Panda Capital Oy Ab (Finnish business ID 3297809-7) ("we", "us", "our") respects your privacy and is committed to protecting personal data. This Privacy Policy explains how we collect, use, disclose, and store personal data when you access or use the Saturn SQL service ("Service").
The controller responsible for data processing is Panda Capital Oy Ab, registered in Finland under business ID 3297809-7.
This Privacy Policy applies to personal data processed in connection with registration for and use of the Service, and any associated websites or communications.
We process personal data as necessary to perform our contract with you, comply with legal obligations, and pursue legitimate interests such as improving the Service, maintaining security, and preventing fraud. Processing is performed in accordance with the GDPR and Finnish law.
We may collect limited information necessary to operate and improve the Service:
| Category | Details |
|---|---|
| Account information | Details provided during signup and account management |
| Service usage information | Technical and operational data generated through normal use of the Service |
| Authentication information | Data required to verify identity and maintain secure sessions |
| Connection information | Configuration data needed to establish and maintain access to external data sources |
| Billing and subscription information | Payment-related and plan-related data processed by trusted third-party providers |
| Support and communication records | Information shared with us when contacting support or providing feedback |
| Early access or waitlist information | Contact details submitted to express interest before product availability |
We use collected data to:
We may share personal data with:
We do not sell personal data.
If data is transferred outside the EEA, appropriate safeguards such as EU Standard Contractual Clauses or adequacy decisions are applied.
We retain personal data only as long as necessary for providing the Service and meeting legal requirements. After account termination, data is deleted or anonymised unless retention is legally required or needed for legitimate business purposes such as resolving disputes or auditing.
Users have the right to:
Requests can be made through the contact form available in the Service.
Cookies and similar technologies are used to operate, measure, and improve the Service. You can manage or disable cookies through your browser settings.
We apply strong technical and organisational measures such as encryption, access control, and monitoring. Absolute security cannot be guaranteed. We are not liable for accidental loss or unauthorised access except where caused by gross negligence or willful misconduct. Any data breach will be notified as required by law.
Updates will be published on the website with an updated effective date. Major changes may also be communicated in-app.
We rely on carefully selected third-party providers for infrastructure, hosting, analytics, and payment processing. Each provider is bound by a data processing agreement and required to maintain adequate technical and organisational measures to protect data. Updated information about subprocessors is made available through the Service.
| Service Provider | Service | Data Processed | Location |
|---|---|---|---|
| Vercel Inc. | Application Hosting & Deployment | Account data, session data, query metadata, server logs | United States |
| Neon (Serverless Postgres) | Database Storage | All user data, query history, account information | United States (AWS) |
| Upstash | Redis Cache & Rate Limiting | IP addresses, request metadata, rate limit counters | United States |
| Stripe Inc. | Payment Processing | Billing information, subscription data, payment records | United States |
Enterprise customers may request a separate Data Processing Agreement consistent with this Privacy Policy and compliant with GDPR requirements.
Questions or requests regarding this Privacy Policy may be submitted through the contact form in the Service.