DBGorilla Privacy Policy

**Effective date:** July 6, 2026

1. Introduction and Scope

This Privacy Policy explains how **Furious Engineering Inc. d/b/a DBGorilla** ("**DBGorilla**," "**we**," "**our**," or "**us**") collects, uses, discloses, and protects personal information.

It applies to our **marketing website** (dbgorilla.com), our **hosted AI database assistant and platform**, and related tools, integrations, local components (such as the customer telemetry collector), CLI, MCP server, APIs, and support services (together, the "**Services**").

DBGorilla is a B2B product, but the rights described here also apply to individual visitors and users in the European Union / EEA and United Kingdom, U.S. states with privacy laws, and Canada. This Policy is referenced by, and supplements, our Terms of Service.

2. Who We Are and How to Contact Us

Furious Engineering Inc. d/b/a DBGorilla

3005 Lamar Blvd, STE D‑109 #314, Austin, Texas 78704, USA

• Privacy inquiries: [email protected]

• General/legal: [email protected]

• Support: [email protected]

[CONFIRM: whether you have a designated privacy/data-protection lead or an EU/UK representative to name here.] No one to name

3. Personal Information We Collect

We collect information in three contexts:

**a. Website visitors.** IP address, device and browser characteristics, cookie and similar identifiers, pages viewed, referring URL, timestamps, approximate (coarse) location, and events from analytics, marketing, and sales‑intelligence technologies such as Google Analytics, HubSpot, Apollo, and the LinkedIn Insight Tag (see Section 6). Some of these technologies may identify or enrich business‑contact information about site visitors.

**b. Product users.** Account and profile information (name, email address, company name, role, and where provided, phone number and billing address); authentication identifiers and settings (including SSO/identity-provider data and multi‑factor settings); billing information (processed by our payment processor — we do not store full card numbers); product usage, logs, and telemetry; and support and feedback communications.

**c. Data from your connected databases and systems.** To provide the Services you may connect databases, cloud accounts, repositories, and CI/CD systems. We are designed to work with **database metadata, schema information, query plans, logs, diagnostic data, telemetry, and configuration data** — not full copies of your databases. **We do not intend or want to collect personally identifiable information (PII) from your databases**, and you are responsible for configuring the Services to avoid sending restricted or sensitive data (see the Terms of Service). For most deployments, telemetry is pushed to us by a customer‑controlled collector; we do not require or store your database credentials for standard monitoring.

4. How We Collect Personal Information

• **Directly from you** — account signup, purchases, support requests, and in‑product feedback.

• **Automatically** — cookies, pixels/tags, local storage, server logs, product telemetry, analytics, and advertising technologies including the LinkedIn Insight Tag (Section 6).

• **From your organization and partners** — SSO/identity providers, and integrations you enable (cloud providers, repositories, CI/CD, monitoring).

5. Purposes and Legal Bases for Processing

Where the law requires a legal basis (EU/UK) or identified purposes (PIPEDA), we rely on:

| Purpose | Legal basis (EU/UK) |

|---|---|

| Providing, operating, and supporting the Services | Performance of a contract |

| Securing the Services, preventing fraud and abuse | Legitimate interests; legal obligation |

| Product analytics and improvement | Legitimate interests; consent where required |

| Marketing and advertising, including LinkedIn Ads and retargeting | Consent (EU/UK/where required); legitimate interests / opt‑out (US) |

| Legal, compliance, and record‑keeping | Legal obligation; legitimate interests |

6. Cookies and Similar Technologies

We use cookies and similar technologies (pixels, tags, beacons, and local storage) on our website and in our product. Some are set by us (first‑party) and some by third parties such as analytics and advertising partners.

6.1 Types of cookies we use

• **Strictly necessary** — authentication, security, and core functionality (first‑party; cannot be turned off).

• **Analytics / performance** — understanding how the site and product are used, including **Google Analytics** and **HubSpot**.

• **Functional** — remembering preferences; includes **HubSpot** forms and chat.

• **Marketing, sales‑intelligence, and advertising** — measuring and delivering advertising, identifying and building audiences from site visitors, and retargeting — including the **LinkedIn Insight Tag**, **HubSpot**, **Apollo**, and **Google** technologies.

These include both first‑party and third‑party technologies, and the list may change as our tools change.

6.2 How to manage cookies

We do not currently operate a cookie consent banner or preference center. You can manage cookies through your browser settings (blocking or deleting cookies), through LinkedIn's own ad and data settings, and through applicable industry opt‑out tools (e.g., the NAI/DAA "YourAdChoices" tools).

6.3 LinkedIn Insight Tag and advertising

We use the **LinkedIn Insight Tag**, a tracking technology provided by LinkedIn Corporation (and, for EU/UK visitors, LinkedIn Ireland Unlimited Company). It collects information about visits to our website, including pages viewed, actions taken (such as form submissions), conversions, URL and referrer, IP address, device and browser characteristics, and timestamps.

