Privacy Policy

Cynda ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy describes what data we collect, why we collect it, and how it is handled — both when you sign up for early access on this website and when you use the Cynda Slack bot.

1. Data We Collect

On this website (beta waitlist):

• Email address — submitted voluntarily through the waitlist form.

Through the Cynda Slack bot:

• Slack user ID — used to identify you across sessions and route responses back to you.
• Natural-language questions — the messages you send to the bot to query your data.
• BigQuery details — billing project ID and table path you provide when submitting a query.
• Generated SQL — the SQL query produced by the bot in response to your question, stored in query logs.
• Google OAuth tokens — access token and refresh token used to query BigQuery on your behalf, when you authorize via Google OAuth.

We do not store the results of your BigQuery queries. Table content is fetched to answer your question and is not persisted on our servers.

2. How We Use Your Data

• Email address — to notify you when your early access is ready and send occasional product updates.
• Slack user ID and questions — to operate the bot, route responses to the correct user, and maintain query logs for debugging and improving the service.
• BigQuery details and generated SQL — logged to detect errors, audit usage, and improve query accuracy.
• OAuth tokens — stored so you do not need to re-authorize Google on every query. Tokens are used exclusively to execute BigQuery queries on your behalf.

We do not sell, rent, or share any of your data with third parties for advertising or marketing purposes.

3. Data Storage and Security

Data is stored in a managed PostgreSQL database. Google OAuth tokens are stored encrypted at rest. Access to the database is restricted to the Cynda service and its operators. We apply industry-standard security practices to protect your data against unauthorized access or disclosure.

Temporary OAuth state tokens (used during the Google authorization flow) are automatically deleted after 10 minutes.

4. Third-Party Services

Cynda integrates with the following external services to operate:

• Slack — to receive messages and send responses via the Slack API.
• Google BigQuery — to execute queries against your data warehouse on your behalf.
• OpenRouter and AI model providers (such as Google Gemini, GPT-5, or open-source models) — to generate SQL from your natural-language questions. Your question and table schema are sent to the selected provider or model. No PII data is sent.

Each of these services operates under its own privacy policy.

5. Your Rights

You have the right to:

• Request access to the personal data we hold about you.
• Request correction or deletion of your data at any time.
• Revoke your Google OAuth authorization — this will delete your stored tokens and disable the bot until you re-authorize.
• Be removed from the beta waitlist.

To exercise any of these rights, contact us at support@cynda.tech.

6. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Continued use of Cynda after changes are posted constitutes acceptance of the updated policy.

7. Contact

For any questions or requests regarding this Privacy Policy, reach out at support@cynda.tech.