Privacy Policy

Last updated: March 6, 2026

1. Introduction

This Privacy Policy describes how PGVitals ("we," "us," or "our"), operated as a sole proprietorship based in India, collects, uses, stores, and protects information when you use our website, platform, APIs, monitoring agents, and related services (collectively, the "Service").

By accessing or using the Service, you consent to the collection and use of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, you must not use the Service.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect:

  • Email address
  • Name (if provided)
  • Organization name
  • Password (stored in hashed form)

2.2 Database Monitoring Data

When you install and run our monitoring agent on your database server, the agent collects and transmits the following data to our servers:

  • Query text and fingerprints from pg_stat_statements (SQL query patterns)
  • Query performance metrics (execution time, call counts, rows returned, block I/O statistics)
  • Table statistics (sequential and index scan counts, tuple counts, dead tuples)
  • Index statistics (scan counts, tuple reads)
  • Database server metadata (hostname, PostgreSQL version)

We do not collect: The actual contents of your database tables, row data, user data stored in your database, passwords, connection strings, or any personally identifiable information stored in your database. The monitoring agent only reads PostgreSQL system views and statistics.

2.3 Payment Information

Payment processing is handled entirely by Stripe. We do not collect, store, or have access to your full credit card numbers, bank account details, or other financial information. Stripe may share with us limited information such as the last four digits of your card, card brand, and billing address for record-keeping purposes.

2.4 Usage and Log Data

We may automatically collect:

  • IP address
  • Browser type and version
  • Pages visited and features used
  • Date and time of access
  • Referring URL
  • Device and operating system information

2.5 Third-Party Integrations

If you connect third-party services, we may collect additional information:

  • Slack: Workspace ID, channel information, and OAuth access tokens necessary to send alert notifications to your designated Slack channels.
  • AI Features: Query text sent to Anthropic's API for AI-powered query explanations. Anthropic processes this data according to their privacy policy.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service.
  • Process your queries and display monitoring dashboards.
  • Send alerts (email, Slack) based on your configured preferences.
  • Send weekly digest emails summarizing your database performance.
  • Process payments and manage your subscription.
  • Detect and prevent fraud, abuse, and security incidents.
  • Respond to your requests and provide customer support.
  • Generate anonymized, aggregated analytics to improve the Service.
  • Comply with legal obligations.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following circumstances:

  • Service Providers: We share data with third-party service providers who assist us in operating the Service, including Stripe (payment processing), email delivery services, and hosting providers. These providers are contractually obligated to use your data only for the purposes of providing services to us.
  • AI Processing: When you use AI-powered features, query text may be sent to Anthropic for processing. We do not control how Anthropic processes this data, and you should review Anthropic's privacy policy separately.
  • Legal Requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction.
  • With Your Consent: We may share your information in other circumstances with your explicit consent.

5. Data Storage and Security

Your data is stored on servers that may be located in various jurisdictions. By using the Service, you consent to the transfer and storage of your data in these locations.

We implement reasonable technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet or electronic storage is 100% secure.

WE CANNOT AND DO NOT GUARANTEE THE ABSOLUTE SECURITY OF YOUR DATA. YOU ACKNOWLEDGE THAT YOU PROVIDE YOUR INFORMATION AT YOUR OWN RISK. WE SHALL NOT BE LIABLE FOR ANY UNAUTHORIZED ACCESS TO, LOSS OF, OR ALTERATION OF YOUR DATA, TO THE MAXIMUM EXTENT PERMITTED BY LAW.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specific retention periods vary by plan:

  • Free plan: Up to 7 days of query history
  • Paid plans: As specified in your plan (up to 90 days of query history)
  • Account information: Retained until account deletion

After account termination or cancellation, we may retain your data for up to 30 days before permanent deletion. We may also retain certain information as required by law or for legitimate business purposes (such as resolving disputes or enforcing our Terms).

Anonymized and aggregated data that cannot identify you may be retained indefinitely for analytics and improvement purposes.

7. Cookies and Tracking

We use essential cookies and similar technologies to operate the Service, including authentication tokens (JWT) stored in your browser. These are strictly necessary for the Service to function.

We may also use analytics cookies or similar technologies to understand how the Service is used. You can control cookies through your browser settings, but disabling essential cookies may prevent you from using the Service.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Data Portability: Request your data in a machine-readable format.
  • Opt-Out: Unsubscribe from marketing communications at any time.

To exercise any of these rights, please contact us at contact@kafal.studio. We will respond to your request within a reasonable timeframe (typically 30 days). We may require verification of your identity before processing your request.

Please note that deleting your data may result in the loss of access to the Service and cannot be undone.

9. Information Technology Act, 2000 (India)

We comply with the applicable provisions of the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 of India, as applicable. We implement reasonable security practices and procedures as required by these laws.

If you are located in India and wish to file a grievance regarding our data practices, you may contact our Grievance Officer at contact@kafal.studio. We will acknowledge your grievance within 48 hours and resolve it within 30 days.

10. International Users

The Service is operated from India. If you are accessing the Service from outside India, please be aware that your information may be transferred to, stored, and processed in India or other jurisdictions where our servers or service providers are located. By using the Service, you consent to such transfer, storage, and processing.

We do not specifically target users in the European Economic Area (EEA) or other jurisdictions with specific data protection regulations. If you are located in such a jurisdiction, you use the Service at your own discretion and are responsible for ensuring compliance with your local data protection laws.

11. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe a child under 18 has provided us with personal information, please contact us immediately.

12. Email Communications

By creating an account, you consent to receive the following emails from us:

  • Transactional Emails: Account verification, password resets, payment confirmations, and subscription changes. These cannot be opted out of while your account is active.
  • Service Emails: Weekly digest reports, spike alerts, and monitoring notifications based on your alert preferences. These can be managed through your dashboard settings.
  • Product Updates: Announcements about new features or important changes to the Service. You may opt out of these.

13. Limitation of Liability for Data

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, WE SHALL NOT BE LIABLE FOR ANY LOSS, CORRUPTION, UNAUTHORIZED ACCESS, OR BREACH OF YOUR DATA, WHETHER STORED ON OUR SERVERS OR IN TRANSIT. YOU ARE SOLELY RESPONSIBLE FOR MAINTAINING BACKUPS OF YOUR DATA AND FOR ENSURING ADEQUATE SECURITY MEASURES ON YOUR OWN SYSTEMS.

We are not responsible for the privacy practices of any third-party services integrated with the Service. We encourage you to review the privacy policies of all third-party services you connect with PGVitals.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy. It is your responsibility to review this Privacy Policy periodically.

We will not reduce the protections of this Privacy Policy for data already collected without your explicit consent.

15. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of India. Any disputes arising under this Privacy Policy shall be subject to the exclusive jurisdiction of the courts in India.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

PGVitals

Email: contact@kafal.studio

Location: India