Legal

Privacy Policy

Last updated: 2026-04-21

We take your privacy seriously. This policy explains what we collect, why, how long we keep it, and the rights you have over your data. We do not sell your personal data.

Who we are

“seedkit,” “we,” or “our” refers to the entity that operates the seedkit platform. You can reach our privacy team at ben@seedkit.dev.

What we collect

Identity and account

Email address, optional display name, and organization name collected at signup. Used to authenticate you, personalize the dashboard, and send operational notifications.

Billing

Payment is processed by Stripe. Card numbers never reach seedkit servers. We store enough billing metadata — subscription plan, billing period, customer identifier, invoice references — to keep your account in good standing and issue tax-compliant receipts.

Schemas, prompts, and generated data

When you use the CLI or dashboard, we receive the schema or natural-language prompt you submit, along with generation options (row counts, locale, seed id). These are sent to our LLM provider (see Subprocessors) to generate INSERT statements, and cached server-side so that repeated runs with the same --seed produce byte-identical results.

Generated SQL is stored gzipped in object storage for as long as the source generation exists. For ephemeral databases, the dump is deleted when the generation is deleted. Do not include real personal data of third parties in the schemas or prompts you send.

Ephemeral database connection strings

When seedkit provisions a database on your behalf, we store the connection string encrypted at rest so we can surface it to you on demand. It is scoped to a time-limited Neon project that is automatically destroyed at the end of its TTL.

Usage events and audit logs

Every seed run, AI call, provisioning event, and destroy event is written to an append-only usage ledger. We use it to enforce plan limits, show you your quota usage, and — on the Team plan — render an audit log for your org administrators. Audit entries are attributed to the acting user by id.

Access and operational logs

Hashed IP addresses, user-agent strings, request paths, and response codes are logged for security, abuse prevention, and debugging. These logs are retained for up to 90 days.

Cookies

We use first-party cookies strictly for authentication and session state. No third-party advertising cookies, no cross-site tracking.

Why we process this data (legal bases)

  • Contract performance (GDPR Art. 6(1)(b)) — to provide the Services you signed up for: authentication, schema ingestion, generation, database provisioning, billing.
  • Legitimate interests (GDPR Art. 6(1)(f)) — to secure the platform, prevent abuse, monitor quotas, and improve product reliability.
  • Legal obligation (GDPR Art. 6(1)(c)) — to issue tax-compliant invoices and respond to lawful orders.
  • Consent (GDPR Art. 6(1)(a)) — for anything else we'd ask you about explicitly. We don't currently rely on consent for any default processing.

How long we keep it

  • Account data — for the life of your account. Deleted from active systems within 30 days of cancellation and from backups within 60 days.
  • Generated SQL dumps — for as long as the associated generation row exists. When you destroy an ephemeral database via seedkit destroy, the database itself is removed; the dump stays until you delete the generation, so seedkit revive can bring it back.
  • Usage events and audit logs — retained for the lifetime of the org. They are the source of truth for billing and compliance.
  • Billing records — retained as required by applicable tax law (typically ten years).
  • Operational logs — up to 90 days.

Who can see your data

Within seedkit, access to customer data is limited to the engineers who need it to run the platform, and is logged. We do not access your schemas, prompts, or generated data except: (a) with your explicit permission while troubleshooting a support request; (b) to investigate suspected abuse; or (c) where legally compelled.

Third-party subprocessors we rely on are listed on the Subprocessors page. All are contractually bound to confidentiality and to our data-protection standards.

Your rights

Under the GDPR and comparable laws, you have the right to:

  • Know what personal data we hold about you and why.
  • Receive a copy of that data in a portable format.
  • Correct inaccurate data.
  • Erase your data (this will typically end your ability to use the Services).
  • Restrict or object to certain processing.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with your local data-protection authority if you believe we've mishandled your data.

Email ben@seedkit.dev to exercise any of these rights. We respond within 30 days.

Security

All traffic is encrypted in transit via TLS 1.2+. Stored data — including generated SQL dumps, cached blobs, and database connection strings — is encrypted at rest. Row-level security policies isolate organizations from each other inside our Supabase database. Personal access tokens are hashed before storage.

Where your data lives

seedkit infrastructure is hosted in the European Union by default. Ephemeral Neon databases are provisioned in EU regions unless you explicitly choose otherwise. Our LLM provider processes generation requests in regions disclosed on the Subprocessors page.

International transfers

Where a subprocessor involves transfer outside the EU (for example, certain model-provider endpoints), we rely on Standard Contractual Clauses and supplementary safeguards. Details are listed per subprocessor.

Children

The Services are not directed at children under 16. We do not knowingly collect data from them. Contact us if you believe we have, and we will delete it.

Changes to this policy

Material updates are announced by email to account holders at least 14 days before they take effect. The “Last updated” date at the top of this page reflects the current version.

Contact

Privacy questions or requests: ben@seedkit.dev.