How is customer data protected and who can access it at UI Bakery?

Help & Support 💻
1

Hi UI Bakery team,

I’ve been reviewing your Terms of Service, Privacy Policy and the Security documentation, and I have a few follow-up questions for compliance purposes. Especially around data access and external data sources like Supabase.

  1. Do any UI Bakery engineers or staff have the ability to access customer data returned from external data sources in production? If so, under what circumstances (e.g. incident response, support), and what controls govern such access?

  2. Are any team members who could potentially access production systems or logs located outside the US/EU, such as in higher-risk jurisdictions? If yes, how is that access restricted and governed?

  3. Although your Security docs state that UI Bakery does not store external database data at rest and only acts as a proxy, can you clarify what types of information (if any) may appear in logs or monitoring systems, and how long those logs are retained?

  4. Your documentation indicates that Customer Data is not used to train AI models and that only structural metadata may be shared with model providers. Can you confirm that no external database records (e.g. Supabase row data) are ever sent to any AI provider under any circumstances?

  5. On the third-party profile site Tracxn, UI Bakery is still listed as “based in Minsk (Belarus)”. Could you clarify why this is the case and whether UI Bakery maintains any operations in Belarus today? If so, what governance applies regarding access to production systems?

998×805 103 KB

Thanks in advance for your clarification!

2

Hello @canary

Thank you for your interest in UI Bakery. Please find the answers below:
1. Do any UI Bakery engineers or staff have the ability to access customer data returned from external data sources in production? If so, under what circumstances (e.g. incident response, support), and what controls govern such access?

No, no one on our team has access to customer data.

2. Are any team members who could potentially access production systems or logs located outside the US/EU, such as in higher-risk jurisdictions? If yes, how is that access restricted and governed?

Our team members are located only in the EU and the US.

3. Although your Security docs state that UI Bakery does not store external database data at rest and only acts as a proxy, can you clarify what types of information (if any) may appear in logs or monitoring systems, and how long those logs are retained?

UI Bakery never logs or stores any customer data or query results.
Our logs only contain high-level metadata needed for auditing: action type (what happened), timestamp, user email, and the application/environment.
We do not store query payloads, parameters, results, or any sensitive data, only operational info about the action itself.Logs retention:

  • in cloud - 90 days
  • in onprem - configurable (infinity by default)

4. Your documentation indicates that Customer Data is not used to train AI models and that only structural metadata may be shared with model providers. Can you confirm that no external database records (e.g. Supabase row data) are ever sent to any AI provider under any circumstances?

Yes, UI Bakery never sends external database records (e.g., Supabase rows) to any AI provider.
The only exception is when a user explicitly includes that data themselves in a prompt or message to the AI features.
By default, UI Bakery sends only structural metadata (table names, column names, types), never actual data.

5. On the third-party profile site Tracxn, UI Bakery is still listed as “based in Minsk (Belarus)”. Could you clarify why this is the case and whether UI Bakery maintains any operations in Belarus today? If so, what governance applies regarding access to production systems?

We are not aware of this service, and are planning to reach out to the owners for information withdrawal. Our team moved from Belarus 5 years ago; now we are mostly EU-based, with some of our team members based in the USA.

Please note that for 100% data security, we offer a self-hosted version of UI Bakery, which is completely air-gapped and managed from your side. If you have any further questions, please feel free to email me directly at kate@uibakery.io.
Thank you!

1 Like