Every query, transformation, and pipeline runs locally on your Mac. Your data stays on your machine — no cloud uploads, no third-party servers, no AI training on your business data.
The default for data tools became cloud-first sometime around 2015. Snowflake runs in the cloud. Fivetran processes in their cloud. Hightouch syncs through their cloud. Even ostensibly desktop tools like DBeaver send telemetry, error reports, and sometimes query metadata to their vendors. The assumption is that everything benefits from being cloud-connected. For sensitive data, regulated industries, and security-conscious developers, that assumption is increasingly costly.
Your query results never leave your Mac unless you explicitly write them to a cloud destination (S3, Salesforce, etc.). Your Python transformations run in a local Python 3.12 runtime bundled with the app. Your SQL queries are sent directly to your databases — there is no QueryFlow cloud proxy. Your schema metadata stays local. Your scheduled jobs run on your machine. Even when Claude AI is involved, only the specific prompt you send (your question plus the context you choose to include) goes to Anthropic's API — your full database is never uploaded.
For healthcare, financial services, government, and other regulated industries, local-first dramatically simplifies compliance reviews. Your data never enters a third-party data processor's environment, which means HIPAA / SOC 2 / GDPR data handling questionnaires get shorter and clearer. When asked 'does your data leave your control?', the answer is 'only if you explicitly send it somewhere.' That's a meaningfully different posture than cloud SaaS tools.
Many cloud data tools have updated their terms of service to allow training AI models on customer data. For business data, this is often unacceptable — even with anonymization. QueryFlow does not train any models on your data. The Claude AI integration is a direct pass-through to Anthropic's API using your own API key — Anthropic's terms govern what happens with the prompts you send, and you control which prompts you send. No automatic data uploads, no background telemetry of query content.
QueryFlow is distributed through the Mac App Store, which means App Sandbox is enabled and Apple has reviewed the app for security and privacy. Database credentials are stored in the macOS Keychain — the same encrypted store Apple uses for your iCloud password. Network access is granted only to the specific database hosts you configure. QueryFlow cannot read files outside the directories you explicitly grant access to. These are macOS-level guarantees, not just QueryFlow promises.
QueryFlow includes optional usage telemetry (which features get used, error rates) that's disabled by default and clearly togglable in Settings. Even when enabled, no query text, no data values, and no schema names are ever transmitted — only feature counters and anonymized error categories. Your actual work is invisible to us.
Be straightforward. Local-first means: no built-in team collaboration on the same pipeline (each team member runs QueryFlow on their own Mac), no automatic backups of your workflows (back up your QueryFlow workspace folder yourself), no multi-region failover. For solo and small-team operations these are not issues. For enterprise teams with strict collaboration and DR requirements, cloud-based tools remain better-suited.
Optional anonymized telemetry (feature usage counters and error categories) can be enabled in Settings. By default this is off. No query text, no data values, and no schema names are ever transmitted regardless of telemetry settings.
Only the specific prompt you choose to send. The context chips at the bottom of the Claude panel show exactly what's included: your current SQL, your latest 50 result rows (if you opt to include them), your schema (if included), and your recent errors. You see what's being sent before you send it. Anthropic's API governs what they do with the prompts you send — see their privacy policy.
Yes — for the local SQL editor, schema explorer, Python notebooks, and ETL pipeline features, no internet is required. For Claude AI features, the app needs internet access to reach Anthropic's API. You can use QueryFlow without configuring Claude and have a fully air-gap-compatible workflow.
Credentials (passwords, API keys, OAuth refresh tokens) are stored in the macOS Keychain, encrypted at rest using your Mac's hardware security keys (Secure Enclave on Apple Silicon Macs). QueryFlow accesses them only when actively making a connection. The credentials never appear in QueryFlow workspace files, log files, or cloud sync.
QueryFlow's architecture is compatible with HIPAA compliance because PHI never leaves your control — it stays in your databases and flows only to destinations you configure. However, full HIPAA compliance also depends on your overall workflow (which destinations you use, how you handle device security, audit logging). yforest llc is not a Business Associate and does not sign BAAs. Consult your compliance team for full HIPAA workflow design.
14-day free trial. Run your sensitive queries locally. Your databases stay yours.