Legal · Privacy policy

Privacy policy

DBHost is a one-person managed PostgreSQL service operated from Norway. This page explains what personal data we collect, why we collect it, where it lives, and what rights you have. It pairs with our Data Processing Addendum (which covers the database contents you upload) and our Security policy.

Last updated: May 2026

What we collect

  • Account data: your email address (via Clerk, our identity provider) and payment details (via Stripe, our payment processor). We never see or store raw card numbers.
  • Database connection metadata: database names, region, plan, storage size, connection counts. We do not read the rows inside your databases.
  • Audit log: a record of dashboard and API actions you take (database created, backup triggered, key issued) so you and we can trace activity.
  • Cookies: essential session cookies set by Clerk, plus opt-in analytics cookies for product usage. You can manage analytics consent from the cookie banner.

Why we collect it

  • To operate the service: provision databases, run backups, bill you, send transactional email.
  • To send critical security notices (account changes, abnormal access patterns, breach notifications).
  • To prevent abuse and protect the platform from misuse.
  • To comply with tax, accounting, and legal obligations under Norwegian and EU law.

Where it’s stored

Primary data stores are in the EU: Vercel (Frankfurt, fra1), AWS Lightsail (Stockholm, eu-north-1), and AWS S3 (Stockholm, eu-north-1). A few sub-processors are US-based (Clerk, Stripe, Resend) and rely on EU Standard Contractual Clauses for the transfer.

The full list of sub-processors lives in our Data Processing Addendum.

How long we keep it

  • Account data: for the lifetime of your subscription, plus 90 days after cancellation so you can re-activate without re-onboarding.
  • Audit log: 12 months from the action timestamp, after which we redact the user identifier.
  • Backups: 30 days, enforced by an S3 lifecycle rule on the backup bucket.
  • Payment + invoice records: 7 years (Norwegian accounting law).

Your rights

Under GDPR you have the following rights, and DBHost honours them:

  • Access and export: download your audit activity as CSV from /settings/data.
  • Correction: edit your profile and email from the dashboard.
  • Deletion: email stian@dbhost.app. Our process and SLA are documented in the data-deletion runbook.
  • Portability: the audit CSV export above is machine-readable. Database contents are yours — take a backup from the dashboard at any time.
  • Objection / restriction: contact us and we will pause non-essential processing while we discuss.

Security

The technical and organisational measures we use to protect your data are described in our Security policy.

Children

DBHost is a developer tool and is not directed at users under the age of 16. We do not knowingly collect personal data from children.

Contact and complaints

For any privacy question, email stian@dbhost.app. If you are unhappy with our response, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).

Changes to this policy

We may update this policy as the service evolves. Material changes are notified by email at least 30 days before they take effect. Minor edits (clarifications, typo fixes) are reflected by the “Last updated” date at the top of the page.

Questions?

Privacy questions, data requests, or anything you’d like clarified — we read every message.

Contact the team →