Credentials in the Cloud
Cloud database tools store your credentials on their servers. One breach, and your production database is exposed.
Total Data Sovereignty
Stop sending your database credentials to third-party clouds. QueryGlow runs 100% on YOUR servers. Zero telemetry. Zero tracking. Complete control.
- Zero Telemetry
- AES-256 Encryption
- GDPR-Friendly
- Air-Gap Ready
The Problem with Cloud Database Tools
Every cloud tool is another place your credentials live. Another potential breach point.
They See Everything
Cloud tools can see your queries, your schema, your data. Even if they promise not to look, the access exists.
Compliance Nightmares
GDPR, HIPAA, SOC2—using cloud tools means adding another data processor to your compliance documentation.
Vendor Lock-in
Cloud tools can change pricing, terms, or shut down. Self-hosted means you control your tools forever.
Cloud Tools vs Self-Hosted
| Aspect | Cloud Tools | QueryGlow (Self-Hosted) |
|---|---|---|
| Data Location | Their servers | Your servers only ✨ |
| Credential Storage | In their database | AES-256-GCM encrypted on your server ✨ |
| Telemetry | Usually yes | Zero—we never see anything ✨ |
| GDPR Compliance | Another data processor to document | No third-party data transfer ✨ |
| Vendor Shutdown Risk | Lose access if they close | You own the code forever ✨ |
| Network Access | Must expose DB to internet | Runs inside your VPC ✨ |
| Air-Gapped Support | Not possible | Full offline operation ✨ |
| Pricing | Monthly per user | $79 once, unlimited users ✨ |
Data Location
Cloud
Their servers
QueryGlow
Your servers only ✨
Credential Storage
Cloud
In their database
QueryGlow
AES-256-GCM encrypted on your server ✨
Telemetry
Cloud
Usually yes
QueryGlow
Zero—we never see anything ✨
GDPR Compliance
Cloud
Another data processor to document
QueryGlow
No third-party data transfer ✨
Vendor Shutdown Risk
Cloud
Lose access if they close
QueryGlow
You own the code forever ✨
Network Access
Cloud
Must expose DB to internet
QueryGlow
Runs inside your VPC ✨
Air-Gapped Support
Cloud
Not possible
QueryGlow
Full offline operation ✨
Pricing
Cloud
Monthly per user
QueryGlow
$79 once, unlimited users ✨
Deploy on Your Infrastructure
QueryGlow is packaged for Docker. Build from source and run on any VPS (DigitalOcean, Hetzner, AWS, your office server) or locally on your laptop.
# docker-compose.yml
services:
queryglow:
build: . # Build from source
ports:
- "3000:3000"
environment:
- SESSION_SECRET=${SESSION_SECRET}
- DATA_DIR=/app/data
volumes:
- queryglow-data:/app/data
volumes:
queryglow-data:5 minutes from git clone to running instance. No complicated setup.
Private Network Access
Connect to databases inside your VPC without opening public ports. QueryGlow runs inside your firewall.
Zero "Phone Home"
We don't track your queries. We don't see your schema. Everything stays on your machine.
Works Offline
Air-gapped environment? No problem. QueryGlow works fully offline (AI features need API access).
Security Built In
Self-hosted is just the start. QueryGlow has multiple layers of protection.
AES-256-GCM Encryption
All database credentials are encrypted at rest with AES-256-GCM. Even with server access, passwords are unreadable without the key.
Safe Mode
Blocks DROP DATABASE (always), prevents DELETE/UPDATE without WHERE, auto-limits SELECT to 1000 rows. On by default.
SSH Tunnels Built-In
Connect to databases behind firewalls without exposing ports. Paste your private key directly—ephemeral ports for security.
AI Privacy Guarantee
When using AI SQL generation, only your schema (table/column names) is sent. Your actual row data never leaves your server.
Zero Telemetry
No analytics, no tracking, no "phone home." QueryGlow doesn't know when you use it, what you query, or who your users are.
Your API Keys
AI features use YOUR API keys (OpenAI, Claude, Gemini). No markup, no middleman, no key sharing.
Built For Privacy-First Teams
Security-Conscious Teams
Companies that can't or won't send database credentials to third-party clouds.
Regulated Industries
Healthcare, finance, government—anywhere compliance requires data control.
Air-Gapped Environments
Networks with no internet access. QueryGlow works fully offline (AI features excepted).
Privacy-First Companies
Organizations that make data privacy a core value, not just a checkbox.
6 Databases, Complete Privacy
Frequently Asked Questions
What does "self-hosted" actually mean?
Self-hosted means you run QueryGlow on YOUR servers—your VPS (DigitalOcean, Hetzner, AWS), your Kubernetes cluster, your office server, or even your laptop via Docker. Your data never touches our servers or any third-party cloud. You download the source code, build it, and deploy it yourself.
Does QueryGlow send any data to your servers?
No. QueryGlow has zero telemetry, zero tracking, and zero "phone home" behavior. We don't know when you use it, what databases you connect to, what queries you run, or how many users you have. The only external connections are if YOU choose to use AI features with YOUR OWN API keys—and even then, only your schema (table/column names) is sent, never your actual data.
Is QueryGlow GDPR compliant?
QueryGlow's self-hosted architecture is GDPR-friendly by design. Since you host it yourself and no data leaves your infrastructure, you maintain complete control over data processing. There's no data transfer to third parties, no additional data processor agreements needed. Consult your legal team for your specific compliance requirements.
How are database credentials stored?
All database credentials are encrypted at rest using AES-256-GCM encryption. The encryption key is derived from your SESSION_SECRET environment variable. Even if someone gains access to your QueryGlow server's data directory, they cannot read your database passwords without the encryption key.
Can I run QueryGlow in an air-gapped environment?
Yes. QueryGlow works fully offline once deployed. The only features that require internet are AI SQL generation (which calls your chosen AI provider's API). All other features—browsing, querying, importing, exporting—work without any network connection.
What's the difference between this and cloud database tools?
Cloud tools (like some hosted database UIs) store your credentials on their servers, can see your queries and data, and add another vendor to your compliance documentation. QueryGlow runs entirely on your infrastructure. We never see your data, your credentials, or your queries. You have complete control.
Take Control of Your Data
$79 once. Your servers. Your data. Forever.