Skip to content
NoSqlStudio

Privacy Policy

Last updated: May 21, 2025. Version: 1.0.

This Privacy Policy explains how MasterDatabase Ltda ("MasterDatabase", "we") processes personal data in connection with the NoSqlStudio website, online services and desktop application. It is drafted in accordance with the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados — LGPD, Law No. 13.709/2018). MasterDatabase acts as the data controller (controlador) for the processing described here.

1. Data we collect

Depending on how you interact with us, we may process:

  • Telemetry and diagnostics — usage analytics collected through PostHog and error/crash reports collected through Sentry, such as feature usage events, application version, operating system and anonymised or pseudonymised technical identifiers.
  • Purchase data — name, e-mail address, billing details and transaction identifiers collected when you buy a license. Card data is handled directly by our payment providers and is not stored by us.
  • License and activation data — license key, plan, seat count, and activation/seat data (such as a device identifier and activation timestamps) used to validate licenses.
  • Account and contact data — e-mail address and any information you provide when creating an account or contacting support.
  • Website data — cookies and similar technologies, IP address and browser information, as described in Section 6.

2. Legal bases for processing (LGPD Art. 7)

  • Performance of a contract — processing purchase, license, activation and account data is necessary to deliver and validate the license you purchased.
  • Legitimate interests — telemetry and diagnostics are processed to improve product stability, security and usability, balanced against your rights and expectations.
  • Legal obligation — retention of billing and tax records as required by applicable law.
  • Consent — where required, for example for non-essential cookies; you may withdraw consent at any time.

3. DataMask — local processing of your database content

The NoSqlStudio DataMask feature processes data ENTIRELY on the user's own machine. Your database content — the customer data you mask, scan or anonymise — is processed locally and is NOT transmitted to, collected by or stored by NoSqlStudio or MasterDatabase. We never receive your database records through DataMask.

When you use DataMask in audited mode, only audit metadata you explicitly choose to send (such as job identifiers, timestamps and integrity hashes) may be transmitted for audit-trail purposes; the underlying database records themselves remain local.

4. Data subject rights (LGPD Art. 18)

As a data subject, you have the right to:

  • confirm the existence of processing and access your personal data;
  • correct incomplete, inaccurate or outdated data;
  • request anonymisation, blocking or deletion of unnecessary or excessive data, or data processed in non-compliance with the LGPD;
  • request data portability to another provider;
  • obtain information about public and private entities with which we have shared your data;
  • be informed about the possibility of refusing consent and the consequences of refusal;
  • withdraw consent and request deletion of data processed on the basis of consent.

To exercise these rights, contact our Data Protection Officer (see Section 5). We will respond within the timeframes set by the LGPD.

5. Data Protection Officer (Encarregado)

Our Data Protection Officer (Encarregado de Proteção de Dados / DPO) can be reached at privacy@nosqlstudio.com for any question about how we handle your personal data or to exercise your data-subject rights.

6. Cookies

The website uses essential cookies needed for the site to function (for example, to keep your session and process checkout) and may use analytics cookies. Non-essential cookies are used only with your consent, which you may manage or withdraw through your browser settings or any cookie controls we provide.

7. Third parties with whom we share data

We share personal data only as necessary with the following processors and partners, each under its own privacy terms:

  • Stripe — payment processing.
  • Mercado Pago — payment processing.
  • Resend — transactional e-mail delivery (including license delivery).
  • PostHog — product usage analytics.
  • Sentry — error and crash reporting.
  • MongoDB Atlas — managed database hosting for our website and services.

We do not sell your personal data. We may also disclose data where required by law or to protect our rights.

8. Data retention

We retain personal data only for as long as necessary for the purposes described in this Policy or as required by law. Billing and tax records are retained for the period required by applicable Brazilian law. Raw telemetry events are retained for up to 90 days; after that, only aggregated, non-identifying statistics may be kept, for up to 24 months. License and activation data are retained for the lifetime of the license plus any legally required period.

9. International data transfers

Some of our processors (including Stripe, PostHog, Sentry and Resend) may process data outside Brazil. Where personal data is transferred internationally, we rely on the transfer mechanisms permitted by the LGPD, such as transfers to countries with an adequate level of protection or appropriate contractual safeguards.

10. Security

We adopt technical and administrative measures appropriate to protect personal data against unauthorised access and accidental or unlawful destruction, loss, alteration or disclosure. No method of transmission or storage is completely secure.

11. Changes to this Policy

We may update this Policy from time to time. The "Last updated" date reflects the latest revision. Material changes will be communicated through the website.

12. Controller identity and contact

Controller: MasterDatabase Ltda — CNPJ 17.209.884/0001-91. Registered address: https://masterdatabase.com.br/. Privacy contact: legal@nosqlstudio.com. Data Protection Officer (DPO): privacy@nosqlstudio.com.