SQL Performance Intelligence
SQL PerformanceIntelligence™

Security & Compliance by Design for Regulated SQL Server Environments

This page answers common security review questions with auditable details. Offline-first by default, read-only diagnostics, and user-controlled optional cloud LLM.

View Sample Security ReportStart Free Trial
Read-only diagnostics (SELECT-only)
No schema changes
No agents / no background services
Recommendations only (no auto-apply)
Default Security Configuration
  • Default mode: Local (Offline)
  • Cloud: Disabled
  • Send Policy: L0
  • Redaction: On (cloud mode)
Offline-first default

Local LLM keeps prompts and tuning context inside your environment.

No telemetry or agents

No background collectors, no outbound telemetry, and no hidden services.

Critical message
Local LLM keeps all tuning context inside your environment. Cloud LLM is optional, and if enabled only selected context is transmitted under Send Policy and Redaction controls.
Security Summary

Trust posture and data-handling model at a glance

Security content is now grouped into the same strong sections and card patterns used on the homepage.

How data moves

Offline (default)

  • Runs locally with Local LLM.
  • No prompts or tuning context leave your network.
  • Recommended for regulated environments.

Cloud (optional)

  • Enabled only by you with a provider and API key.
  • Controlled by Send Policy levels L0 to L3.
  • Redaction can mask literals, comments, and PII patterns.

What we collect and what we do not collect

We collect

  • Procedure or query text when enabled for tuning.
  • Plans, Query Store metrics, and metadata.
  • Signals such as IO, CPU, waits, and memory grants.

We do not collect

  • Table or row contents as part of collection.
  • Credentials or secrets intentionally.
  • Background-harvested database contents.
The application does not collect, transmit, or persist table data. If cloud LLM mode is enabled, selected context may be transmitted under user-controlled Send Policy.
System Design Principles
No outbound telemetry
No background agents
No automatic schema changes
No automatic updates
Offline by default
Security Posture
Read-only diagnostics (SELECT-only)No schema changesNo agents / no background servicesRecommendations only (no auto-apply)Least privilege accessOffline by default
Review Details

Deep-dive controls for security reviews and procurement checks

Detailed answers remain in expandable sections, but now sit inside the same polished card system used across the homepage.

LLM Mode Comparison
FeatureLocal LLMCloud LLM
Internet RequiredNoYes
Data Leaves EnvironmentNoYes, to the selected provider
Regulated SuitableYesDepends on policy
Controls
Mode

Offline mode: no prompts or context leave your environment.

Send Policy (L0–L3)
Redaction toggles
Send procedure/query text to Cloud AI
Off by default. Use only with L2+.
Mask literals (numbers/strings)
On by default in cloud mode.
Remove comments
On by default in cloud mode.
Mask PII patterns
Email, phone, IBAN, and ID patterns.
Mask object names (optional)
Schemas, tables, columns, procedures.
Encryption, Network, and Deployment

Encryption

In cloud mode, transmitted context is sent over encrypted HTTPS and TLS connections.

Network Requirements

Offline mode needs no internet. Cloud mode requires outbound access only to explicitly approved endpoints.

Deployment Model

Windows desktop deployment, offline installer options, and no background license agents.

Access, Logging, and Audit Readiness

Minimum permissions

Read-only metadata and performance views, plus optional Query Store access when enabled.

Supported authentication

Windows Authentication, SQL Login, and Active Directory where configured.

Audit logging

Logins, analysis runs, report generation, configuration changes, and exports.

Security Review Support

Accelerate procurement and security approvals without reworking the narrative every time

Audit-ready reports and evidence-backed analysis are designed to shorten enterprise security reviews while preserving operational control.

Security questionnaire support
Architecture documentation available
On-prem deployment supported
Air-gapped environments supported