Data security and privacy is a top priority at BlazeSQL. We have comprehensive security measures and infrastructure, do not use your data to train models, do not disclose private information to third parties, and will delete any data on request.
How BlazeSQL Handles Your Data
BlazeSQL is designed with a privacy-first architecture. BlazeSQL does not need to import or store your actual data rows — the AI model only needs the names of your tables and columns (and optional descriptions) to write SQL queries.
In the web app, query results are handled server-side to enable features like dashboards, sharing, and AI-powered analysis — all fully encrypted and secure (see the Web App section below). On the desktop app, offline mode is enabled by default, meaning results stay entirely on your device. We recommend disabling offline mode (by enabling “Send query results to AI” in settings) unless your organization has strict compliance requirements that mandate keeping data local — disabling it unlocks Blaze’s full analytical capabilities, and your data remains fully protected — with zero data retention on all AI calls, no model training on your data, AES-256 encryption, and self-service deletion at any time (see details below).
What BlazeSQL Accesses | Stored on Our Servers? | Purpose |
Schema names, table names, column names, data types | Yes (encrypted) | Generate accurate SQL queries |
Category values (optional) | Yes (encrypted) | Understand column vocabularies for better queries |
Database credentials (web app) | Yes (encrypted) | Execute queries on your behalf |
Chat messages | Yes (encrypted) | Provide conversational AI experience |
Query results (web app) | Yes (encrypted, deletable) | Display results, dashboards, sharing |
Query results (desktop app) | No — stored locally | Results stay on your device |
Desktop App
The BlazeSQL Desktop application (available at blazesql.com/download) is designed to allow users to leverage BlazeSQL while keeping data completely local. The application connects directly from your device to your database, and query results are sent straight from your database to your device and stored locally. Your data never actually leaves your environment.
Exceptions that will lead to data being sent to our servers (these are not enabled by default):
If you use the AI-generated email reports feature (optional)
If the "Send query results to AI" setting is enabled (optional)
Using the Advanced model for forecasting and advanced statistical analysis (optional)
We strongly recommend enabling “Send query results to AI” unless your organization has strict regulatory requirements that mandate keeping all data on-device. When enabled, your data is protected by the same enterprise-grade measures as the web app: Zero Data Retention on all AI model calls (prompts and responses are not stored by Google), your data is never used to train models, all data is encrypted at rest (AES-256) and in transit (TLS), customer data is used only to provide the BlazeSQL service and never for any other purpose, and you can delete any data at any time via self-service controls. Keeping offline mode on limits Blaze’s ability to analyze results, spot errors, and self-correct during conversations.
Web App
The BlazeSQL Web application (available at blazesql.com/app) is the easiest way to use BlazeSQL without installing any software. The database connection is made from BlazeSQL's secure cloud infrastructure on Google Cloud Platform, from a server with a static IP address that customers can whitelist.
To provide a fast, reliable, and collaborative experience, the web app stores chat prompts, responses, query results, saved queries, dashboards, and chat history in BlazeSQL's own GCP Firestore database. This caching:
Allows quick viewing of queries, dashboards, and chat history without re-querying the source database each time
Enables sharing across the customer's organization
Reduces latency and unnecessary database costs
API Database Connector
For companies with policies that strictly require database records and query results to stay entirely within their own cloud infrastructure, customers can provide an API endpoint that takes an SQL query and stores the result in an AWS S3 Bucket, Azure Blob Storage, or GCP Cloud Storage. The BlazeSQL Web Client would then directly retrieve the query result to the user's browser/device, ensuring the data travels directly from the customer's cloud environment to their end user's device.
To learn more, see the Database Connection API documentation.
Zero Data Retention (ZDR) and Model Training
BlazeSQL is fully hosted on Google Cloud Platform (GCP), with Large Language Models running on GCP Vertex AI. Zero Data Retention (ZDR) has been enabled and verified for all Vertex AI model calls. This guarantees that:
Prompts and responses sent to Vertex AI are not stored by Google.
Customer data is not used by Google to train or improve its models when ZDR is enabled.
More details on ZDR and Google's policy can be found at Google Vertex AI — Data Governance.
Customer Data Usage (Purpose Limitation)
Customer data is used only to provide the BlazeSQL service to the customer — for example, answering questions, generating insights, enabling collaboration within the customer's team, and accelerating performance via cached views. Customer data is never used for any other purpose. By default, BlazeSQL does not train its models on customer data. Training on customer data would only occur if a customer explicitly opts in via a separate agreement.
