Privacy Policy — Databasus Cloud

Last updated: March 10, 2026

This privacy policy explains how Databasus Cloud ("we", "us", "our") collects, uses and protects your information when you use the Databasus Cloud service at app.databasus.com.

Databasus Cloud is operated by Databasus (IE Rostyslav Duhin, Identification Number: 347010209), registered in Georgia. For the privacy policy of the self-hosted version and the marketing website, see the website privacy policy.

We process your personal data on the following legal grounds under GDPR:

  • Contract performance (Article 6(1)(b)) — to provide the Databasus Cloud service you signed up for, including performing backups, managing your account and sending transactional notifications
  • Legitimate interest (Article 6(1)(f)) — to improve the service, ensure security and prevent abuse
  • Legal obligation (Article 6(1)(c)) — to comply with applicable laws and regulations

Data we collect

Account data

When you create an account we collect the following information:

  • Name — to identify you in the dashboard and for communication
  • Email address — used for authentication, transactional notifications (backup status, account-related updates) and support
  • Password — if you register with email/password, your password is securely hashed and never stored in plain text

You may also sign up or log in via third-party OAuth providers (GitHub, Google). In that case, we receive only your name and email from the provider. We do not access any other data from your GitHub or Google account.

Database credentials

To perform backups, you provide connection details for your databases (host, port, database name, username, password). All credentials are encrypted. We access your database only to perform backups via standard dump tools (pg_dump, mysqldump, mongodump) with the minimum permissions required by each tool. We do not manually inspect your database content — access is limited to automated backup operations.

Backup data

Backup archives are stored in S3-compatible storage in the EU and USA. Each backup file is encrypted with a unique key derived from a master key, backup ID and random salt. We do not access the contents of your backups unless required by law or with your explicit consent for support purposes.

Audit logs

Databasus Cloud records audit logs of actions performed within your organization (backup downloads, schedule changes, configuration updates, user access, etc.). These logs are stored on our servers. Users within your organization can view them through the dashboard. We may access audit logs for support and debugging purposes.

Website analytics

We use Rybbit.io for anonymous, privacy-compliant website analytics. Rybbit does not use cookies, does not collect IP addresses and does not track users across websites. Only aggregated, anonymous data is collected (page views, referral sources, browser type, country). No personal data is processed. For full details, see our website privacy policy.

Bot protection

We use Cloudflare Turnstile to protect sign-up and login forms from automated abuse. Turnstile may process technical signals (such as IP address and browser metadata) to distinguish humans from bots. It does not use tracking cookies. For details, see Cloudflare's Turnstile privacy policy.

How we use your data

We use the data we collect to:

  • Provide, operate and maintain the Databasus Cloud service
  • Authenticate your account and manage access within your organization
  • Perform scheduled database backups and send transactional notifications (backup success/failure, account updates)
  • Provide customer support
  • Improve the service based on anonymous, aggregated usage data

We do not send marketing emails. All communications are transactional and directly related to the service.

Data storage and security

All data is stored on servers located in the European Union and the United States. We employ industry-standard security measures including:

  • AES-256-GCM encryption for all sensitive data (credentials, tokens, secrets)
  • Per-backup encryption with unique keys derived from a master key, backup ID and random salt
  • Hashed passwords (never stored in plain text)
  • Minimal database permissions — Databasus requests only the permissions required by the underlying dump tools for each database engine

International data transfers

Our infrastructure is located in the European Union and the United States. If your data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place in accordance with GDPR Chapter V, including the use of service providers that adhere to recognized data protection frameworks.

Data sharing

We do not sell, trade or rent your personal data to third parties. We share data only with service providers necessary to operate Databasus Cloud (infrastructure, payment processing, email delivery). These providers process data solely on our behalf and under our instructions.

We may disclose your data if required to do so by law, court order, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety or the safety of others.

Data retention and deletion

We retain your data for as long as your account is active and as needed to provide the service.

  • You can delete your databases, backups and associated data at any time through the dashboard
  • To delete your entire account, contact us at [email protected]
  • Upon account deletion, all your data — including account information, database credentials, backups and audit logs — is deleted as soon as reasonably practicable, typically within 30 days. Some data may be retained longer only if required by applicable law

Cookies

Databasus Cloud uses only essential cookies required for authentication and session management. We do not use advertising, marketing or third-party tracking cookies. Rybbit.io analytics operates without cookies. Cloudflare Turnstile does not set tracking cookies.

Your rights

Under the GDPR and other applicable privacy regulations, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate personal data
  • Erasure — request deletion of your personal data
  • Data portability — request your data in a portable format
  • Objection — object to processing of your personal data
  • Restriction — request restriction of processing

You also have the right to lodge a complaint with a data protection supervisory authority in your country of residence.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

Data breach notification

In the event of a personal data breach that is likely to result in a risk to your rights, we will notify affected users via email without undue delay and no later than 72 hours after becoming aware of the breach, in accordance with GDPR Article 33.

Children's privacy

Databasus Cloud is not directed at children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will delete it promptly.

Changes to this policy

We may update this privacy policy from time to time. The "Last updated" date at the top indicates when the policy was last revised. Material changes will be communicated via email to registered users.

Contact

If you have questions about this privacy policy or your data, contact us: