We built Bayanate for founders who care about their data. Here's exactly what we do with it.
We only request read-only credentials. Bayanate can never modify, delete, or write to your data.
We verify read-only access on connection and reject connections with write permissions.
Your credentials are encrypted at rest using AES-256 and never stored in plain text.
All connections are made over SSL only — unencrypted connections are rejected.
Table and column names — to understand your schema and generate accurate SQL.
Row counts and data samples — to generate insights and detect anomalies.
Query results from SELECT statements only — no writes, no DDL, no system-level access.
We never access or store raw PII fields — emails, names, and phone numbers are excluded from data samples.
Never sell or share your data with third parties for any purpose.
Never log your data in our application logs — errors and diagnostics contain only metadata, never row values.
Never send your raw data to LLM providers — only schema structure and aggregated query results are used in AI calls.
Application servers hosted on Fly.io (Paris region) and Vercel — EU-based infrastructure.
Bayanate's own database runs on Neon Postgres with encryption at rest.
Credentials are org-scoped and isolated — no cross-org data access is possible by design.