Privacy Policy

Effective date: June 8, 2026

Mathesar Cloud is operated by Mathesar Foundation Inc ("Mathesar," "we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and protect information when you use Mathesar Cloud and the Mathesar Cloud website.

This Privacy Policy applies to mathesar.cloud, Mathesar Cloud signup and login, the hosted Mathesar Cloud service, contact and mailing-list forms, surveys, and support or sales communications with Mathesar.

This Privacy Policy does not apply to self-hosted deployments of open-source Mathesar, except when you interact with Mathesar Foundation services such as our websites, forms, mailing lists, support channels, or other hosted services. Additional terms may apply to some offerings or agreements.

Information We Collect

Account and authentication information

We collect information needed to create, authenticate, secure, and manage your Mathesar Cloud account. This may include your name, email address, username, account settings, preferences, and information provided by a sign-in provider such as Google, GitHub, or another supported provider.

We also process authentication, session, and security information to verify your identity, keep you signed in, protect your account, prevent abuse, and operate the service. This may include login timestamps, session identifiers, IP address, browser or device information, and security events.

Where Mathesar Cloud offers direct login credentials, we process those credentials to authenticate your account.

Customer Content

When you use Mathesar Cloud, we process the information you submit, upload, import, create, connect, or manage through the service ("Customer Content"). Customer Content may include data stored in or connected to your database, form submissions, files, metadata, exports, and related content.

If you create or publish a form or other shared surface through Mathesar Cloud, people with access to that link or surface may submit information that becomes Customer Content.

Communications and forms

If you contact us, join the Mathesar Foundation mailing list, respond to a survey, or request support, we collect the information you choose to provide. This may include your name, email address, phone number, message contents, survey responses, mailing-list preferences, unsubscribe status, related email delivery or engagement information, and related communications.

Please do not include highly sensitive or regulated information in contact messages, survey responses, or other optional communications unless we ask you to provide it or agree otherwise in writing.

Usage, analytics, and technical information

We collect limited technical, usage, and diagnostic information to operate, secure, analyze, and improve Mathesar Cloud and our website. This may include pages visited, links clicked, form submission events, browser and device information, IP address, referrer information, timestamps, logs, and similar diagnostic or security information.

How We Use Information

We use information for the following purposes:

  • To provide, operate, secure, maintain, troubleshoot, and support Mathesar Cloud.
  • To create, authenticate, and manage accounts.
  • To provide database, form, file, import, export, and other product features.
  • To respond to questions, support requests, feedback, and sales inquiries.
  • To send Mathesar Foundation updates or other communications you request.
  • To analyze website and service usage and improve Mathesar Cloud, subject to the Customer Content limits below.
  • To debug issues, prevent abuse, investigate security events, and protect users, Mathesar, and the public.
  • To comply with legal obligations, enforce agreements, and protect legal rights.

Customer Content

You are responsible for the Customer Content you choose to submit, upload, import, create, connect, manage, or share through Mathesar Cloud, and for ensuring that you have the rights and permissions needed to use that Customer Content with the service.

We process Customer Content to provide, secure, maintain, troubleshoot, support, and operate Mathesar Cloud; respond to your requests; prevent abuse; comply with law; and as otherwise directed by you through your use of the service or our agreements with you.

We do not use Customer Content for advertising, retargeting, cross-site behavioral advertising, or AI model training. We may use aggregated or de-identified usage, diagnostic, and technical information that does not identify you or any individual to understand and improve Mathesar Cloud.

Mathesar Cloud is designed for general-purpose data management. Unless we agree otherwise in writing, you should not use Mathesar Cloud for information that requires special legal, contractual, or regulatory handling, such as protected health information, payment card data, government identifiers, children's data, or other specially regulated information.

Sharing And Access

Customer Content may be accessible to people you invite to, authorize, or share it with through Mathesar Cloud. Where those features are available, access may depend on roles, permissions, settings, and sharing choices configured in the service.

If you create, publish, or share forms, links, files, databases, exports, or other shared surfaces, people with access to those surfaces may be able to view or submit information according to the settings you choose. Some forms may be public by link.

If you submit information through a form or shared surface controlled by another Mathesar Cloud user, that user may be able to access and use the information you submit. Their handling of that information may be governed by their own policies or practices.

Where account owner, administrator, collaborator, or similar controls are available, authorized users may be able to access, manage, export, modify, or delete Customer Content associated with the account or database they control.

How We Disclose Information

We may disclose information to the following categories of recipients:

  • Service providers and subprocessors that help us operate, host, secure, maintain, support, analyze, and improve Mathesar Cloud and our website. These may include hosting, infrastructure, database, storage, authentication, email, form, survey, analytics, security, logging, support, and communications providers.
  • Authentication providers, such as Google, GitHub, or another supported provider, when you choose to sign in through them.
  • Form, survey, email, and communications providers that help us collect, route, manage, and respond to submissions or send communications you request.
  • Analytics providers that help us understand website and service usage.
  • Authorized Mathesar personnel, as described below.
  • Government, law enforcement, regulators, courts, or other third parties when we believe disclosure is required by law or reasonably necessary to protect rights, safety, security, or prevent abuse.
  • Parties involved in a merger, reorganization, transfer of assets, or similar organizational transaction, if applicable.
  • Other recipients with your consent or at your direction.

We share Customer Content with service providers only as needed to provide, secure, maintain, troubleshoot, support, or operate Mathesar Cloud, or as directed by you through your use of the service.