This data is transmitted to LinkedIn and used to measure the effectiveness of our LinkedIn advertising, understand the aggregated professional profile of our visitors (LinkedIn Website Demographics), and build audiences for retargeting and ad optimization. If you are logged into LinkedIn while visiting our site, LinkedIn may associate the visit with your LinkedIn account and use that data for its own advertising and analytics as an independent controller.

You can manage advertising preferences in your LinkedIn account settings and through your browser and industry opt‑out tools.

7. "Do Not Sell or Share" and Targeted Advertising (US State Laws)

Certain tracking technologies on our site (including the LinkedIn Insight Tag) may be considered "sharing" or "targeted advertising" / "sale" under some U.S. state privacy laws because they enable cross‑context behavioral advertising. Residents of those states may opt out.

8. How We Use Personal Information

We use personal information to: provide, maintain, secure, and support the Services; process payments and manage subscriptions and Gorilla Credits; communicate about your account, billing, security, and product updates; analyze and improve the Services; deliver and measure marketing and advertising; and comply with law and enforce our Terms.

9. How We Share Personal Information

• **Service providers / processors** — hosting, infrastructure, observability/analytics, email and communications, payment processing, and support tools, acting on our instructions. [CONFIRM: link to a subprocessor list if you maintain one.]

• **Advertising, analytics, and marketing partners** — including **Google** (Analytics), **HubSpot** (CRM and marketing automation), **Apollo** (sales intelligence and website‑visitor identification), and **LinkedIn** (an independent controller for its advertising platform; Section 6.3). These partners may receive online identifiers, device/usage data, and — for HubSpot/Apollo — business‑contact information.

• **Legal and safety** — to comply with law, respond to lawful requests, and protect rights, safety, and the integrity of the Services.

• **Corporate transactions** — in connection with a merger, acquisition, financing, or sale of assets.

We do not sell your connected database contents. We may use aggregated or de‑identified data that does not identify you or any individual.

10. International Data Transfers

We operate the Services from the United States and may process data in the U.S. [CONFIRM: and Canada / EU, if applicable]. Where we transfer personal information across borders, we use appropriate safeguards such as Standard Contractual Clauses. LinkedIn's processing of Insight Tag data occurs under its own terms and safeguards.

11. Data Retention

We retain personal information only as long as necessary for the purposes described here or as required by law.

• **Product data** (agent observation history, telemetry, investigation transcripts, metadata, logs, outputs, clone records) follows your plan's retention window — currently **Free: 7 days; Pro: 30 days; Business: 180 days; Enterprise: as negotiated.**

• **Account and billing records** — for the life of your account and as required for legal, tax, and audit purposes.

• **Security and audit logs** — a minimum of 12 months.

• **Backups** — on a rolling basis (approximately 30–90 days) before deletion in the ordinary course.

• **Marketing and advertising data** — retained per our and our partners' settings until you opt out or it is no longer needed.

Your databases themselves are not stored by us as full database copies.

12. Data Security

We apply administrative, technical, and physical safeguards, including encryption in transit (and at rest where appropriate), role‑based access controls, least‑privilege access, multi‑factor authentication for privileged access, and periodic security review and testing. No method of transmission or storage is 100% secure, but we take reasonable steps to protect your information.

13. Your Privacy Rights

You may exercise the rights below by contacting us at [email protected] or through in‑product settings. We may need to verify your identity before acting.

13.1 EU/UK residents

Access, rectification, erasure, restriction, data portability, objection, and the right to withdraw consent. You may also lodge a complaint with your supervisory authority.

13.2 U.S. residents (including CCPA/CPRA and similar state laws)

The rights to know, access, delete, and correct personal information; to opt out of "sale," "sharing," and targeted advertising; and to not be discriminated against for exercising your rights. Use our "Your Privacy Choices" mechanism (Section 7) to opt out of advertising‑related sharing.

13.3 Canadian residents (PIPEDA)

The rights to access your personal information, challenge its accuracy, and withdraw consent (including for secondary purposes such as behavioral advertising). Opt‑outs for behavioral advertising take effect promptly. You may complain to the Office of the Privacy Commissioner of Canada.

14. Children's Privacy

The Services are intended for businesses and are not directed to children. We do not knowingly collect personal information from children; if we learn we have, we will delete it or handle it as required by law.

15. Changes to This Policy

We may update this Policy from time to time. For material changes we will use reasonable efforts to notify you (for example, by updating the effective date, posting a notice, or emailing you). Your continued use of the Services after an update takes effect constitutes acceptance of the updated Policy.

16. Contact and Complaints

Questions or complaints about this Policy or our data practices:

Furious Engineering Inc. d/b/a DBGorilla

3005 Lamar Blvd, STE D‑109 #314, Austin, Texas 78704, USA

EU/UK, U.S., and Canadian residents may also contact their applicable data protection authority.

dbgorilla

DBGoriila © 2026

dbgorilla

dbgorilla

DBGoriila © 2026