Data Privacy & Security

Offline-first architecture

Out tools are desktop applications. They run locally on your machine — Windows, macOS, or Linux — and do not require a cloud backend to function. There is no server that receives your diagrams, no account that stores your project history, and no synchronization service that mirrors your files to an external system.

This is not a privacy setting you configure — it is the architecture. The application has no mechanism to upload project files because no such mechanism was built. Your schemas, ER diagrams, and data models exist only where you save them.

Project files use the .dmm format and are stored wherever you choose on your local filesystem. You can version-control them with Git, store them on a network share, back them up with your own tooling, or share them via any file-transfer method your organization uses. We are not involved in any of that.

What the tools communicate — and what they do not

Our tools make a small number of outbound network requests. Each is documented below.

License activation

Activating a commercial license requires a one-time internet connection to datensen.com. The activation request sends your license key to verify its validity. No personal information beyond the license key is transmitted. Re-activation is required when installing a new major version.

Update checks

The application periodically checks for available updates by contacting datensen.com. The only information sent is the installed product name and version number. No user identifiers, machine fingerprints, or usage data are included. Updates are not installed automatically — each update is under your control.

Crash reports (optional)

If the application encounters an error, you may be prompted to send a crash log. This is always optional and user-initiated. The log contains technical error details. You can configure crash report behavior in application settings.

Feedback (optional)

The application includes an optional feedback form. Submitting feedback requires an internet connection and is entirely user-initiated.

What is never transmitted

The following are never sent to Datensen or any third party under any circumstances:

• Project files or diagram contents
• Database schema structures
• Database connection credentials (host, username, password, SSH keys, certificates)
• Usage analytics or behavioral telemetry

Database connection security

When you create a database connection in Luna Modeler or Moon Modeler, the connection details — host, port, username, password, and any certificates — are encrypted and stored locally on your device. They are not transmitted to our servers or any other external system.

For remote database connections, the tools support:

• SSH tunneling — connect to databases through an SSH jump host. SSH private keys are stored locally and never leave your machine.
• SSL/TLS — encrypted connections to databases that require or support TLS, including cloud-hosted databases such as AWS RDS, Azure SQL, Supabase, and managed PostgreSQL instances.
• Oracle Cloud Wallet — Cloud Wallet-based connections for Oracle Autonomous Database. Wallet files are stored and referenced locally.

All connection credentials can be deleted at any time. Deleting a connection permanently removes the stored record from your device — there is no copy held elsewhere.

GDPR and data sovereignty

Because our tools do not collect, store, or process personal data on behalf of the user, they do not act as a data processor under GDPR. The application runs within your own infrastructure and handles only the data you explicitly provide — project files you create and database connections you configure. None of this data leaves your environment.

For organizations operating under GDPR, this architecture simplifies compliance. There is no data processing agreement (DPA) to negotiate for the core modeling functionality, because we do not process your data. Your schemas and database structures remain within your own data sovereignty boundary.

License activation involves a license key only. No personal identifiers beyond what you provided at purchase (typically a name and email address, held by our payment processor FastSpring) are transmitted during activation.

For detailed information about how purchase and billing data is handled, see our Sales & Merchant of Record page and the Privacy Policy.

Air-gapped and restricted environments

Core modeling functionality — creating and editing diagrams, generating SQL scripts, exporting reports — works fully offline. No internet connection is required once the application is installed and activated.

Organizations with strict network policies should note:

• License activation requires a one-time outbound connection to datensen.com. For environments where this is not possible, contact info@datensen.com to discuss offline activation options.
• Proxy support — if your environment routes traffic through a proxy, you can configure proxy settings in the application. Proxy credentials are encrypted and stored locally.
• Update checks can be performed manually and automatic update checks can be disabled if outbound traffic to datensen.com is not permitted.

Managing project files and connections

The application maintains a local list of recently opened projects for convenience. This list is stored on your device only. Removing a project from the list does not delete the project file — it simply removes the shortcut. Deleting the .dmm file from your filesystem removes the project entirely.

Each connection is a local encrypted record. Deleting a connection permanently removes it from your device — there is no server-side copy.