Security at SnoutData
SnoutData is a local-first desktop app. Your database credentials and your data stay on your machine, not on our servers. That is not a promise we ask you to trust, it is how the app is built.
Your database credentials never leave your machine
When you save a connection, its password, SSH key, and passphrase are encrypted with your operating system keychain (Windows Credential Manager, the macOS Keychain, or libsecret on Linux) and stored only on your device. SnoutData resolves them locally to open the connection. They are never transmitted to us, and we have no way to read them.
Your query results stay local
Queries run from your machine directly to the database you connect to. Results come back to your machine and stay there. SnoutData does not proxy, copy, or warehouse the contents of your databases, and there is no server-side path for our staff to reach them.
Everything in transit is encrypted
Traffic between the app and SnoutData services (sign-in, billing, the AI assistant, and updates) uses TLS. For your database connections, every driver supports TLS and SSH tunnels are always encrypted, so you can require an encrypted link to your own database.
AI privacy, with an option to bypass us entirely
When you use the assistant, your prompt is sent to the SnoutData AI gateway to reach a model, and the reply streams back. We do not warehouse your chats as user records; the assistant history is kept locally on your device. Editor features like completion and hover run fully on your machine and never call a model.
On Plus and Pro you can also bring your own provider key, which routes requests straight from your machine to OpenAI, OpenRouter, or Anthropic. On that path your key and your prompts never touch our servers at all. Read how bring your own key works.
We never see your card
Payments are handled by Stripe, a PCI-DSS Level 1 provider. Card details go directly to Stripe hosted checkout. SnoutData only ever receives a token and your subscription status. We never receive or store card numbers.
Infrastructure and subprocessors
SnoutData runs on established providers, each encrypting data at rest by default:
- Supabase: authentication and account data
- Stripe: payments and subscriptions
- Cloudflare: website hosting and installer downloads
- GitHub: source code and release distribution
- Sentry: anonymized crash reporting, scrubbed before it is sent
Vulnerability management
Dependencies are watched by automated scanning, and the code is scanned for vulnerabilities and leaked secrets on a schedule. Security fixes ship through the app auto-updater, so users move to a patched version on next launch.
Reporting a vulnerability
If you find a security issue, email [email protected]. We aim to acknowledge within three business days. Please give us a reasonable window to fix it before public disclosure, and do not access data that is not yours.
Compliance
SnoutData is not yet SOC 2 certified. The architecture is built to minimize what a review has to cover: the most sensitive data, your credentials and your database contents, never reaches us. We maintain an internal security program covering access control, encryption, incident response, and vendor review, and we are happy to complete security questionnaires for evaluation. If your organization requires a formal report, get in touch and we will scope it.
Questions?
For anything security or privacy related, reach us at [email protected].