All AI functionality in SQLDBM is opt-in only and will not be available unless explicitly enabled at the account level.
SqlDBM takes your data security and privacy seriously. AI Copilot features are designed with security-first principles to ensure your sensitive database information remains protected.
For the complete security review document, please visit our Trust Center.
Key Assurances
- Your data is never used for AI training — SqlDBM's AI Copilot uses Anthropic's Claude models via AWS Bedrock. Under both Anthropic's API Terms of Service and AWS Bedrock's data handling policies, your prompts and project data are not used to train or improve AI models.
- Your data is never shared with other customers — SqlDBM's AI services use a fully stateless architecture with strict tenant isolation. No conversation history or project context is stored on our servers between requests, and there is no shared state between customers.
- AI features are opt-in only — AI Copilot features are disabled by default and require explicit activation. No passive data collection or background AI processing ever occurs.
- Data is only sent when you request it — project data is transmitted to AI services only when you explicitly request AI assistance. You control exactly when and what context is shared.
AI Provider and Models
SqlDBM's AI Copilot leverages Anthropic's Claude models accessed through AWS Bedrock, ensuring that data is encrypted in transit and at rest, that customer data is not used to train foundation models, and that all processing occurs within AWS's secure infrastructure.
The system automatically selects the appropriate Claude model based on query complexity and the presence of multimodal content. All models are accessed through AWS Bedrock with identical security controls.
What Data Is Sent
When you actively request AI assistance, the following project context may be transmitted:
- Project object details (table names, columns, data types, etc.)
- Schema definitions and relationships
- Naming conventions and standards
- Glossary entries and business terminology
- Data governance field configurations
- Diagram and subject area metadata
- User-defined custom instructions
Data minimization is enforced: only essential metadata fields are transmitted, full object definitions are minified where possible, and no sensitive credentials or connection strings are ever sent. Rather than receiving your entire project, the AI requests and receives only the specific elements needed for each task.
Data Retention
- Stateless processing — no conversation history is stored server-side; each request is independent.
- In-memory only — data is processed in memory during active requests and discarded afterward.
- Audit logging — request metadata is logged for internal operational monitoring and retained for 30 days.
Security Architecture
- Authentication — every AI request requires bearer token validation, JWT-based identity verification, and company/tenant identification.
- Tenant isolation — enforced through stateless architecture, company-scoped authentication, isolated rate limits, and separate processing contexts per tenant.
- Encryption — all communications are encrypted via TLS 1.2+.
- No direct exposure — AI processing components have no direct internet exposure; AWS Bedrock is accessed through secure AWS APIs.
Access Controls
The AI Copilot feature is enabled at the account level by express consent. Once enabled, AI features can be fine-tuned and used within projects by the project team.
| Role | AI Capabilities |
|---|---|
| Account Owner | Opt-in to AI feature enablement at the account level |
| Project Owner | Configure global context, set pre-prompts |
| Project Editor/Modeler | Use AI features if enabled |
| Project Viewer/Consumer | Read-only, question-answer interaction |
Compliance
SqlDBM maintains SOC 2 Type II certification. AI model inference via AWS Bedrock also maintains SOC 2 Type II compliance. Data processing occurs under applicable terms of service and data processing agreements between SqlDBM, AWS, and Anthropic.
Your Responsibilities
While SqlDBM implements strong security measures, we recommend that you:
- Review AI responses — always validate AI-generated output before implementing in production.
- Be mindful of context — consider what information you include when requesting AI assistance, especially with sensitive or proprietary designs.
- Check compliance — evaluate whether AI feature usage aligns with your organization's data governance and security policies.
See also