Privacy policy

SQLWATCH LTD. Privacy Policy
Updated Effective Date: January 22, 2024

 

1. Preamble

This Privacy Policy explains and describes the collection, use, processing, storage, and disclosure of personal information by SQLWATCH LTD (“SQLWATCH”), a company registered in England and Wales.

This Privacy Policy is part of the SQLWATCH Terms of Use (“Terms”).

Our Privacy Policy applies to all websites on which SQLWATCH operates. These include https://sqlwatch.io, https://sqlwatch.cloud, https://my-sqlwatch.cloud, and all other subdomains (collectively, the “Websites”).

Our Privacy Policy also applies to all products, information, and services provided through the Websites, including without limitation the SQLWATCH Open-Source Monitoring Framework, SQLWATCH Data Collector Module and the SQLWATCH Cloud (referred to hereafter as “SQLWATCH Products” or “Products”).

By accessing or using any of the SQLWATCH Products or the Websites, you acknowledge, accept, and agree to the practices described in this SQLWATCH Privacy Policy.

Please note that this Privacy Policy does not apply to any third-party websites, services, products, applications, and the contents used within these third-party systems, even if these third-party websites are accessible through our Websites or SQLWATCH Products. See Section 12 below for more information.

2. Our Principles

SQLWATCH has designed this Privacy Policy to be consistent with our core company principles:

We are DBAs and understand the risks associated with data collection and privacy. Privacy policies should be transparent and easy to understand.

Data collection, storage, and processing should be simplified as much as possible to enhance security, ensure consistency, and make our data processing and privacy practices easy for users to understand.

We always endeavour to collect the least amount of personal data and information possible.

We comply with key data protection laws and privacy standards such as GDPR and CCPA.

We do not sell your data or information. We designed SQLWATCH products to help you monitor your SQL Servers and not to harvest your data for profit.

Any personal data or information we collect is protected using best practice security measures, and we only collect the minimum amount of information required to provide the service. In most cases, we use trusted partners that deal with authentication and payments.

Key takeaways:

  • Your Data will be stored in the exact geographical location as you / your customers are.
  • Your Data will be stored in your dedicated and isolated workspace. It will never be mixed with any other customer or any other data. 
  • We physically don’t store personal data except email addresses and names required to log in to the Cloud application. 
  • We use Microsoft Entra as an authentication provider, so we don’t have to store passwords. You simply authenticate with your existing Entra credentials.
  • We use Stripe for payments; they handle and store payment details, but we don’t.
  • We don’t collect any user data from any database. We collect server names, database names and system object names. We may collect table names as part of index analysis, but we do not and never will, collect any user data from user tables. Most data collection is limited to Dynamic Management Views (DMVs) and extended event sessions.
  • For compliance reasons, we don’t collect queries or execution plans, as these could contain PII data (Personally Identifiable Information) in WHERE clauses, CASE statements, etc. (for example: WHERE national_insurance_number = ‘123ABC’) However, some of that information may end up in error logs and events logs, which we may collect. For example, during a crash, the SQL Server may dump memory and running queries, and the deadlock monitor may also dump deadlocked queries into the event log. This is a standard behaviour of SQL Server, which is beyond our control. Therefore, if we collect event and error logs, we may also collect some of that information. 

3. What personal information do we collect?

We collect any personal information that you give us.

In this Privacy Policy, we use the terms “personal data” and “personal information” interchangeably. Under CCPA, “personal information” means information that can identify, relate to, describe, be associated with, or be reasonably capable of being associated with a particular consumer or household. Under GDPR, “personal data” means any information relating to an identified or identifiable natural person.

For example, we collect personal information about you when you:

  • Sign up or register for one of our products or services.
  • Create an account.
  • Utilize interactive features of our Website or Products.
  • Fill out a Website form.
  • Give us feedback, ideas, or submissions about any of our Products.
  • Communicate with us through third-party social media sites.
  • Request technical support.
  • Register for white papers, web seminars, and other events we host.
  • Use our online forum or slack channel
  • Otherwise communicate with us through our Websites, SQLWATCH Products, or any other means.
  • 4. How do we collect and use your personal information?

