Privacy Policy

Last updated: February 21, 2026

1. Introduction and Scope

Welcome to SchemaVerse. This Privacy Policy explains how SchemaVerse ("we," "us," or "our") collects, uses, discloses, and safeguards your information when you visit our website and use our services. SchemaVerse is a platform for discovering, creating, and sharing database schemas.

This policy applies to all users of SchemaVerse, including visitors who browse publicly available schemas without creating an account, as well as registered users who create, edit, and share schemas on the platform. By accessing or using SchemaVerse, you agree to the terms outlined in this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our services immediately.

2. Information We Collect

We collect information in the following categories to provide and improve our services:

Account Data

When you create an account on SchemaVerse, you authenticate through third-party OAuth providers. We support GitHub OAuth and Google OAuth for account creation and sign-in. Through these providers, we may receive and store the following information:

  • Your name as provided by the OAuth provider
  • Your email address associated with your GitHub or Google account
  • Your profile picture or avatar URL
  • Your username (particularly from GitHub)
  • Your unique identifier from the OAuth provider

Usage Data

We automatically collect certain information when you interact with our platform. This includes details about the schemas you view, create, edit, fork, and vote on, as well as your search queries and browsing patterns within the application.

Analytics Data

We use PostHog, a product analytics platform, to collect anonymized usage data about how you interact with SchemaVerse. This may include page views, feature usage patterns, session duration, browser type, operating system, device type, referral source, and general geographic location derived from your IP address. PostHog helps us understand how our platform is used so we can improve the user experience.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To create and manage your account, authenticate your identity, and provide you with access to our platform features
  • To display your public profile information alongside the schemas you create and share
  • To send you transactional emails related to your account activity, such as notifications about forks, votes, or comments on your schemas
  • To analyze usage trends and improve the functionality, performance, and reliability of SchemaVerse
  • To personalize your experience by remembering your preferences and settings
  • To detect, prevent, and address technical issues, abuse, or fraudulent activity
  • To comply with legal obligations and enforce our terms of service
  • To communicate important updates about the platform, including changes to this Privacy Policy

4. Third-Party Services

SchemaVerse integrates with the following third-party services to operate our platform. Each of these services has its own privacy policy governing their handling of your data:

  • PostHog -- We use PostHog for product analytics to understand how users interact with SchemaVerse. PostHog collects anonymized usage data including page views, feature interactions, and session information. You can learn more about PostHog's data practices in their privacy policy.
  • GitHub OAuth -- We use GitHub as an authentication provider, allowing you to sign in with your GitHub account. When you authenticate via GitHub, we receive limited profile information as authorized by your GitHub account settings. GitHub's privacy policy governs their handling of your data.
  • Google OAuth -- We use Google as an authentication provider, allowing you to sign in with your Google account. When you authenticate via Google, we receive limited profile information as authorized by your Google account settings. Google's privacy policy governs their handling of your data.
  • Resend -- We use Resend as our email delivery service to send transactional emails such as account notifications, password reset links, and important platform updates. Your email address is shared with Resend solely for the purpose of delivering these communications. Resend's privacy policy governs their handling of your data.

We do not sell, rent, or trade your personal information to any third parties for marketing or advertising purposes.

5. Cookies and Local Storage

SchemaVerse uses a minimal approach to client-side data storage. We prioritize your privacy by limiting the data stored in your browser to what is necessary for the platform to function properly.

  • Theme Preference -- We store your selected theme (light or dark mode) in your browser's localStorage under the key "vite-ui-theme". This preference persists across sessions so the interface appears in your preferred visual mode each time you visit.
  • Session Cookies -- We use essential cookies to maintain your authentication session when you are signed in. These cookies are strictly necessary for the platform to function and cannot be disabled while using authenticated features.
  • Analytics Cookies -- PostHog may set cookies to distinguish unique users and sessions for analytics purposes. These cookies help us understand aggregate usage patterns without identifying individual users.

You can clear your browser's localStorage and cookies at any time through your browser settings. Please note that clearing session cookies will sign you out of SchemaVerse, and clearing localStorage will reset your theme preference to the default.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. Specifically:

  • Account data is retained for the duration of your account's existence. If you delete your account, we will remove your personal information within 30 days, except where we are required to retain it by law.
  • Schema data that you have published publicly may be retained in an anonymized form even after account deletion, as other users may have forked or depend on those schemas.
  • Analytics data collected by PostHog is retained in accordance with PostHog's data retention policies and our configuration settings. This data is anonymized and cannot be used to identify individual users.
  • Server logs containing IP addresses and request data are automatically purged after 90 days.

7. Data Security

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction. Our security practices include:

  • All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security)
  • Authentication is handled through established OAuth providers (GitHub and Google), meaning we never store or have access to your passwords
  • Access to production databases and infrastructure is restricted to authorized personnel only
  • We regularly review and update our security practices to address emerging threats and vulnerabilities

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents that may occur.

8. Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information. We are committed to honoring these rights for all users, regardless of location:

  • Right to Access -- You have the right to request a copy of the personal information we hold about you. You can view most of your information directly through your account profile settings.
  • Right to Correction -- You have the right to request that we correct any inaccurate or incomplete personal information. You can update your profile information at any time through your account settings.
  • Right to Deletion -- You have the right to request deletion of your personal information. You can delete your account through your account settings, or contact us to request deletion. We will process deletion requests within 30 days, subject to any legal obligations requiring us to retain certain data.
  • Right to Data Portability -- You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can export your schemas and account data at any time. Contact us if you need assistance with data export.

To exercise any of these rights, please contact us at contact@schema-verse.com. We will respond to your request within 30 days.

9. Children's Privacy

SchemaVerse is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13 years of age. If we become aware that we have inadvertently collected personal information from a child under 13, we will take immediate steps to delete that information from our records.

If you are a parent or guardian and believe that your child under 13 has provided us with personal information, please contact us at contact@schema-verse.com so that we can take appropriate action.

10. International Data Transfers

SchemaVerse is operated from and our servers may be located in various jurisdictions. If you access SchemaVerse from outside the country where our servers are located, your information may be transferred to, stored in, and processed in a country other than the one in which you reside. Data protection laws in these countries may differ from those in your jurisdiction.

By using SchemaVerse, you consent to the transfer of your information to countries outside your country of residence, including countries that may not provide the same level of data protection as your home country. We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy, regardless of where it is processed or stored.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this policy, we will notify you by updating the "Last updated" date at the top of this page. For significant changes that materially affect your rights or how we use your personal information, we will provide more prominent notice, such as a notification within the SchemaVerse platform or an email to the address associated with your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of SchemaVerse after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us:

Email: contact@schema-verse.com

We will make every effort to respond to your inquiry within 30 days. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.