryption: Database connection strings encrypted at rest
- HTTPS: All data transmitted over secure connections
- Access Controls: Limited employee access to user data
- Regular Updates: Security patches applied promptly
- BYOD Model: Your database content stored in your infrastructure
However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
5. Your Rights (GDPR & CCPA)
You have the following rights regarding your personal data:
5.1 Access and Portability
Request a copy of your personal data in a structured, machine-readable format.
5.2 Correction
Update or correct inaccurate personal data through your account settings or by contacting us.
5.3 Deletion
Request deletion of your account and personal data. Note: This does NOT delete your database content, which remains in your own database.
5.4 Objection and Restriction
Object to certain processing of your data or request restriction of processing.
5.5 Withdraw Consent
Where we rely on consent, you can withdraw it at any time.
To exercise these rights, email us at: privacy@bases.sh
7. Data Retention
- Account Data: Retained while your account is active
- Usage Logs: Retained for 90 days
- Payment Records: Retained for 7 years (legal requirement)
- Database Content: Stored in YOUR database (under your control)
After account deletion, we retain minimal data for legal compliance (e.g., payment records for tax purposes).
8. International Data Transfers
Our Service is hosted on Vercel (US-based). If you access the Service from outside the US, your information may be transferred to, stored, and processed in the US.
We comply with GDPR requirements for international transfers through:
- Standard Contractual Clauses with service providers
- Your explicit consent to use the Service
9. Children's Privacy
Our Service is not intended for users under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.
10. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of material changes by:
- Updating the "Last updated" date
- Sending an email to your registered email address
- Posting a notice on our website
Your continued use of the Service after changes constitutes acceptance of the updated policy.
11. Contact Us
For questions about this privacy policy or to exercise your rights, contact us:
Email: privacy@bases.sh
Support: support@bases.sh