This policy explains what CrescoDB ("CrescoDB", "we", "us") collects, why, and what choices you have. CrescoDB is a local-first developer tool: most of your work — your database, code, and the cresco dev server — stays on your own machine. We only receive data when you use the hosted parts of the product (an account, the AI features, cloud backups, shared projects, the module registry, or billing).
CrescoDB provides a command-line tool, an admin dashboard, and a hosted account platform at crescodb.com. For privacy questions, contact support@crescodb.com.
When you run CrescoDB locally, the following never leave your computer unless you explicitly use a hosted feature:
| Category | What | Why |
|---|---|---|
| Account | Email, name, username, timezone, optional avatar, and — if you sign in with GitHub/Google — your provider profile (id, email, public username). | Create and operate your account, sign-in, support. |
| AI usage | The prompts/code you send to the AI features, and token/usage counts. | Provide the AI assistant and coding agent, meter usage, and enforce per-account limits. |
| Billing | Plan, transaction references, amounts, currency. Card details are handled by our payment processors — we never see or store full card numbers. | Process subscriptions and module purchases. |
| Cloud backups | Database snapshots you choose to upload, plus a separate backup-retrieval password (stored only as a hash). | Store and restore backups you request. |
| Shared projects | Project name, schema, and the database connection string you choose to share with your team. | Let teammates open the same shared project. |
| Registry | Modules you publish (metadata + code) and your install activity. | Operate the package registry and entitlement checks. |
| Technical | Standard request logs (IP, timestamps, user agent) on the hosted platform; local-storage values in the dashboard for your preferences and session. | Security, abuse prevention, and reliability. |
The AI assistant and coding agent run on our model provider keys (you don't supply your own). To generate responses, the prompts and relevant project context you submit are sent to our model providers (currently OpenAI and Anthropic) solely to return a result to you. We meter usage to operate the service and apply plan limits. Don't paste secrets or sensitive personal data into AI prompts.
We share the minimum necessary data with providers that help us run CrescoDB:
Each processes data under its own terms and only as needed to provide its function.
We protect account data with measures appropriate to its sensitivity: passwords and the backup-retrieval password are stored only as salted hashes (never plaintext), email links use single-use expiring tokens, and access to shared projects and backups is checked on every request. No method of transmission or storage is 100% secure, but we work to safeguard your data and improve continuously.
We keep account data while your account is active. Cloud backups, shared-project records, and published modules are kept until you delete them or close your account. We may retain limited records as required for legal, accounting, or security purposes.
CrescoDB is not directed to children under 16, and we do not knowingly collect their personal data.
Our providers may process data in other countries. Where we transfer data internationally, we rely on appropriate safeguards offered by those providers.
We may update this policy as the product evolves. We'll revise the "Last updated" date above and, for material changes, give notice through the product or by email.
Questions or requests: support@crescodb.com. See also our Terms of Service.