Cloud Environment Security
BlazeSQL uses the following encryption:
Data-at-Rest Encryption: All user data stored in BlazeSQL is secured under the 256-bit Advanced Encryption Standard (AES-256), applied to all data within the computing, storage, networking, and off-site media at Google data centers.
Data-in-Transit Encryption: All data-in-transit is securely encrypted using HTTPS with Transport Layer Security (TLS), ensuring all communications between BlazeSQL and cloud servers are protected against interception.
Google Cloud Firestore Encryption: Firestore automatically encrypts all data both at rest and in transit. Advanced custom security rules control access to critical data, ensuring that only authorized accesses are permitted.
Access Permissions
Databases added to BlazeSQL are controlled by the person who added them ("the admin"). Only individuals explicitly selected by the admin ("invitees") can view the database. Invitees can either only read, or read and write (creating, updating, and deleting tables) depending on the level of access granted by the admin.
Logging and Accountability
Enterprise customers can opt to record events for monitoring and troubleshooting system performance and security. Users require unique accounts, allowing enterprise customers to precisely monitor and trace all activity:
User Activity: Who generated, modified, or deleted SQL queries, which data they accessed, timestamps, and more.
Security Events: Failed login attempts, changes in user roles, or access permissions.
System Activity: Records of system events such as system shutdown, updates, or system errors.
Compliance
BlazeSQL's Google Cloud Platform infrastructure holds several key security accreditations:
GDPR Compliant: We comply with the EU General Data Protection Regulation. You can request data export or deletion at any time.
SOC 1, SOC 2, SOC 3: Our infrastructure and processes meet SOC security standards.
CCPA Compliant: California Consumer Privacy Act requirements are met.
ISO 27001, ISO 27017, ISO 27018: International information security management standards.
HIPAA: BlazeSQL's GCP infrastructure fully supports HIPAA compliance. BlazeSQL has entered into a BAA with Google to enable users to remain HIPAA compliant when BlazeSQL servers query protected health data. For enterprise contracts, we can sign BAAs with customers that need to be HIPAA compliant.
FIPS 140-2 Level 3: For specific enterprise needs, Google Cloud additionally offers Cloud HSM to manage cryptographic keys.
Retention and Deletion Controls
Self-service deletion: Users can delete chats, queries, dashboards, or results at any time directly within the BlazeSQL application. Each stored entity has a clearly visible Delete control.
Bulk deletion: Organization-level bulk deletion can be requested via BlazeSQL support.
Source systems unaffected: Deleting data in BlazeSQL removes it from BlazeSQL's storage only; it does not modify or delete records in the customer's own source database.
Data export: Request a machine-readable export of your personal data (fulfilled within 14 days).
Marketing opt-out: Unsubscribe from email communications at any time.
Incident Response
BlazeSQL has a customizable incident response strategy:
Identification and Reporting: Leveraging GCP's built-in security controls and Firebase's real-time monitoring to ensure quick identification. Unusual system activities are instantly flagged and reported.
Assessment and Analysis: BlazeSQL's security team assesses severity, documents extent and potential impact, and prioritizes incidents accordingly.
Containment and Eradication: Affected components are immediately isolated to limit data exposure or system damage. The source of the incident is identified and eradicated.
Recovery: GCP's robust data recovery and backup solutions restore affected services and data.
Post-Incident Review: A review is conducted to understand root cause, measure response effectiveness, identify security gaps, and develop a plan to prevent repetition.
Communication: Transparent and timely communication is maintained with all stakeholders throughout the process.
Enterprise Options
For organizations with stricter compliance requirements:
Self-hosted deployment: Run BlazeSQL within your own GCP infrastructure.
Database Connection API: Keep all query processing within your infrastructure — BlazeSQL only sends SQL queries to your endpoint.
SSO Authentication: SAML and OpenID Connect support.
HIPAA BAA: Available for enterprise contracts requiring HIPAA compliance.
Enterprise Data Policy Addendum: Available at blazesql.com/data-policy-addendum.html.
For the full privacy policy, see blazesql.com/privacy.
© Blaze Analytics vGmbH (LU35935057), 23 Boulevard Friedrich Wilhelm Raiffeisen, 2411 Luxembourg