Current providers include Microsoft Azure for hosting, infrastructure, database, storage, and related Cloud operations; Google Cloud Platform for some infrastructure during our migration to Azure; Google Workspace for support email and related administrative communications; Formspree for form collection and routing; MailerLite for Mathesar Foundation mailing-list communications; Simple Analytics for website analytics; Google or GitHub for sign-in where used; and Google Forms for surveys.

If you use a third-party identity provider, form, survey, or other external service, that provider may process information according to its own privacy policy.

Analytics And Cookies

We use cookies and similar technologies that are necessary to operate Mathesar Cloud, such as keeping you signed in, maintaining sessions, securing the service, preventing abuse, and remembering settings.

We use privacy-focused analytics to understand website and service usage. Our current website analytics provider is Simple Analytics, which is designed not to use cookies or track visitors across websites. We may collect limited event information, such as page views, link clicks, and form submissions, to understand and improve our website and services.

We do not use Customer Content for advertising, retargeting, cross-site behavioral advertising, or AI model training.

We do not track visitors across third-party websites for targeted advertising or sell or share personal information for cross-context behavioral advertising. Because we do not engage in those practices, we do not respond to browser Do Not Track signals or universal opt-out signals as opt-out requests for sale or targeted advertising. If our practices change, we will update this policy and provide any required choices.

Communications

If you join the Mathesar Foundation mailing list, we may send you occasional updates about Mathesar Foundation, Mathesar Cloud, open-source Mathesar, and related work. You may unsubscribe from marketing or mailing-list communications by using the unsubscribe link in those emails or by contacting us.

We may still send service, security, legal, or administrative communications when needed.

Where applicable law requires a legal basis for processing personal information, we rely on the following legal bases:

  • Performance of a contract, including to provide and manage Mathesar Cloud, authenticate accounts, provide requested product features, and respond to support requests.
  • Legitimate interests, including to secure, maintain, analyze, and improve our services, communicate with users, prevent abuse, investigate security issues, and protect Mathesar, users, and the public.
  • Consent, where required, including for optional communications or features that rely on consent.
  • Legal obligations, including where we need to comply with law, respond to lawful requests, or protect legal rights.

We do not use automated decision-making, including profiling, to make decisions that have legal or similarly significant effects.

Retention, Deletion, And Export

We retain information for as long as needed to provide, secure, maintain, troubleshoot, support, and improve Mathesar Cloud; comply with legal obligations; resolve disputes; enforce agreements; prevent abuse; and protect rights and safety.

Customer Content is generally retained while the relevant account, database, or feature remains active or until it is deleted, subject to backups, logs, legal, security, abuse-prevention, and operational exceptions described below. Mathesar Cloud may provide product features that allow you to export or delete certain Customer Content directly. You may also contact us at support@mathesar.cloud to request access to, correction of, export of, or deletion of your account information or Customer Content.

Deleted information may remain in backups, logs, or archival copies for a limited period according to our normal backup, security, and retention practices, unless we need to retain it longer for legal, security, abuse-prevention, or operational reasons.

We retain contact, support, mailing-list, and survey information for as long as needed to respond to you, manage communications, analyze feedback, or comply with our obligations.

Security And Support Access

We use administrative, technical, and organizational measures designed to protect information, including access controls intended to limit access to authorized personnel.

"Authorized Mathesar personnel" may include employees, contractors, volunteers, maintainers, officers, or other people working with Mathesar Foundation who are authorized to help operate or support Mathesar Cloud.

Authorized Mathesar personnel may access account information, technical data, and Customer Content when reasonably necessary to provide, secure, troubleshoot, maintain, or support Mathesar Cloud; respond to user requests; investigate abuse or security issues; or comply with legal obligations. We limit access to authorized Mathesar personnel who have a need to know for the purposes described in this Privacy Policy.

If you contact us for support, we may use the information you provide and relevant account, technical, or Customer Content information to investigate and respond.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If we become aware of a security incident affecting personal information, we will notify affected users or regulators when required by applicable law.

International Processing

Mathesar Foundation and our service providers may process information in the United States and other locations where we or our providers operate. Those locations may have data protection laws that differ from the laws where you live. Where required, we use appropriate safeguards for international transfers, and you may contact us to request more information about those safeguards.

Your Privacy Rights

Depending on where you live, you may have rights to request access to, correction of, deletion of, or export of personal information we maintain about you. You may also have the right to object to or restrict certain processing, or to withdraw consent where processing is based on consent.

You may contact us at support@mathesar.cloud to make a privacy request. We may need to verify your identity before responding to your request. We will respond as required by applicable law.

If your personal information was submitted to Mathesar Cloud by another user or is contained in Customer Content controlled by another user, we may refer your request to that user or help that user respond, as appropriate and required by law.

If you are located in a jurisdiction that provides the right to lodge a complaint with a data protection authority, you may contact your local supervisory authority. We encourage you to contact us first so we can try to address your concern directly.

Mathesar Foundation Inc is a nonprofit organization. Some privacy laws, including the California Consumer Privacy Act, may not apply to nonprofit organizations in the same way they apply to for-profit businesses. Regardless, we do not sell personal information or share personal information for cross-context behavioral advertising.

Children

Mathesar Cloud is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, contact us at support@mathesar.cloud.

Do not use Mathesar Cloud to knowingly collect personal information from children unless you have the legal authority to do so and we have agreed in writing to support that use.

If we learn that we have collected personal information from a child under 13 without appropriate authorization, we will take reasonable steps to delete it or otherwise handle it as required by law.

Changes To This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice as appropriate, such as by posting the updated policy on this page or by sending notice through Mathesar Cloud or email.

Contact Us

If you have questions or requests about this Privacy Policy, contact us at support@mathesar.cloud.