Privacy Policy

Last updated: February 11, 2026

1. Introduction

This Privacy Policy explains how Shard ("we", "us", "our") collects, uses, and protects your information when you use our personal insights platform. We are committed to protecting your privacy and being transparent about our data practices.

2. Information We Collect

Account Information

When you create an account, we collect your email address and a hashed version of your password. Authentication is handled via better-auth and session data is stored in our PostgreSQL database.

Your Data

Any data you upload, import, or create within Shard (CSV files, tables, queries, charts, canvas layouts) is stored in an isolated SQLite database provisioned exclusively for your account. Each tenant database is a separate file — your data is not commingled with other users' data.

Usage Analytics

We use Google Analytics to collect anonymous usage data such as page views, session duration, and general interaction patterns. This helps us understand how the Service is used and where to improve. No personally identifiable information is sent to Google Analytics.

3. How We Use Your Information

  • Account management: To authenticate you, manage your session, and provision your isolated database
  • Service operation: To execute your SQL queries, import your files, render your charts, and power the canvas workspace
  • AI features: When you use AI-assisted features (query generation, data analysis, summaries), relevant portions of your data are sent to third-party AI providers for processing
  • Product improvement: To analyze aggregate usage patterns and improve the Service

4. Data Architecture & Isolation

Shard uses a multi-tenant architecture designed for strong data isolation:

  • Tenant databases: Each user gets a dedicated SQLite database file managed by our SQLite server. Your data lives in its own isolated file, separate from all other users.
  • Control plane: Account metadata, tenant mappings, and authentication data are stored in a shared PostgreSQL database, separate from your content.
  • WAL mode: SQLite databases run with Write-Ahead Logging enabled for better read concurrency and data durability.

5. Data Retention

Your data is retained for as long as your account is active. Specifically:

  • Active accounts: All data (tables, queries, charts, canvas state) is retained indefinitely while your account remains active.
  • Account deletion: When you delete your account, your tenant SQLite database file and all associated data are permanently deleted within 30 days.
  • Backups: Database backups may retain your data for up to 30 additional days after deletion, after which it is permanently purged.

6. Third-Party Services

Shard integrates with the following third-party services:

  • AI providers: When you use AI-powered features, data is sent to third-party AI model providers (e.g., Google Gemini) for processing. We only send the minimum data necessary to fulfill your request.
  • Google Analytics: Anonymous usage analytics for product improvement.
  • Feedbug: In-app feedback collection widget.

7. Data Security

We implement reasonable security measures to protect your data, including encrypted connections (HTTPS), hashed passwords, session-based authentication, and isolated per-tenant databases. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

8. Your Rights

You have the right to:

  • Access your data: All data you create in Shard is visible and queryable by you at any time through the workspace.
  • Export your data: You can export your tables and query results from the Service.
  • Delete your data: You can delete individual tables, queries, and charts, or delete your entire account.
  • Correct your data: You can edit your data directly through the workspace interface.

9. Cookies

Shard uses essential cookies for authentication and session management. We also store your theme preference (light/dark mode) in local storage. Google Analytics may set its own cookies for usage tracking.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through the Service. Your continued use of Shard after changes take effect constitutes acceptance of the updated policy.

11. Contact

If you have questions about this Privacy Policy or how your data is handled, please reach out through the feedback widget in the app.

Terms of Service