SQLWATCH collects and uses personal information in the following ways:

Website and Analytics: When you visit our Websites or use our Products, SQLWATCH collects some information about your activities through specific website analytics tools. The type of information that we collect includes general information such as the country or city where you are located and the pages visited, time spent on pages, a heat map of visitors’ activity on the Website, and information about the browser you are using. SQLWATCH collects and uses this information to pursue our legitimate interest in enhancing the security and utility of our Website and Products.

Information from Cookies: We and our service providers may collect information using cookies or similar technologies for any legitimate data collection purposes described in this Privacy Policy. Cookies are information stored by your browser on the hard drive or memory of your computer or other Internet access devices. Cookies may enable us to personalize your experience on the Website, maintain a persistent session, passively collect demographic information about your computer, and monitor advertisements and other activities. The Websites may use different kinds of cookies and other types of local storage (such as browser-based or plugin-based local storage). For further information about how cookies work, please visit allaboutcookies.org.

When you use and access the Website or the SQLWATCH Cloud Product, we ask you to accept our cookie policy. You may be asked to accept our Cookie Policy on our Website and the Cloud Product. Most often, once we identify your use of either the Website or SQLWATCH Cloud Product, your acceptance of the Cookie policy will apply to your use of both of these two SQLWATCH systems. When you accept our Cookie Policy, you also consent to SQLWATCH’s collection of relevant information and data about your computer or device, which may be considered “personal information”. You can set your browser not to accept cookies, and the allaboutcookies.org website tells you how to remove cookies from your browser. However, in a few cases, the SQLWATCH Products may not work. In addition, Websites’ features may not function efficiently or correctly.

SQLWATCH Cloud: When you sign up to any of our services, e.g. User Forum, Cloud, SQLWATCH is granted access to personal information in the user profile of the authentication provider you choose (e.g. Microsoft Entra, GitHub) in order to authenticate you. SQLWATCH collects and uses this personal information according to its legitimate interest in setting up and maintaining your account and providing you with the features we provide all other registered users of the SQLWATCH Cloud Product. We may use your email address to contact you regarding changes to this Privacy Policy or to our Terms of Use. The profile login name or email address may be used to connect and associate you with any Content you submit to our Websites, or to your use of our Websites or products.

By using the SQLWATCH Cloud Products, you are agreeing to allow SQLWATCH to send you communications about our Products, but you will have the ability to opt-out of receiving marketing emails.

Emails and Newsletters: When you sign up to receive Product updates from SQLWATCH, sign up for the SQLWATCH Cloud Product, or otherwise voluntarily subscribe to one of our mailing lists, you will be asked to provide some very limited personal information. SQLWATCH collects and uses this personal information for the sole purpose of providing you with relevant Product news and updates. All bulk email communications from SQLWATCH include links to unsubscribe from our mailing lists. If you opt out and continue to use SQLWATCH Products, we may still send you non-promotional communications, including those relating to your current SQLWATCH accounts or your use of the SQLWATCH Products.

Email Analytics: When you receive communications from SQLWATCH after signing up for and consenting to receive the SQLWATCH newsletter, campaign updates, or other ongoing email communications from SQLWATCH, we may use analytics to track whether you open the mail, click on the links, and otherwise interact with the materials we send you. You may opt out of this tracking by indicating that you no longer wish to receive the newsletter, campaign updates, or other ongoing email communications from SQLWATCH and using this link: Unsubscribe. SQLWATCH collects and uses this personal information pursuant to its legitimate interest to understand the interests of its users, supporters, and volunteer community in order to provide more relevant news and updates.

