Privacy Policy

At MyD1, we believe your database schema and queries are your business, not ours. Our privacy philosophy is simple: if we don't need it, we don't collect it.

1. Data Collection & Usage

• Database Credentials — Your database passwords and API tokens are stored locally on your Mac using the secure macOS Keychain. We never see, store, or transmit these to our servers.
• Database Content — MyD1 is a local client. Your data travels directly from your Mac to your database provider (Cloudflare, AWS, etc.). It never passes through MyD1 servers.
• AI Features (Pro) — Bring Your Own Key (BYOK) — The AI Assistant operates on a strict BYOK model. Your schema and prompts are sent directly from your Mac to the provider you choose (OpenAI, Anthropic, or xAI) using your own API key. MyD1 never proxies, stores, or inspects this data. Because the choice of AI provider and API key is entirely yours, MyD1's responsibility with respect to that provider's data handling is limited — you should review the privacy policy of your chosen provider: OpenAI, Anthropic, or xAI.
• Account Data — When you create an account, we collect your email address, name (optional), and an encrypted password. When you purchase Pro, Stripe processes your payment — we never see or store your card details.
• Device Activations — When you activate a license, we store a hashed machine identifier and an optional device name.

2. What We Don't Collect

The MyD1 macOS application does not include any telemetry, analytics, or tracking. No personal files, database contents, or queries are ever transmitted from the app to our servers. We do not use cookies for advertising or third-party tracking.

3. Download Analytics

When you download the app, we log a hashed IP address, country code (via Cloudflare headers), referrer URL, and user agent string. This data is used solely to understand download trends and is never sold or shared with third parties.

4. Marketing

We hate spam. We will never sell your data to third parties or governments. We use your email solely for license management and critical app updates.

5. How Data Is Stored

All data is stored on Cloudflare D1 (SQLite), encrypted at rest by Cloudflare's infrastructure. Our application runs on Cloudflare Workers within Cloudflare's global network.

6. Third-Party Services

• Stripe — Payment processing. Subject to Stripe's Privacy Policy.
• Resend — Transactional email delivery. Subject to Resend's Privacy Policy.
• Cloudflare — Hosting, CDN, and database. Subject to Cloudflare's Privacy Policy.
• Google Analytics — Website traffic analytics (page views, session duration, country). Subject to Google's Privacy Policy. No personally identifiable information is sent.
• OpenAI / Anthropic / xAI — AI inference providers used by the Pro AI Assistant, via your own API key. We transmit no data to these services — your Mac connects to them directly. Subject to their respective privacy policies.

7. Cookies

We set one strictly-necessary cookie: better-auth.session-token, which keeps you signed in across page loads. A second non-essential local preference (myd1-theme) is stored in your browser's localStorage to remember your light/dark theme — it never leaves your device. Stripe sets its own cookies during checkout for fraud prevention and payment processing. Google Analytics sets first-party analytics cookies (_ga, _ga_*) to measure aggregate page traffic — no personal data is attached. We set no advertising cookies, tracking pixels, or cookies used for profiling.

Because the site only uses strictly-necessary cookies and privacy-respecting first-party analytics, we do not show a cookie-consent banner — GDPR / ePrivacy do not require one for cookies in this category. If we ever add non-essential tracking, we will introduce a consent prompt at that time.

8. Data Retention

Account data is retained as long as your account exists. Download analytics (hashed IP address, country, user agent, referrer) are retained for up to 12 months and purged automatically on a rolling basis — no download record is kept beyond that window. You can delete your account at any time from your account settings, which permanently removes your account, license keys, sessions, and all data directly linked to your account. Anonymous download-analytics records (which contain no user identifier and cannot be linked back to you) are purged on the 12-month rolling schedule above.

9. Your Rights

You have total control over your data. At any time, you can contact us at hello@myd1.app to:

• Request a summary of the data we have associated with your license (typically just your email and purchase date).
• Request the permanent deletion of your customer record.

You can also manage your data directly from your account dashboard.

Rights under the GDPR

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right of access — obtain a copy of the personal data we hold about you.
• Right to rectification — correct inaccurate or incomplete data.
• Right to erasure — request deletion of your personal data ("right to be forgotten").
• Right to restriction — ask us to limit how we process your data while a dispute is resolved.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interests.

To exercise any of these rights, contact hello@myd1.app. We will respond within 30 days. You also have the right to lodge a complaint with your national supervisory authority — for example Spain's AEPD, France's CNIL, or the authority in your country of residence — if you believe your rights have not been respected.

10. Changes

We may update this policy from time to time. Significant changes will be communicated via email to registered users.

11. Contact

For privacy-related questions, contact hello@myd1.app.