Skip to content
Taavik
Open app
Legal

Privacy policy

How Taavik Srl processes personal data when you visit the website, when you use the workspace, and when the on-prem agent runs inside your network.

Last updated · 2026-05-22

1. Who we are

The data controller is Taavik Srl, Rimini, Italy. For any privacy related request, contact support@taavik.com.

2. What we collect

  • Account data. Name, work email, organization, and authentication identifiers.
  • Workspace operation data. Logical connection identifiers, agent registrations, heartbeat metadata, lease state, scan run history.
  • Catalog metadata. Schemas, tables, views, procedures, columns, indexes, relationships, sizes, approximate row count estimates, and version chains produced by scans.
  • Audit metadata for query runs. The rendered SQL, the variable values applied, who triggered the run, the connection, the row count, the duration, the truncation flag.
  • Support and communications. The content of the messages you send us.
  • Basic website telemetry. Request logs required to serve this site securely. See the cookies page.

3. What we explicitly do not collect

  • We do not receive customer database passwords or raw connection strings. The browser seals them with the agent public key. The agent opens them locally. The cloud only stores the sealed envelope.
  • We do not receive database row data from scans. Scans produce metadata only.
  • We do not execute arbitrary SQL from the cloud against your database. Query execution is initiated by your authorized users, capped per plan, and routed through the agent.

4. How we use it

We process personal data to provide the service: authenticate users, run the workspace, coordinate scans, keep the ordered snapshot history, dispatch alerts, respond to support requests, detect abuse, and meet legal obligations. We do not sell personal data and we do not use it for advertising.

5. Sharing and subprocessors

We share data only with vetted subprocessors when they are needed to deliver the service. The current list is in Subprocessors. Each provider is bound by a data processing agreement. We sign DPAs with customers on request and as standard on Enterprise.

6. Transfers and retention

Infrastructure is operated in the European Union. Where a transfer outside the EU or EEA is necessary, we rely on Standard Contractual Clauses or equivalent safeguards. Personal data is kept only as long as needed for the service, legal obligations, and a short post termination window for recovery.

7. Your rights

You may request access, rectification, deletion, restriction, portability, and object to certain processing. Write to support@taavik.com from the address associated with your account.

8. Cookies

This website uses only essential cookies and minimal preference storage. The product workspace uses session cookies required to keep you signed in. See Cookies for the list.

9. Security

Data in transit is encrypted with TLS 1.2 or higher. Database credentials are sealed in the browser before they leave it. The on-prem agent initiates connections outward only. Access to production systems is restricted, logged, and periodically reviewed.

10. Updates

We keep this page current. Material changes are announced in app or by email to account admins. The date at the top reflects the latest revision.