Opting out of SQLWATCH marketing communications does not mean we will discontinue sending you SQLWATCH Product-related emails, which include information about updates, new releases, support, and other relevant information for SQLWATCH Product users.

Other Voluntarily Provided Information: When you provide feedback to SQLWATCH or otherwise submit personal information to SQLWATCH, SQLWATCH collects and uses this personal information pursuant to its legitimate interest to better understand our user community and in furtherance of the particular program or activity to which you provided your feedback or other input.

Third-Party Sources: We may obtain personal information about you from other sources and combine that with information we collect through your access and use of our Websites and Products. For example, if you create or log into your account through a site like Google.com or GitHub.com, we may have access to certain information about you from those sites, such as your name, log-in credentials, account information, and other information in accordance with the authorization procedures and privacy policies determined by those third-party websites. We may add this information to the information we have already collected from you by way of our Website in order to improve the products and services we provide you and our user community. Through GitHub in particular, we may collect information provided by the GitHub API about people who have starred, follow, or comment on our open-source products.

5. How do we store your personal information?

We collect, process, and store personal information (including user email addresses provided when you access the SQLWATCH Cloud Product or when you provide us personal information on our Website) in secure systems hosted by reputable third parties that provide cloud services to SQLWATCH, subject to specific written data processing obligations that are consistent with applicable regulations and law. These data processing obligations expressly prevent these third parties from using personal information we lawfully collect, process, and store except to provide SQLWATCH services we have requested, and for no other purpose.

SQLWATCH stores this personal information in secure third-party cloud environments pursuant to its legitimate interest in being able to identify you when we provide you access to our Products and Website, and to enhance the security of the personal information we collect.

6. Access to Your Personal Information

You are generally entitled to access personal information that SQLWATCH holds and to have inaccurate data corrected or removed to the extent SQLWATCH still maintains it. In certain circumstances, you also may have the right to object for legitimate reasons to the processing or transfer of personal information. If you wish to exercise any of these rights, please write to [email protected] explaining your request.

See Sections 14 and 15 below entitled “CCPA Practices” and “GDPR Practices” respectively for additional information about exercising your rights to control your personal information and data.

7. Disclosure of Your Personal Information

SQLWATCH does not disclose personal information to third parties except as such disclosure is reasonably necessary to (a) provide you the full functionality of SQLWATCH Products; (b) secure personal information we collect; (c) take action regarding suspected illegal activities; (d) enforce or apply our Terms and this Privacy Policy; (e) enforce our Acceptable Use Policy, including our Code of Conduct, or (f) comply with legal processes, such as a search warrant, subpoena, statute, or court order (including Compelled Disclosure, see below).

Compelled Disclosures: We may disclose your personal information to government or law enforcement officials or to private parties as we, in our sole discretion, believe necessary or appropriate to:

  • Respond to claims and/or legal process (including subpoenas).
  • Protect the property and/or rights of SQLWATCH or any third party.
  • Protect the safety of the public or any person.
  • Prevent or stop any illegal, unethical, or legally actionable activity.
  • Comply with applicable law or regulation.
  • Respond to any lawful request by public authorities, including, without limitation, to meet national security or law enforcement requirements.

Finally, we may share personal information with your consent or at your direction, including if we notify you through any of our Website or Products that the information you provide will be shared in a particular manner, and you choose to provide such information.

8. How we secure your personal information.

SQLWATCH has implemented reasonable physical, technical, and organizational security measures to protect and safeguard personal information that SQLWATCH processes against accidental or unlawful destruction, or accidental loss, alteration, unauthorized disclosure, or access, in compliance with applicable law. However, no product or service can fully eliminate security risks. If any data breach occurs, we will post a reasonably prominent notice to the Websites and comply with all other applicable data privacy requirements including, when required, personal notice to you if you have provided and we have maintained an email address for you.

