Your data belongs to you. Our priority is keeping it secure and private. We never store, copy, or train on your database—so you can connect with confidence.
Your data never leaves your control
We do not store, copy, or move your actual database rows. We only sync your database schema (metadata)—table and column names and types—so our AI knows your structure. When a chart is loaded, the query runs directly against your database; the result passes through our servers in memory only and is sent to your browser. Your data stays where it lives.
Your prompts and data are never used to train public models
We use enterprise-grade LLM APIs (such as OpenAI and Anthropic). By contract, customer data, prompts, and database schemas are strictly opted out of any AI model training. Your data will never be used to train public models.
When you use your own API keys (Enterprise), requests go directly to the provider under your account and their enterprise terms; we do not retain or train on that data.
We build on secure, industry-standard platforms
Hosted on secure cloud infrastructure. All traffic is encrypted with TLS (HTTPS)—your connection details and data in transit are protected.
Secured by Stripe (PCI Service Provider Level 1). We never see or store your full card details.
We never misuse your connection details or connected databases—here’s how we keep them safe.
Database connection strings and API keys are encrypted at rest (Fernet/AES). We cannot read or misuse them as plain text—they are only decrypted in memory when needed to run your queries, then discarded. No one at Cherryboard can access or export your credentials.
All data between your database, our servers, and your browser is encrypted via TLS 1.2+. Your credentials and query results are protected in transit—no eavesdropping or tampering.
Two-factor authentication (2FA) keeps your account secure: TOTP (authenticator apps), email OTP, and backup codes. Only authorized users in your organization can access your connected data sources and dashboards.
Role-based access control (RBAC) lets you decide exactly who can view, create, or edit dashboards, charts, and data sources. Your database connections and data are only visible to people you grant access to.
Your organization’s data sources, dashboards, and charts are completely isolated. We never mix your data or credentials with another customer’s—you can trust that only your team can access what you connect.
If you discover a security vulnerability, we encourage responsible disclosure. Please report it to us so we can address it before any public disclosure.
We take all reports seriously and will respond as quickly as we can.