Last updated: March 2026
Privacy Policy
This Privacy Policy describes how dbaBrain Inc. ("we", "us", or "the Company") collects, uses, and shares information when you use GritLabs.ai ("the Service"). We are committed to protecting your privacy and being transparent about our data practices.
1. Information We Collect
Account Data
Authentication is handled through Clerk, our identity provider. When you create an account, Clerk collects and manages:
- Email address
- Name (if provided)
- Profile image (if provided)
- SSO provider details (if you sign in via Google, GitHub, etc.)
- Organization membership and roles
Usage Data
We collect data about how you interact with the Service to improve the learning experience:
- Pages visited and features used
- Lab catalog browsing and search queries
- Device type, browser, and operating system
- IP address and approximate geographic location
- Referral source
Lab Session Data
During active lab sessions, we collect data to power the AI tutor and track your progress:
- Terminal commands executed during lab sessions
- SQL queries run in the query tool
- Lab objective completion status and scores
- AI tutor conversation history
- Session duration and timestamps
- Infrastructure metadata (provider, region, resource IDs - not your data on lab VMs)
Payment Data
Payment processing is handled entirely by Stripe. We do not store your credit card number, CVV, or full card details on our servers. We receive from Stripe:
- Subscription plan and billing cycle
- Payment status and invoice history
- Last four digits of your card (for display purposes)
- Billing address
2. How We Use Your Data
We use collected information to:
- Provide and maintain the Service, including provisioning lab infrastructure
- Power the AI tutor - your terminal commands and queries are analyzed by our AI engine to provide real-time guidance and hints
- Track learning progress, generate skill assessments, and build your skill tree
- Process payments and manage subscriptions
- Send transactional emails (session reminders, billing receipts, security alerts)
- Improve our lab templates, AI tutor accuracy, and overall platform quality
- Detect and prevent fraud, abuse, and Terms of Service violations
3. Data Sharing
We share your data only with the following third-party services, each necessary for the operation of the platform:
- Clerk - Authentication, user management, and organization features. Clerk processes your account data under their own privacy policy.
- Stripe - Payment processing and subscription management. Stripe handles your payment data under PCI DSS compliance.
- Cloud Providers (Hetzner, AWS, GCP, Azure) - Lab infrastructure is provisioned on these providers. They receive server configuration data but not your personal information or learning data.
- Anthropic - Your terminal commands, queries, and tutor conversations are sent to the Anthropic Claude API to power the AI tutor. Anthropic processes this data under their API data usage policy, which does not use API inputs for model training.
- PostHog - Product analytics and feature flags. Receives anonymized usage data.
- Sentry - Error tracking. May receive technical context when errors occur.
We do not sell your personal data to third parties. We do not share your data with advertisers.
4. Data Retention
- Account data is retained for the lifetime of your account and deleted within 30 days of account deletion.
- Lab session data (commands, scores, progress) is retained for 12 months after the session to support your learning analytics and skill tree.
- Lab infrastructure is destroyed immediately when a session ends or expires. No data persists on lab VMs after teardown.
- Payment records are retained as required by tax and accounting regulations (typically 7 years).
- Usage analytics are retained in aggregated, anonymized form indefinitely.
5. Security
We implement industry-standard security measures to protect your data:
- All data in transit is encrypted via TLS 1.3.
- Database data is encrypted at rest via Supabase (AES-256).
- Authentication tokens are managed by Clerk with industry-standard security practices.
- Lab environments are isolated per session - no cross-session or cross-user data access is possible.
- We use Row Level Security (RLS) policies in our database to enforce multi-tenant data isolation.
- Regular security reviews and dependency audits are conducted.
6. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access - Request a copy of the personal data we hold about you.
- Rectification - Request correction of inaccurate personal data.
- Erasure - Request deletion of your personal data (subject to legal retention requirements).
- Portability - Request your data in a structured, machine-readable format.
- Objection - Object to processing of your personal data for certain purposes.
- Restriction - Request restriction of processing under certain circumstances.
To exercise any of these rights, contact us at privacy@gritlabs.ai. We will respond within 30 days.
7. Children's Privacy
GritLabs.ai is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@gritlabs.ai and we will promptly delete such information.
Users between 13 and 18 may use the Service with parental or guardian consent.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Last updated" date. For significant changes, we will make reasonable efforts to provide additional notice (such as an email or in-app notification).
Your continued use of the Service after changes are posted constitutes acceptance of the updated Privacy Policy.
9. Contact
If you have questions about this Privacy Policy or our data practices, please contact us at:
privacy@gritlabs.ai
dbaBrain Inc.