Our Security Practices: SQLWATCH maintains information security policies, procedures, and controls governing the processing, storage, transmission, and security of personal information processed by our Website and SQLWATCH Products. SQLWATCH has also implemented and will maintain appropriate technical security measures, internal controls, and information security routines designed to protect personal information processed by our Website and SQLWATCH Products against unauthorized access, acquisition, use, disclosure, or destruction. SQLWATCH has further implemented and will maintain appropriate physical security measures designed to protect the tangible items that comprise physical computer systems and networks that store and process personal data through our Website and SQLWATCH Products, including servers and devices. SQLWATCH has additionally implemented and will maintain appropriate organizational security measures designed to protect personal data processed by our Website and SQLWATCH Products against unauthorized access, acquisition, use, disclosure, or destruction.

SQLWATCH informs its employees about relevant security procedures and their respective roles, including an annual mandatory security awareness training that addresses such employees’ rights to access personal information (if any), and informing such employees of their obligations and the consequences of violating such obligations.

9. Children

Our Websites and SQLWATCH Products are not designed for use by or directed at children under the age of 13. Consistent with the U.S. Children’s Online Privacy Protection Act of 1998 (“COPPA”), we will never knowingly request personal information from anyone under the age of 13 without requiring parental consent. Our Terms specifically prohibit anyone using the SQLWATCH Products or Websites from submitting any personally identifiable information about persons under 13 years of age.

Any person who provides their personal information to SQLWATCH through the SQLWATCH Products and Services represents that they are 13 years of age or older.

If you are under 13, please do not attempt to use the SQLWATCH Products or Websites or send any personal information about yourself to us. If we learn that we have collected personal information from a child under age 13, we will delete that information as quickly as possible.

10. Third-Party Service Providers

SQLWATCH uses a number of third-party service providers in connection with our Website and Products, including website cloud hosting services, database management, payments and others. Some of these service providers may place session cookies on your computer, and they may collect and store your personal information on our behalf in accordance with the data practices and purposes explained in this Privacy Policy.

11. Third-Party Sites

Our Websites or our Products may provide links to a wide variety of third-party websites. You should consult and review the respective privacy policies of these third-party websites. This Privacy Policy does not apply to, and we cannot control the activities of, such other websites. This Privacy Policy does not apply to the privacy practices of any companies we don’t own or control, any persons we don’t manage, or any third-party website, software, or service that we don’t control (including, with respect to our extensions and integrations, the underlying third-party software).

If you choose to visit another website by clicking on a hyperlink or otherwise, you will be directed to that third party’s website. The fact that we link to a website is not an endorsement, authorization, or representation of our affiliation with that third party. We do not exercise control over third-party websites. These other websites may place their cookies or other files on your computer, collect your data, or solicit personal information from you. This Privacy Policy only addresses the use and disclosure of information that we collect from you through our Websites and Products. Other websites may follow different rules regarding the use or disclosure of the information you submit to them. We encourage you to read the privacy policies or statements of other websites you visit before providing your information to them.

12. Transferring Data to Other Countries

If you are accessing or using the Websites or our Products in regions with laws governing data collection, processing, transfer, and use, please note that when we use and share your data as specified in this Privacy Policy, we may transfer your personal information to recipients in countries other than the country in which the personal information was originally collected. Those countries may not have the same data protection laws as the country in which you initially provided the information.

Personal data transferred from the EEA (including the European Union) to the United States or outside the European Union to locations that are not deemed to have maintained adequate levels of data protection, will be made on the grounds of a data processing agreement based on the EU Standard Contractual Clauses which are approved by the European Commission, consistent with applicable data privacy requirements.

13. Changes to this Privacy Policy

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this Privacy Policy, adding a statement to our homepage, by sending you an email, and/or by some other means. Please note that if you’ve opted not to receive legal notice emails from us (or you haven’t provided us with your email address), those legal notices will still govern your use of our Website and Products, and you are still responsible for reading and understanding them. If you use our Website and Products after any changes to the Privacy Policy have been posted, that means you agree to all of the changes. We encourage you to review this Privacy Policy periodically to stay informed about our practices.

