Privacy Policy

This Privacy Policy describes how Reasonable Tech Co. (“Reasonable Tech”, “we”, “us”) collects, uses, and shares information when you use Tabula, our managed-Postgres service for AI agents (the “Service”). It applies to information collected through the Tabula web dashboard, REST API, MCP interface, command-line tooling, and related communications.

1. Information we collect

We collect the following categories of information:

Account information. Email address, display name, hashed passkey credentials, and the timestamps of your registration and most recent sign-in.
Billing information. The subscription plan you have selected, the Stripe customer and subscription identifiers associated with your account, and your billing email. Payment card numbers and bank-account details are handled by Stripe and never reach our systems.
Database metadata. The names, regions, and sizes of databases you create; schema definitions; and the timestamps of significant lifecycle events (creation, trial transitions, deletion).
Usage data. The number and shape of MCP and REST calls you make, the agents that issued them, response times, and error rates. We use this data to bill metered usage and to operate the Service.
Support correspondence. The contents of email and chat conversations you have with our support team.
Cookies & local storage. A session cookie issued by the accounts service after sign-in, and any local storage values necessary to keep you signed in. We do not use third-party advertising or cross-site tracking cookies.

We do not inspect the contents of your database rows or AI prompts as part of normal operation. The hosting layer (Neon) stores those values encrypted at rest and we do not have routine access to them. Support staff will only access database contents when you grant explicit written permission to debug a specific issue.

2. How we use information

To provision and operate your databases, including the agentic schema-design and migration features of the Service.
To meter usage and bill you for the plan you selected.
To send transactional notifications (account verification, trial-state changes, billing alerts, security notices).
To investigate and prevent abuse, fraud, and security incidents.
To improve the Service, including aggregate statistics that do not identify you or your end users.
To comply with legal obligations and respond to lawful requests.

3. Service providers we share data with

We rely on a small set of vetted subprocessors to deliver the Service. Each is contractually obligated to use your data only to perform services for us.

Neon Inc. hosts the managed-Postgres instances that store your data.
Stripe, Inc. processes payments and issues invoices.
Resend.com delivers transactional email.
Anthropic PBC and OpenAI, Inc. provide the large-language-model inference our schema-design features rely on, when you or your agent invoke that feature. We do not send personally identifying information or database row contents to these providers as part of normal operation; we send the natural-language prompt and the existing schema, both of which are authored by you or your agent.
Google Cloud Platform. Cloud Run and Cloud SQL host the Tabula application services; Secret Manager stores production credentials.

4. Data retention

Account information is retained for the life of the account. Database metadata and usage data are retained for 24 months after the most recent activity, after which they are aggregated and de-identified. Trial-database contents are deleted automatically at the end of the trial window (see the Terms of Service). Paid-plan database contents are retained until you delete the database or terminate the account; after termination you have 30 days to export, after which the data is permanently deleted.

Support correspondence and abuse-investigation records are retained for 3 years.

5. Your rights

Depending on where you live, you may have rights to:

Access the information we hold about you.
Correct information that is inaccurate.
Delete your account and the associated data.
Port your data to another service (pg_dump for database contents; CSV exports for account metadata).
Object to or restrict processing where the processing is based on legitimate interests.

To exercise any of these rights, write to privacy@reasonabletech.co. We will respond within 30 days.

6. International transfers

Our infrastructure is operated in the United States. If you access the Service from outside the United States, your information will be transferred to and processed there. Where applicable we rely on the EU Standard Contractual Clauses for transfers from the European Economic Area and the UK Addendum for transfers from the United Kingdom.

7. Security

We use industry-standard technical and organizational measures to protect your information, including encryption in transit (TLS 1.2+) and at rest, mutual-TLS authentication between internal services, hardware-backed passkey credentials in place of passwords, and least-privilege access for our staff. No system is perfectly secure; if we become aware of a breach that materially affects your information we will notify you within 72 hours.

8. Children

The Service is not directed to children under 18 and we do not knowingly collect information from them. If you believe a child has provided us information, please contact us and we will delete it.

9. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced by email to your account address and will take effect no sooner than 30 days after notice.

10. Contact

For privacy questions, write to privacy@reasonabletech.co. For security disclosures, write to security@reasonabletech.co.

1. Information we collect

We collect the following categories of information:

Account information. Email address, display name, hashed passkey credentials, and the timestamps of your registration and most recent sign-in.
Billing information. The subscription plan you have selected, the Stripe customer and subscription identifiers associated with your account, and your billing email. Payment card numbers and bank-account details are handled by Stripe and never reach our systems.
Database metadata. The names, regions, and sizes of databases you create; schema definitions; and the timestamps of significant lifecycle events (creation, trial transitions, deletion).
Usage data. The number and shape of MCP and REST calls you make, the agents that issued them, response times, and error rates. We use this data to bill metered usage and to operate the Service.
Support correspondence. The contents of email and chat conversations you have with our support team.
Cookies & local storage. A session cookie issued by the accounts service after sign-in, and any local storage values necessary to keep you signed in. We do not use third-party advertising or cross-site tracking cookies.

2. How we use information

To provision and operate your databases, including the agentic schema-design and migration features of the Service.
To meter usage and bill you for the plan you selected.
To send transactional notifications (account verification, trial-state changes, billing alerts, security notices).
To investigate and prevent abuse, fraud, and security incidents.
To improve the Service, including aggregate statistics that do not identify you or your end users.
To comply with legal obligations and respond to lawful requests.

3. Service providers we share data with

We rely on a small set of vetted subprocessors to deliver the Service. Each is contractually obligated to use your data only to perform services for us.

Neon Inc. hosts the managed-Postgres instances that store your data.
Stripe, Inc. processes payments and issues invoices.
Resend.com delivers transactional email.
Anthropic PBC and OpenAI, Inc. provide the large-language-model inference our schema-design features rely on, when you or your agent invoke that feature. We do not send personally identifying information or database row contents to these providers as part of normal operation; we send the natural-language prompt and the existing schema, both of which are authored by you or your agent.
Google Cloud Platform. Cloud Run and Cloud SQL host the Tabula application services; Secret Manager stores production credentials.

4. Data retention

Support correspondence and abuse-investigation records are retained for 3 years.

5. Your rights

Depending on where you live, you may have rights to:

Access the information we hold about you.
Correct information that is inaccurate.
Delete your account and the associated data.
Port your data to another service (pg_dump for database contents; CSV exports for account metadata).
Object to or restrict processing where the processing is based on legitimate interests.

To exercise any of these rights, write to privacy@reasonabletech.co. We will respond within 30 days.

6. International transfers

7. Security

8. Children

The Service is not directed to children under 18 and we do not knowingly collect information from them. If you believe a child has provided us information, please contact us and we will delete it.

9. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced by email to your account address and will take effect no sooner than 30 days after notice.

10. Contact

For privacy questions, write to privacy@reasonabletech.co. For security disclosures, write to security@reasonabletech.co.