Privacy Policy
How InventDB Software LLP handles your data, AI requests, encryption keys, and your rights — across InventDB SOAR and InventDB Serverless. Both are hosted, cloud-only services.
Scope & the two products
InventDB Software LLP operates two hosted, cloud-only products. InventDB SOAR is the AI-driven business platform with a bundled AI model. InventDB Serverless is a pure database with no built-in AI; it exposes MCP, SQL, and REST surfaces so external AI agents you choose can connect to it. This policy covers both. Where a practice applies to only one product, we say so. There is no locally-installed software — both run on our managed infrastructure — so this policy, together with our Terms of Service, governs the service.
Data we collect
Account information
Email, name, billing address, payment method (processed by Razorpay; we never see card numbers).
Service usage telemetry
Login times, MCP token issuance, and — on InventDB SOAR — AI turn count and token usage (for billing line-item accounting). Error logs without record content.
Your data in InventDB
Whatever you import or create in your instance. Encrypted at rest with your encryption key. Not used by us for any purpose other than serving your queries.
How AI requests are routed
This section applies to InventDB SOAR only. InventDB Serverless has no built-in AI: the database never sends your data anywhere to be reasoned over — any AI is an external agent you connect over MCP, bounded by the caller's role and row rules, and governed by that agent's own provider.
When you use InventDB SOAR, the InventDB AI Gateway routes your prompts (and the records, schemas, or document text needed to answer them) from your instance to Anthropic for inference. Specifically:
- The Gateway calls the Anthropic API. The no-training opt-out applies at the Anthropic API level — your data is not used to train any model.
- We log token counts and costs (input fresh, input cached, output) for billing transparency. We do not log the content of your prompts or AI responses.
- Anthropic processes the inference and returns the response; per Anthropic's terms, prompt content is not retained beyond the request lifetime.
- BYOK (bring your own LLM key) is not supported on InventDB SOAR. All bundled AI usage routes through our Gateway so we can guarantee model quality.
Encryption keys
Today — what ships
A 32-byte AES-256-GCM master encryption key is generated for each instance at provisioning. On Personal tiers the key is per-user; on Business tiers the key is per-instance. The key lives in the instance configuration (optionally derived from a passphrase via Argon2id). You can rotate it from the admin console. We hold the running key in memory only as long as needed to serve your queries.
Roadmap — AWS KMS-backed CMEK for Business
Customer-Managed Encryption Keys backed by AWS KMS are on the Business roadmap: the master key will live in your AWS account, with every key access audited via CloudTrail, and revocation cuts our access without our intervention. We'll update this section when KMS integration ships.
Your rights
- Access: request a copy of all data we hold about you
- Export: full data export in CSV / JSON / Parquet at any time
- Deletion: request deletion of your account and all associated data; we honor within 30 days
- Correction: correct inaccurate personal information
- Portability: your data is yours; the export gives you a portable copy
- GDPR / CCPA / DPDP rights apply where you are a resident of the relevant jurisdiction
Data retention
Active subscription: data retained as long as your subscription is active. After cancellation: a 30-day grace period during which you can export, then complete deletion.
Security
AES-256-GCM encryption at rest with a per-instance master key (rotatable from the admin console), on your own private encrypted volume and process. TLS 1.3 in transit. An audit log on every read, write, and access (queryable via the audit_log MCP tool). On the roadmap: AWS KMS-backed CMEK for Business plans and third-party penetration testing. We do not currently offer a HIPAA BAA.
International transfers
Our managed cloud runs on AWS US East regions by default. Customers requiring EU residency or other regions can select that at signup (Business tier).
Children's privacy
Our services are not directed to individuals under 16. We do not knowingly collect data from children. If you believe we have, contact us and we will delete it.
Changes
We may update this policy with at least 30 days' prior notice via email to subscribers.
Contact
For privacy questions, contact contact@inventdb.com.
See also our Terms of Service. Back to top ↑