Skip to Content
Privacy Policy

Privacy Policy

Effective Date: March 23, 2026

This Privacy Policy describes how GQLens (“we,” “us,” or “our”) collects, uses, and shares information when you use the GQLens platform (“Service”). By using the Service, you agree to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you register, we collect information through our authentication provider (Clerk), which may include:

  • Name and email address
  • Profile picture
  • Organization or team name
  • Authentication identifiers

1.2 GraphQL Schema Data

When you connect a GraphQL endpoint, the Service introspects and stores:

  • Schema definitions (types, fields, arguments, directives, descriptions)
  • Endpoint URLs and connection metadata
  • Queries you submit for validation

This data is necessary to provide schema discovery, semantic search, and query validation.

1.3 AI Interaction Data

When you use AI-powered features (semantic search, chat), we process:

  • Your search queries and chat messages
  • AI-generated responses
  • Embeddings generated from your schema data for semantic indexing

1.4 Usage Data

We automatically collect:

  • Pages visited and features used
  • Browser type and operating system
  • IP address
  • Timestamps of interactions

1.5 MCP Client Data

When you connect the GQLens MCP server to a development tool (e.g., Cursor, VS Code), we process:

  • Tool invocation requests and parameters
  • OAuth tokens used to authenticate the connection

2. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Service — introspect schemas, run semantic searches, validate queries, and serve MCP tool responses.
  • Improve the Service — analyze usage patterns to fix issues and develop new features.
  • Communicate with you — send account notifications, respond to support requests, and provide service updates.
  • Ensure security — detect and prevent fraud, abuse, and unauthorized access.
  • Process payments — manage subscriptions and billing for paid plans.

3. How We Share Your Information

We do not sell your personal information. We share data only with the following categories of third-party processors, solely to operate the Service:

ProviderPurposeData Shared
PaddlePayment processing (Merchant of Record)Billing information, payment method metadata, transaction history
ClerkAuthentication and identity managementAccount credentials, profile data
ConvexBackend infrastructure and data storageAccount data, schema data, chat history
OpenAIAI-powered search and chat featuresSchema excerpts, search queries, chat messages
Google AnalyticsWebsite analytics and usage reportingUsage data, page views, device and browser information, IP address (anonymized)
PostHogProduct analytics and feature usage trackingUsage data, feature interactions, session information
SentryError monitoring and performance trackingError reports, stack traces, browser and device metadata

These providers process data on our behalf under contractual obligations to protect your information.

We may also share information if required by law, to protect our legal rights, or in connection with a merger, acquisition, or sale of assets (with notice to you).

4. Data Retention

  • Account data is retained for as long as your account is active. Upon account deletion, we remove your personal data within 30 days, except where retention is required by law.
  • Schema data is deleted when you remove an endpoint or delete your account.
  • AI interaction data (chat messages, search queries) is retained for up to 90 days after your last interaction to provide conversation history, then automatically purged.
  • Usage data is retained in anonymized or aggregated form for analytics.

5. Data Security

We implement reasonable technical and organizational measures to protect your information, including:

  • Encryption in transit (TLS) and at rest
  • Access controls and authentication for all internal systems
  • Regular security reviews

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request correction of inaccurate data.
  • Deletion — request deletion of your personal data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing of your data in certain circumstances.
  • Restriction — request that we limit processing of your data.

To exercise any of these rights, contact us at support@gqlens.com. We will respond within 30 days.

7. Cookies and Tracking

The Service uses cookies and similar technologies for:

  • Essential cookies — session management, authentication state, and security.
  • Preference cookies — remembering your settings such as light/dark theme.
  • Analytics cookies — Google Analytics and PostHog use cookies and similar technologies to collect usage data that helps us understand how the Service is used and improve it. These tools may assign anonymous identifiers to your browser.

We do not use third-party advertising cookies. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on .

8. International Data Transfers

Your data may be processed in countries outside your own, including the United States (where some of our third-party providers operate). We ensure that appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

9. Children’s Privacy

The Service is not directed to anyone under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the “Effective Date.” Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

11. Contact

If you have questions or concerns about this Privacy Policy or our data practices, contact us at support@gqlens.com.

Last updated on
Connect Your ToolsTerms of Service