Privacy Policy

Last updated: March 2026

This policy explains what data we collect, how we use it, and what control you have. We’ve kept it short and readable on purpose.

What We Collect

When you sign in with Google, we receive your name, email address, and profile picture. We store this to identify your account.

We also collect:

  • Project and dashboard metadata (names, settings, configurations)
  • Query names and SQL statements you register
  • Usage analytics (page views, feature usage) to improve the product

We do not store query results long-term. Results pass through our servers and are returned to your browser, except when caching is enabled (see below).

BigQuery Credentials

Service account JSON keys you upload are stored encrypted on our servers. They are used solely to execute queries against your data warehouse on your behalf. We do not use them to browse, export, or otherwise access your data for any other purpose.

Query Results & Caching

When caching is enabled for a query, results are converted to Parquet files and stored temporarily in Cloudflare R2. These files are automatically deleted when the TTL (time-to-live) you configure expires.

When caching is disabled, query results pass through our servers but are not persisted. They exist only for the duration of the request.

What We Don’t Do

  • We don’t sell your data. Ever.
  • We don’t share your data with third parties for advertising.
  • We don’t access your data warehouse beyond executing the queries you’ve registered.
  • We don’t use your data to train machine learning models.

Cookies

We use session cookies for authentication, managed by Supabase. These are strictly necessary for the service to function. We do not use third-party tracking cookies or advertising pixels.

Data Retention

Account data is retained while your account is active. If you delete your account, we will remove your data within 30 days.

Cached Parquet files are deleted automatically based on the TTL settings you configure for each query. You can also manually clear the cache at any time.

Third-Party Services

We rely on the following third-party services, each with their own privacy policies:

  • Supabase — authentication and database
  • Cloudflare — hosting, R2 storage, Workers
  • Google Cloud (BigQuery) — your connection, not ours

Security

We use encryption in transit (HTTPS) and encryption at rest for sensitive data like credentials. However, no system is 100% secure, and we cannot guarantee absolute security. See our Terms of Service for more on our liability limitations.

Your Rights

You can request a copy of your data or ask us to delete your account at any time by emailing privacy@overscore.dev. We’ll respond within 30 days.

Changes to This Policy

We may update this privacy policy from time to time. When we do, we’ll update the date at the top of this page. Continued use of the service constitutes acceptance of the updated policy.

Contact

Questions about this policy? Reach us at privacy@overscore.dev.