Privacy and data handling posture
QueryRook is built as a control plane, not a data warehouse for customer application records. This posture keeps the product focused on database operations evidence and reduces unnecessary data exposure.
Database credentials
Connection strings are treated as secrets, encrypted before storage, redacted from UI surfaces, and excluded from exported evidence packets.
Customer data
QueryRook is designed to collect metadata, query fingerprints, plan evidence, and operational outcomes instead of copying application table contents.
Evidence exports
Readiness, benchmark, trust, and proof exports are intended to be shareable without exposing DSNs, passwords, or raw local file paths.
Data minimization
Operators should use least-privilege target roles, avoid superuser credentials, and connect replicas or staging targets whenever possible.
Subprocessors and legal review
Hosted QueryRook depends on cloud, authentication, billing, and monitoring vendors. A formal privacy policy, subprocessors list, and customer DPA should be finalized before broad paid self-serve launch.