Privacy Policy

What we collect

When you sign up for the OnlyMetrix beta, we collect:

• Contact information: Your name, work email, and company name.
• Usage context: Your data warehouse type and intended use case (optional).

When you use the OnlyMetrix service, we process:

• API requests: Queries, metric lookups, and search terms sent to the API.
• Audit logs: Query timing, success/failure status, and API key attribution.
• Datasource metadata: Table names, column names, and schema information from your connected warehouse. We do not store your actual data rows.

What we don't do

• We do not sell your data to third parties.
• We do not use your data to train AI models.
• We do not store your query results - they are streamed through and returned to you.
• We do not access your warehouse outside of the queries you initiate.

How we protect your data

• Encryption at rest: Datasource credentials are encrypted with AES-256-GCM before storage.
• Encryption in transit: All API traffic is served over HTTPS (TLS 1.2+).
• Tenant isolation: Each customer's data is scoped by tenant ID. No cross-tenant access is possible.
• PII masking: Personally identifiable information is masked before it leaves the system.

Third-party services

We use the following third-party services:

• AWS (RDS, ECR, EC2): Infrastructure hosting. Data stored in US-East-1.
• Cloudflare: DNS, DDoS protection, and TLS termination.
• OpenAI: Text embeddings for semantic search. Only metric names and descriptions are sent - never your actual data.
• Redis: Caching layer. Query results cached for 5 minutes, then evicted.

Your rights

You can request deletion of your account and all associated data at any time by emailing [email protected].

Contact

For privacy questions or data requests, email [email protected].