AI privacy
What each provider sees, what stays local, and how to keep sensitive schemas off the cloud.
For: everyone working with sensitive data.
The AI assistant sends some information to the model it's running. This page documents what's sent, what isn't, and how to control it.
What's always sent
When you submit a prompt, the AI provider receives:
| What | Why |
|---|---|
| Your prompt text | Obviously |
| Your active database's type | So the model uses the right SQL dialect |
| A schema summary | Tables, columns, types, indexes, foreign keys |
| The query at the cursor or selected text | When relevant to the prompt |
| The conversation history within the current tab | So follow-ups work |
The schema summary is structure only: names, types, relationships. No row data, no sample values.
What's never sent
Even if you ask for it:
| Never sent | Why |
|---|---|
| Row data | Schema is enough for SQL. Sending rows is a privacy footgun. |
| Connection passwords | Stored in the Keychain, never touch the AI path. |
| SSH keys | Same. |
.env files | Same. |
| Your filesystem | The AI doesn't browse your disk. |
| Query results | Unless you paste them yourself, the results of your queries stay local. |
If you paste rows or env values into the chat, those go to the provider. The protection is at the boundary — QueryDeck doesn't include them automatically.
Per-provider data handling
Apple Intelligence (Foundation Models)
- Everything stays on your Mac. The prompt, schema, and conversation are processed by the on-device model.
- No network round-trip. Works offline.
- Apple's privacy policy: the on-device foundation model doesn't send your data to Apple either.
This is the recommended provider when working with sensitive schemas.
OpenAI
- Sent over HTTPS to
api.openai.com(or your custom base URL). - OpenAI's data retention policy applies. By default, API requests are retained for up to 30 days for abuse monitoring, then deleted.
- OpenAI does not train on API data by default (documentation).
- If your contract with OpenAI includes zero-retention, the same applies through QueryDeck.
Anthropic
- Sent over HTTPS to
api.anthropic.com(or your custom base URL). - Anthropic's API data is retained according to their commercial agreement. By default, they don't train on API inputs.
- See Anthropic's privacy policy for specifics.
Ollama
- Sent to your configured Ollama base URL.
- If Ollama runs on
localhost, the data stays on your Mac. - If Ollama runs on a remote server you control, the data goes to that server. Make sure the network path is trusted.
Custom (OpenAI-compatible)
- Sent to the base URL you configured.
- Behavior depends entirely on the endpoint operator.
- Common cases: corporate gateways (data stays in your VPC), public proxies (depends on the proxy operator), self-hosted vLLM (data stays where you host it).
How the schema summary is built
When you send a prompt, QueryDeck builds the schema context like this:
- For the active table (if any), include the full structure: every column with its type, nullability, default, primary key flag, unique flags.
- For referenced tables (any table the active one points at via FK), include the structure of those too.
- For the rest of the database, include a compact list of table names with column counts.
- Indexes on the active and referenced tables are included.
For databases with hundreds of tables, the full list of names alone can be large. QueryDeck truncates to fit the model's context window — tables you've recently opened are prioritized.
What's logged on disk
| Logged | Where |
|---|---|
| Your prompts and the model's responses | ~/Library/Application Support/QueryDeck/ai-history/ |
| The schema context sent with each prompt | Same |
| The provider used per request | Same |
Nothing is sent to QueryDeck's servers. The logs are local.
To clear: Settings → AI → Clear AI history. This deletes the on-disk logs and the in-app conversation panels.
Working with sensitive schemas
If your schema itself is sensitive (PHI, regulated data, customer names as table names), here are the safe-by-default options:
- Use Apple Intelligence — nothing leaves your Mac.
- Use Ollama locally — same, with bigger models.
- Disable AI entirely —
Settings→AI→ toggle off. The panel disappears from the UI.
If you must use a cloud provider:
- Read the provider's data policy. OpenAI and Anthropic don't train on API inputs by default, but verify.
- If your org has a corporate gateway, configure QueryDeck as a "Custom" provider pointing at the gateway. Your data stays in your VPC.
Disabling AI
If you don't want the AI at all:
Settings→AI→Provider→ set to "None".
The AI panel disappears. Cmd+I no longer opens anything. Right-click "Ask AI..." entries are hidden.
This is per-installation. To enforce it across a team, share a ~/Library/Preferences/com.querydeck.app.plist with the AI provider locked.
What QueryDeck explicitly doesn't do
- We don't have an "AI server". There is no QueryDeck-hosted endpoint that proxies your prompts.
- We don't add a system prompt that asks the model to remember anything about you.
- We don't include the contents of your query result by default.
- We don't track which prompts you send. There's no telemetry on the AI feature.
What's next
- Providers for picking the right one for your privacy needs
- Overview for the conceptual model
- Credentials and Keychain for password storage