Vettabase Ltd (registered in England and Wales, company number 12769372, "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise process personal data in connection with the MariaDB + TidesDB Fiddle service ("the Service") in accordance with the UK GDPR and UK Data Protection Act 2018.

1. Data Controller

Vettabase Ltd is the data controller for personal data processed through the Service. For data protection queries, contact: info@vettabase.com

2. Personal Data We Collect

We collect the following personal data:

• Email address (required for registration)
• Company name (optional)
• Login timestamps and session data
• Queries executed and query execution times (for service improvement and abuse prevention)

3. Purpose of Processing

We process your personal data for the following purposes:

• To provide and maintain the Service
• To authenticate your account and prevent unauthorized access
• To enforce query rate limits and prevent abuse
• To improve the Service through aggregate analytics
• To comply with legal obligations
• To communicate with you about service updates or security issues

4. Legal Basis for Processing

We process your personal data on the following legal bases:

• Performance of contract: We process your email address to provide the Service you have requested.
• Legitimate interest: We process query logs and company information to prevent abuse, improve the Service, and understand user demographics.
• Legal obligation: We process data as necessary to comply with applicable laws.

5. Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfil the purposes described in this policy. Account data (email, password hash, company name) is kept for as long as your account is active. You may request deletion of your account at any time by contacting us at info@vettabase.com. Query logs are retained for a limited period for abuse-prevention purposes, after which they are deleted or anonymised.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or alteration. Passwords are stored as salted hashes and are never stored or transmitted in plain text. Access to the underlying database is restricted to the application process.

7. Your Rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate personal data
• Request erasure of your personal data ("right to be forgotten")
• Object to or restrict certain processing activities
• Data portability (receive your data in a structured, machine-readable format)
• Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk

To exercise any of these rights, please contact us at info@vettabase.com.

8. Cookies and Session Data

The Service uses a signed session cookie to maintain your login state and assign a database connection pool slot. This cookie is strictly necessary for the Service to function and does not track you across other websites. No third-party analytics or advertising cookies are used.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The updated policy will be posted at this URL with a revised "Last updated" date. Your continued use of the Service after any changes constitutes your acceptance of the new policy.

10. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us at info@vettabase.com or visit vettabase.com.