Privacy Policy

Last Updated: November 25, 2025

1. Introduction

Pylar ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using Pylar, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, you may not use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Company name and job title (if provided)
  • Password (stored in encrypted form)
  • Billing information (processed through secure payment processors)

2.2 Data Source Connection Information

To connect your data sources, we collect and store:

  • Database connection credentials (host, port, username, encrypted passwords)
  • API keys and authentication tokens for business applications
  • Connection names and configuration settings
  • Schema metadata and table structures for querying

Important: For databases and data warehouses, your actual data remains in its original location. We only index metadata to enable querying. For business applications, data may be synced to Pylar's infrastructure for optimized querying.

2.3 Content You Create

We store content you create using the Service, including:

  • SQL views and queries
  • MCP tool definitions and configurations
  • Project organization and settings
  • Access control rules and permissions

2.4 Usage and Analytics Data

We automatically collect information about how you use the Service:

  • Agent execution logs and query patterns
  • Tool usage statistics and performance metrics
  • Error logs and debugging information
  • Feature usage and interaction data
  • IP addresses and device information
  • Browser type and version

2.5 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Maintain your session and authenticate you
  • Remember your preferences and settings
  • Analyze Service usage and improve functionality
  • Provide personalized experiences

You can control cookies through your browser settings, but disabling cookies may limit your ability to use certain features of the Service.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process transactions and manage your account
  • Connect to and query your data sources as authorized
  • Generate and deploy MCP tools based on your SQL views
  • Monitor agent executions and provide analytics (Evals)
  • Send you service-related communications and updates
  • Respond to your inquiries and provide customer support
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our Terms
  • Conduct research and analytics to improve our Service

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

4.1 Service Providers

We may share information with third-party service providers who perform services on our behalf, such as:

  • Cloud hosting and infrastructure providers
  • Payment processors
  • Analytics and monitoring services
  • Customer support platforms

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities, such as:

  • Court orders or subpoenas
  • Government investigations
  • Legal proceedings
  • Compliance with applicable laws and regulations

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

4.4 With Your Consent

We may share your information with your explicit consent or at your direction.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: Data in transit is encrypted using TLS/SSL. Sensitive data at rest, including database credentials, is encrypted using industry-standard encryption algorithms.
  • Access Controls: We use role-based access controls and authentication mechanisms to limit access to your data to authorized personnel only.
  • Secure Storage: Credentials and sensitive information are stored in secure, encrypted storage systems (e.g., Google Cloud Secret Manager).
  • Network Security: Our infrastructure is protected by firewalls, intrusion detection systems, and regular security audits.
  • Regular Audits: We conduct regular security assessments and vulnerability testing.
  • Employee Training: Our team is trained on data security best practices and confidentiality requirements.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to:

  • Provide the Service to you
  • Comply with legal obligations
  • Resolve disputes and enforce our agreements
  • Maintain security and prevent fraud

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal or legitimate business purposes.

For databases and data warehouses, we retain only metadata and connection information. Your actual data remains in your infrastructure and is subject to your own retention policies.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

7.1 Access and Portability

You can access and download your account information and content through your account settings.

7.2 Correction and Updates

You can update your account information at any time through your account settings.

7.3 Deletion

You can delete your account and request deletion of your personal information by contacting us at privacy@pylar.ai. We will process your request in accordance with applicable law.

7.4 Opt-Out

You can opt out of marketing communications by clicking the unsubscribe link in our emails or by contacting us.

7.5 GDPR Rights (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent

To exercise these rights, please contact us at privacy@pylar.ai.

7.6 CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

8. Third-Party Services

The Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

When you connect third-party data sources (databases, SaaS applications), you are authorizing us to access those services on your behalf. Your use of third-party services is subject to their respective terms and privacy policies.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will take steps to delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

When we transfer data from the EEA to other countries, we use appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, to ensure your data is protected.

11. Compliance and Certifications

We are committed to maintaining high standards of data protection and are working toward compliance with:

  • GDPR: General Data Protection Regulation (EU)
  • CCPA: California Consumer Privacy Act
  • SOC 2: Security and availability controls
  • HIPAA: Health Insurance Portability and Accountability Act (for applicable use cases)

We regularly review and update our security practices to maintain compliance with applicable regulations.

12. Data Processing Addendum (DPA)

For Enterprise customers processing personal data subject to GDPR or other data protection laws, we offer a Data Processing Addendum (DPA) that outlines our responsibilities as a data processor. Please contact us at legal@pylar.ai to request a DPA.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending you an email notification (for significant changes)
  • Displaying a notice in the Service

Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: privacy@pylar.ai
Legal Email: legal@pylar.ai
Website: www.pylar.ai

For data protection inquiries from EU residents, you may also contact your local data protection authority.