Legal
Privacy Policy
Veto is built so that privacy is the default, not a promise. It never connects to your database, and the SQL you submit is not stored. Because the verdict is produced by deterministic rules with no LLM in the loop, no AI provider ever sees your queries.
This policy explains what data Veto (the service at vetosql.com and its MCP endpoint) processes, why, and your rights. The service is operated by MetaWear s.r.o., IČ 14338017, registered at Sládkova 372/8, Moravská Ostrava, 702 00 Ostrava, Czech Republic (Regional Court in Ostrava, file no. C 88655). We are the data controller. Questions: info@metawear.cz.
1. The data we process
a. The SQL you submit
When your agent calls analyze_sql, the SQL (and any optional schema) is processed in memory to produce a verdict, then discarded. We do not store, log, or share the SQL, the schema, or any data within it. Cost analysis, when a schema is supplied, runs on a disposable scratch Postgres inside a transaction that is always rolled back — your production database is never connected.
b. Anonymous usage analytics
For each analysis we record a minimal, non-identifying event: the verdict category (ok / warn / block), the internal rule ids that fired, whether a schema was supplied, and how long the analysis took in milliseconds. This contains no SQL, no schema, no IP address, and no account identifier — it cannot be tied back to a person.
c. Account & billing (Pro)
Paid plans are sold through Polar, which acts as our merchant of record. When you purchase Pro, Polar collects your email and payment details and handles invoicing and taxes; we never see or store full payment information. We receive and store a license key and the associated tier and customer reference so we can validate Pro requests.
d. Custom org policies (Pro)
If you configure custom org policies, we store the declarative policy you provide — for example table-name patterns and rule settings — linked to your license key, so they can be enforced on later requests. Policies are validated data and are never executed.
e. Network & technical data
Your IP address is processed transiently to enforce rate limits and protect the service from abuse. It is not written to our database.
2. How we use data & legal bases
We process the above to provide and secure the service, enforce usage limits, understand aggregate usage, and meet legal obligations. Under the GDPR our legal bases are: performance of a contract (operating your Pro plan), and legitimate interests (securing the service and analysing aggregate, anonymous usage to improve it).
3. Sharing & subprocessors
We do not sell your data and we use no advertising networks. Critically, there is no LLM or AI provider in the loop — your SQL is never sent to a model. We rely on a short list of subprocessors:
| Provider | Purpose | Location |
|---|---|---|
| Polar | Payments & billing (merchant of record) | See Polar's privacy policy |
| Railway | Application & database hosting | EU |
We may also disclose information where required by law.
4. Data retention
- Submitted SQL & schema — not retained; processed in memory and discarded.
- Anonymous analytics — retained as aggregate, non-identifying records.
- License & policy data — kept while your plan is active and for a reasonable period afterwards, then deleted.
5. Your rights
Under the GDPR you have the right to access, rectify, erase, port, object to, and restrict the processing of your personal data, and to withdraw consent. Because we hold so little — essentially your license and any policies — most requests are simple. Exercise any right by emailing info@metawear.cz; we aim to respond within 30 days.
6. Data security
All traffic is encrypted in transit (HTTPS). The service is hosted in the EU, applies per-caller rate limiting, and — by design — never connects to your database, so your data has no blast radius here.
7. International users & children
Data is hosted in the EU. The service is not directed at children under 16, and we do not knowingly collect their data.
8. Changes to this policy
We may update this policy as the service evolves. Material changes will be reflected here with a new "last updated" date.
9. Contact & supervisory authority
Privacy questions: info@metawear.cz, or by post to the registered address above. If you believe we have mishandled your data, you may lodge a complaint with the Czech supervisory authority, the Office for Personal Data Protection (ÚOOÚ).
The short version: Veto never touches your database, doesn't store your SQL, and runs no AI model on your data. The only personal data we hold is what's needed to run a Pro license.
Connect Veto via MCP