QueryDeck Docs
AI Assistant

AI privacy

What each provider sees, what stays local, and how to keep sensitive schemas off the cloud.

For: everyone working with sensitive data.

The AI assistant sends some information to the model it's running. This page documents what's sent, what isn't, and how to control it.

What's always sent

When you submit a prompt, the AI provider receives:

WhatWhy
Your prompt textObviously
Your active database's typeSo the model uses the right SQL dialect
A schema summaryTables, columns, types, indexes, foreign keys
The query at the cursor or selected textWhen relevant to the prompt
The conversation history within the current tabSo follow-ups work

The schema summary is structure only: names, types, relationships. No row data, no sample values.

What's never sent

Even if you ask for it:

Never sentWhy
Row dataSchema is enough for SQL. Sending rows is a privacy footgun.
Connection passwordsStored in the Keychain, never touch the AI path.
SSH keysSame.
.env filesSame.
Your filesystemThe AI doesn't browse your disk.
Query resultsUnless you paste them yourself, the results of your queries stay local.

If you paste rows or env values into the chat, those go to the provider. The protection is at the boundary — QueryDeck doesn't include them automatically.

Per-provider data handling

Apple Intelligence (Foundation Models)

  • Everything stays on your Mac. The prompt, schema, and conversation are processed by the on-device model.
  • No network round-trip. Works offline.
  • Apple's privacy policy: the on-device foundation model doesn't send your data to Apple either.

This is the recommended provider when working with sensitive schemas.

OpenAI

  • Sent over HTTPS to api.openai.com (or your custom base URL).
  • OpenAI's data retention policy applies. By default, API requests are retained for up to 30 days for abuse monitoring, then deleted.
  • OpenAI does not train on API data by default (documentation).
  • If your contract with OpenAI includes zero-retention, the same applies through QueryDeck.

Anthropic

  • Sent over HTTPS to api.anthropic.com (or your custom base URL).
  • Anthropic's API data is retained according to their commercial agreement. By default, they don't train on API inputs.
  • See Anthropic's privacy policy for specifics.

Ollama

  • Sent to your configured Ollama base URL.
  • If Ollama runs on localhost, the data stays on your Mac.
  • If Ollama runs on a remote server you control, the data goes to that server. Make sure the network path is trusted.

Custom (OpenAI-compatible)

  • Sent to the base URL you configured.
  • Behavior depends entirely on the endpoint operator.
  • Common cases: corporate gateways (data stays in your VPC), public proxies (depends on the proxy operator), self-hosted vLLM (data stays where you host it).

How the schema summary is built

When you send a prompt, QueryDeck builds the schema context like this:

  1. For the active table (if any), include the full structure: every column with its type, nullability, default, primary key flag, unique flags.
  2. For referenced tables (any table the active one points at via FK), include the structure of those too.
  3. For the rest of the database, include a compact list of table names with column counts.
  4. Indexes on the active and referenced tables are included.

For databases with hundreds of tables, the full list of names alone can be large. QueryDeck truncates to fit the model's context window — tables you've recently opened are prioritized.

What's logged on disk

LoggedWhere
Your prompts and the model's responses~/Library/Application Support/QueryDeck/ai-history/
The schema context sent with each promptSame
The provider used per requestSame

Nothing is sent to QueryDeck's servers. The logs are local.

To clear: SettingsAIClear AI history. This deletes the on-disk logs and the in-app conversation panels.

Working with sensitive schemas

If your schema itself is sensitive (PHI, regulated data, customer names as table names), here are the safe-by-default options:

  1. Use Apple Intelligence — nothing leaves your Mac.
  2. Use Ollama locally — same, with bigger models.
  3. Disable AI entirelySettingsAI → toggle off. The panel disappears from the UI.

If you must use a cloud provider:

  1. Read the provider's data policy. OpenAI and Anthropic don't train on API inputs by default, but verify.
  2. If your org has a corporate gateway, configure QueryDeck as a "Custom" provider pointing at the gateway. Your data stays in your VPC.

Disabling AI

If you don't want the AI at all:

  • SettingsAIProvider → set to "None".

The AI panel disappears. Cmd+I no longer opens anything. Right-click "Ask AI..." entries are hidden.

This is per-installation. To enforce it across a team, share a ~/Library/Preferences/com.querydeck.app.plist with the AI provider locked.

What QueryDeck explicitly doesn't do

  • We don't have an "AI server". There is no QueryDeck-hosted endpoint that proxies your prompts.
  • We don't add a system prompt that asks the model to remember anything about you.
  • We don't include the contents of your query result by default.
  • We don't track which prompts you send. There's no telemetry on the AI feature.

What's next