Security & Privacy
Lexega is an offline-by-default CLI you run in your own environment. This page documents data flow boundaries and what changes when you enable optional integrations.
Defaults (Offline)
- No telemetry to Lexega-controlled services.
- Core formatting/risk analysis runs locally on SQL text.
- Output is written only to destinations you configure (stdout/files/CI artifacts/object storage).
| Data Type | Core CLI behavior |
|---|---|
| SQL text | Read and analyzed locally |
| Customer table data / business-query results | Not accessed |
| Telemetry/analytics | Not sent |
| License validation | Offline (cryptographic verification) |
Online Playground
The playground at lexega.com allows users to format or analyze SQL without installing the CLI. Unlike the core CLI (which runs locally), the playground sends SQL to a server-side API for processing.
| Property | Detail |
|---|---|
| Processing location | Cloudflare Workers (edge network) |
| Data in transit | TLS/HTTPS |
| Data at rest | None — SQL is processed in memory and immediately discarded |
| Logging | Lexega does not log SQL input. Cloudflare may process standard request metadata as described in their privacy policy. |
| Rate limiting | Requests are rate-limited per IP to prevent abuse |
| Output | Only the analysis result is returned to the browser |
Recommendation: The playground is intended for demonstration with sample or synthetic SQL. Do not submit production SQL containing credentials, PII, or proprietary business logic.
Optional Integrations (Outbound)
Lexega can be configured to talk to external systems. When you enable these options, data may leave the machine/network where the CLI runs.
| Integration | What it connects to | What data may be transmitted |
|---|---|---|
Catalog integration (lexega-sql catalog) | Snowflake, Databricks | Schema/governance metadata; optionally user/role identifiers via --include-grants |
PR comments (--pr-comment) | Your code host (GitHub/GitLab/Bitbucket) | The rendered markdown report posted as a PR/MR comment |
Optional: Catalog Integration
The lexega-sql catalog command connects to a supported platform (currently Snowflake or Databricks) using your credentials to fetch metadata.
Metadata Surfaces
| Platform | Metadata Sources | Grant Support | Policy Support |
|---|---|---|---|
| Snowflake | INFORMATION_SCHEMA, SNOWFLAKE.ACCOUNT_USAGE, SHOW commands | ✅ | ✅ Masking, row access, tags |
| Databricks | Unity Catalog | ✅ | ⚠️ Collected (row filters, column masks) — analysis limited |
If you enable --include-grants, the snapshot includes user and role identifiers: role hierarchy, object privileges, and user-to-role assignments (Snowflake); Unity Catalog permissions and SCIM user/group memberships (Databricks). These may constitute personal data — see the Legal & Compliance documentation.
What It Does NOT Access
- ❌ Your actual table data — never runs SELECT on your tables
- ❌ Business-query results — catalog queries are limited to metadata surfaces
- ❌ User credentials — uses your existing platform authentication
Security Notes
- Catalog integration is opt-in — if you don't use it, the CLI never connects to any external platform
- All queries are read-only metadata — no write operations
- ACCOUNT_USAGE queries may fail without appropriate privileges — the catalog tool handles this gracefully
- The catalog tool does not transmit data to Lexega or third-party telemetry endpoints; output is written to the destination you configure (stdout, local files, or cloud storage)
Data Handling
Input Processing
- SQL file read into memory
- Analyzed in-process
- Results written to stdout or a destination you configure
- Memory released—no persistent state
No Data Retention
- Stateless operation: Each CLI invocation is independent
- No caching: Queries are not cached between runs
- No logging: No query logs written to disk (unless you configure output)
- No temporary files: Analysis performed entirely in memory
Compliance Considerations
GDPR
- Typically no personal data: Core analysis operates on SQL text, not the data returned by queries
- No data transfer to Lexega: No telemetry or upload to Lexega-controlled services
- DPA depends on configuration: If you enable options that collect user identifiers (for example, grant graph) or transmit reports to third parties (for example, PR comments), consult your legal team/DPO
HIPAA
- No PHI exposure: Lexega does not access table data or the results of your business queries
- BAA depends on your program: Whether you need a BAA is a decision for your compliance/legal team based on how you deploy and what metadata you collect/store
Auditability
- Audit trail: Decision records provide immutable evidence of policy enforcement
- Deterministic: Same input always produces same output (reproducible)
- No Lexega telemetry by default: Optional integrations (catalog / PR comments) may transmit data to systems you configure
PCI-DSS
- No cardholder data: Lexega operates on SQL text, not data
- Scope depends on deployment: PCI scope is determined by where you run Lexega and where you store outputs
- Access controls: Runs under your CI/CD identity and permissions
Vulnerability Disclosure
If you discover a security vulnerability in Lexega:
- Email: security@lexega.com
- Include: Detailed description, reproduction steps, impact assessment
- Response: We'll do our best to acknowledge quickly
- Disclosure: Coordinated disclosure after fix is available
Security Questionnaire
Some organizations require security questionnaires. Key answers:
| Question | Answer |
|---|---|
| Does the product transmit data externally? | No telemetry to Lexega. Optional: catalog pulls connect to your platform (Snowflake or Databricks); --pr-comment posts reports to your code host. |
| Does the product store customer data? | Only outputs you direct (reports/decisions/catalog snapshots); no internal persistence. |
| What encryption is used for data at rest? | N/A (no data storage) |
| What encryption is used for data in transit? | N/A for core CLI. Optional integrations (Snowflake / PR comments) use TLS via the underlying service/clients. |
| Is there a SOC 2 Type II report? | No (not currently pursued) |
| Is source code escrowed? | Not currently offered |
| What is the vulnerability response SLA? | No formal SLA (best-effort response) |
Questions? Contact security@lexega.com
Need Help?
Can't find what you're looking for? Check out our GitHub or reach out to support.