Skip to content

PRIVACY.md

Latest commit

 

History

History
68 lines (49 loc) · 3.68 KB

PRIVACY.md

File metadata and controls

68 lines (49 loc) · 3.68 KB

Privacy Policy for CSV SQL Query Tool

Data Handling and Privacy

The CSV SQL Query Tool for Dify enables users to run SQL queries on uploaded CSV files and receive structured results in JSON or Markdown format. This privacy policy explains how user data is handled during the operation of this plugin.

Data Collection and Storage

  1. CSV Files: When processing a query:

    • The CSV file is uploaded by the user at the time of use
    • The file is loaded directly into memory using secure BytesIO streams
    • No part of the input file is written to persistent disk storage
    • The original CSV content is discarded immediately after query execution completes
    • No user data is logged, cached, or stored by the plugin at any time

  2. Query Results: The output (JSON or Markdown):

    • Is generated solely in response to the user’s explicit request
    • Is returned directly through Dify’s message system
    • Is not retained, recorded, or persisted by the plugin after delivery
    • Exists only transiently in memory during response construction

Data Processing

All data processed by this plugin:

  • Remains entirely within the memory space of the host server where the plugin is deployed
  • Is processed locally using pandas and duckdb—both in-memory, zero-disk libraries
  • Is never transmitted to external services, cloud APIs, analytics platforms, or third-party servers
  • Exists only for the minimal duration required to parse the CSV, execute the SQL query, and format the result

Third-Party Access

The plugin does not:

  • Share, sell, lease, or disclose any user-uploaded CSV data or query results to third parties
  • Collect usage statistics, telemetry, logs, or analytics
  • Use cookies, device identifiers, or tracking mechanisms
  • Depend on or communicate with any external online service for core functionality

Note: All processing occurs locally using open-source Python libraries (pandas, duckdb). No data leaves your Dify environment.

User Responsibility

Users of this plugin are responsible for:

  • Ensuring they have the legal right to upload and process the provided CSV file
  • Complying with applicable data protection regulations (e.g., GDPR, CCPA) when handling personal or sensitive information
  • Understanding that while the plugin itself stores no data, their Dify platform, hosting infrastructure, or upstream applications may have separate data retention or logging policies
  • Securing any downloaded or copied query results according to their own organizational or personal security practices

Security Measures

The plugin implements the following safeguards to protect user data:

  • Uses in-memory-only processing via BytesIO—no temporary files are created on disk
  • Leverages DuckDB’s secure, isolated in-memory database engine with no persistence
  • Ensures all DataFrame objects and intermediate structures are automatically garbage-collected after use
  • Avoids serialization or caching of user data at any layer
  • Runs with minimal privileges in the Dify plugin sandbox environment

Changes to This Privacy Policy

This privacy policy may be updated to reflect changes in the plugin’s architecture, dependencies, or evolving best practices for data privacy. Any significant updates will be:

  • Documented in the plugin’s GitHub repository changelog
  • Included in release notes for new versions
  • Made available at the same location in the source code

Contact

If you have questions, concerns, or requests regarding this privacy policy or how your data is handled by the CSV SQL Formatter Plugin, please contact the plugin author through the official GitHub repository:

https://github.com/aopstudio/dify-csv-sql-query-plugin