Under CCPA, we are obligated to review and update our Privacy Policy annually, and we intend to comply with that requirement.

14. CCPA Practices

These additional disclosures for California residents (e.g. “consumers”) apply only to individuals who reside in California. The California Consumer Privacy Act of 2018 (“CCPA”) provides additional rights to know, delete and opt out, and requires businesses collecting or disclosing Personal Information to provide notice of rights California residents have and can exercise.

California Notice of Collection: We have collected Personal Information corresponding to the following categories of information enumerated in the CCPA.

Identifiers, including name, address, email address, account name, IP address, and an ID number assigned to your account.

Analytics and Advertising, including engagements with our Website and Products.

Internet activity, including history of visiting and interacting with our Website and Products, browser type, browser language, and other information collected automatically.

Geolocation data, including location-enabled services such as WiFi and GPS.

For more information on what we collect, please review Section 3 above. We collect and use these categories of Personal Information for the business purposes described in Section 4 above.

We do not sell information as the term “sell” is traditionally understood. However, to the extent “sale” under the CCPA is interpreted to include advertising technology activities such as those disclosed in Section 4 entitled “How do we collect and use your personal information?”, we will comply with applicable law as to such activities.

SQLWATCH discloses the following categories of personal information for commercial purposes to its service providers and partners:

Commercial Information, User Records, Demographic Data, Location Data, Identifiers, Inferences, Internet activity

We use and partner with different types of entities to assist with our daily operations and manage the SQLWATCH Products and Website. Please review Sections 4, 10, and 11 for more detail about the parties with whom we share information.

Right to Know and Delete: If you are a California resident, you have the right to know certain information about our data practices in the preceding 12 months. In particular, you have the right to request the following from us:

The categories of Personal Information we have collected about you.

The categories of sources from which the Personal Information was collected.

The categories of Personal Information about you that we disclosed for a business purpose or sold.

The categories of third parties to whom the Personal Information was disclosed for a business purpose or sold.

The business or commercial purpose for collecting or selling the Personal Information.

The specific pieces of Personal Information we have collected about you.

In addition, you have the right to delete the Personal Information we have collected from you. However, this is not an absolute right, and we may have legal grounds for keeping such data.

To exercise any of these rights, please submit a request to [email protected].

In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete.

Authorized Agent: You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly.

Right to Non-Discrimination: You have the right to non-discriminatory treatment by SQLWATCH should you exercise any of your rights.

15. GDPR Practices

Data Sub-processor: If you are a SQLWATCH Website or Cloud Product user, SQLWATCH and Third Party Service Providers act as your data sub-processors. SQLWATCH primarily processes and stores your personal data on servers located and operated within the United Kingdom. If you reside or are located outside of the UK, we may send to and store your personal data in the UK to provide and operate the SQLWATCH Cloud platform. If your personal data that is being processed by SQLWATCH is subject to the EU General Data Protection Regulation (“GDPR”), we shall maintain an adequate level of protection of the personal data transferred outside the EEA, either by us and/or Third Party Service Providers, in accordance with applicable laws, in particular by way executed Standard Contractual Clauses approved by the European Commission.

If you wish to exercise any of your privacy rights under GDPR, or if you need further information regarding those privacy rights, please contact us at [email protected].

Data Controller: In limited circumstances, where SQLWATCH processes your personal information as a data controller, you are entitled to exercise certain privacy rights under specific circumstances. These rights include:

Right of access, Right to rectification, Right to erasure (Right to be forgotten), Right of restriction of processing, Right to data portability, Right to object

Automated individual decision-making, including profiling

16. Notices

All notices under this Privacy Policy shall be sent to the following SQLWATCH contacts:

[email protected][email protected]

SQLWATCH Club Chambers, Museum Street, York, YO1 7DN, United Kingdom.