How does AskYourDatabase protect your data?
In this article, we'll explore the workings of the AskYourDatabase plugin and desktop application, focusing on how we safeguard your data.
How Plugin works
Here's a simplified diagram illustrating the process:
To use the plugin, you need to provide ChatGPT with your database credentials. These credentials are then transmitted to our server, which attempts to establish a connection with your database.
However, this approach raises several security concerns:
- While we don't store your credentials, they are still disclosed in the ChatGPT chat history, potentially being used in training the OpenAI model.
- We don't interact with your database beyond establishing a connection. However, the ability to connect to your database from our server means that, in the event of a cyber attack on our server, there's a risk that hackers could access your database through our server.
Measures to Protect Your Data:
- We ensure that your credentials are never stored.
- All network communications are secured using HTTPS protocol.
Despite these precautions, we recommend the following steps to further secure your data:
- Create a read-only user account if your intention is solely to query data.
- Whitelist our static IP to allow database connections.
- Change your password after completing your tasks.
How Desktop works
The following image illustrates the desktop application's process:
The desktop application establishes a connection to your database directly from your local computer (future updates will include SSH tunnel support).
Your credentials are securely stored in your local vault and are not transmitted elsewhere. Only your queries and the database schema information are sent to our server.
Our server acts merely as a conduit to OpenAI, and we do not store your conversations.
Thus, the desktop version maintains a high level of security for most use cases.
If privacy is a paramount concern (for instance, if you wish to prevent OpenAI from using your conversation history in model training), we recommend considering ChatGPT Enterprise.
We offer integration with ChatGPT Enterprise and are available for demos upon request.
Both the AskYourDatabase plugin and desktop application are designed with your data security in mind.
While the plugin requires careful handling of database credentials and adherence to recommended security practices, the desktop application offers enhanced privacy by handling connections locally and storing credentials securely on your device.
We continuously strive to balance functionality with security, ensuring that your data remains protected. For those with heightened privacy needs, our integration with ChatGPT Enterprise provides an additional layer of security, aligning with the most stringent data protection standards.