Privacy

How Avanty handles Privacy

Browser Permissions

Currently, your browser will say that Avanty can "read and change all your data on all websites", which sounds a lot worse than it is. Avanty needs these permissions to dynamically detect whether the website that you're visiting is a running Metabase instance. Therefore, on each website you visit, Avanty runs an extremely light-weight, 5-lines-of-code check to see if it's a Metabase site. Avanty never reads, accesses or modifies any other browsing data.

Unfortunately, Chrome only gives extensions the ability to define certain URLs on which the extension should run (e.g. https://google\.[a-zA-Z]{2,} would activate the extension on all google.com / de / it / co.uk sites). However, since Metabase can be self-hosted and can therefore run on any arbitrary domain, subdomain or IP-address, the extension needs to technically access all websites, but only to run a lightweight check for a Metabase app. Only if the check is successful will the extension load additional code that activates Avanty.

Limiting Access of the Extension

If you want to be extra cautious, you can manually specify which sites Avanty should ever, possibly, have access to. You can do this by following these steps:

  1. Open the extension settings in your Chromium-based browser.
  2. Under "Avanty", click on "Details".
  3. Under "Site Access", you will find "Allow this extension to read and change all your data on websites you visit".
  4. Click on the dropdown, and select "On specific sites"
  5. In the pop-up, put in the exact root URL of where you access Metabase. This must include the https or http prefix and any subdomain. Do not include any path behind the top-level-domain. For example, instead of acme.metabaseapp.com/dashboard/1 it should be https://acme.metabaseapp.com.

Note that if you ever wonder why Avanty is not showing up on a Metabase site, check and confirm this setting.

How Avanty handles data

What type of data does Avanty process or store?

To be able to offer Avanty's features, we need to process certain metadata stored in your Metabase app. This includes the following data points:

  • Name and available schemas in your databases
  • Name and columns of all tables in enabled databases
    For each column, we store the name, data type and some semantic information (i.e. primary keys, foreign keys, etc). We do not access any information about data stored in your tables, not even distributions or aggregations over your data.
  • Title, description, visualization settings, and SQL code of existing Metabase queries
    We process data about other Metabase queries that you or your colleagues created without Avanty to improve the performance of Avanty's SQL generation. With each query that you write, Avanty learns more about your business definitions, and how to work with your data schema.
  • Basic metadata about your Metabase instance
    To identify which database schemas belong to which user and to help fix issues related to differing Metabase versions, we store the URL under which your Metabase app runs, the unique siteUuid of your Metabase app, and the Metabase version that you are using.

You can find the more technical, legally-binding privacy policy here (opens in a new tab).

Do we ever access data stored in your databases?

No, never. We only ever process metadata about your queries & Metabase instance as described above.

PromptingHistory