Which SQL Clients work with SecureQL?

SecureQL connections are currently supported through the RunQL VSCode extension in any VSCode-based IDE.

Do analysts need the underlying database host and port?

No. Analysts connect through a SecureQL URL and API key, without direct hostname or port details.

Can we revoke access immediately?

Yes. Disabling a user or connection in SecureQL revokes access instantly.

Can we bring our own logging database?

Yes. You can use SecureQL's managed logging database or your own MySQL database, with CSV fallback logging if the logging server connection fails.

Where is your infrastructure located?

SecureQL infrastructure resides in Canada with Tier 1 providers and can be deployed in other regions on request.

Zero-Trust SQL Governance

Live tracking of sensitive data access.

Built for Life Sciences, Healthcare, and Financial Services. SecureQL is a complete governance layer. Instantly tag PII, track every query down to the user, and revoke access in one click.

Book a Security Walkthrough See How It Works

Analyst or Engineer

SELECT *

SecureQL

Verified Identity

Classify Data Access

Audit Log

Authorized

Your Databases

Audit Log

Searchable Audit Trail

Built for teams that need tighter access control, accountable query trails, and low-friction data access workflows.

Governance blind spots are an unacceptable compliance risk.

Direct credentials and shared database accounts make it impossible to prove who accessed what data, especially when auditors come calling.

Database-Level Provisioning

Managing user accounts and tracking granular permissions directly on production servers is an operational burden that creates a sprawling attack surface.

Painful Revocation

When an employee leaves, tracking down and disabling their direct database access across all dev and production servers is slow, risky, and operationally heavy.

Invisible Compliance

Without sensitive column tagging built directly into the query flow, you can't easily prove to auditors that PHI and PCI is protected.

SecureQL in 4 steps

Create a secure service connection

Admins safely configure one connection to the database. End-users never need direct credentials or network access.

Tag sensitive columns

Persist schema snapshots and apply tags like PII, PHI, PCI, HIPAA, GDPR, CCPA, and custom tags.

Manage access centrally

Stop managing users at the database level. Issue and revoke per-user API keys directly in SecureQL.

Track every query

Capture query activity with classification metadata and searchable history.

SecureQL Audit Log

10:04:12 QUERY User: [email protected]

SELECT * FROM users WHERE status = 'active';

10:04:13 DETECTED PII Columns: fullName, email, phone

10:04:13 LOGGED Response: 243 rows (0.42s)

Executive-grade governance for SQL workflows

Identifiable Audit Trails

Automatically map every query back to an individual user identity, even when using shared db credentails.

One-Click Revocation

Instantly disable a specific user's access across all databases, or disable an entire database connection with a single click.

PII Tagging

Tag sensitive data (PII, PHI) once, and automatically flag any query that touches it in your audit logs.

Native VSCode Client

Analysts query directly from their editor using the native RunQL extension, which treats SecureQL as a transparent endpoint.

Optional - BYO Database

Use the SecureQL logging database, or store all query activity in your own database. The choice is yours.

Cloud-Vault Security

All your database credentials and keys are encrypted and stored in an enterprise-grade vault (GCP Secrets Manager).

Built for compliance-heavy industries

Life Sciences & Healthcare

Safeguard PHI data with tagging and detailed access traces requested by HIPAA and GDPR auditors.

Banks & Insurance

Give data analysts rapid access to PCI and financial data while guaranteeing perfect query observability.

Fast-Growing SaaS

Meet SOC 2 and ISO compliance requirements without introducing VPN bottlenecks or heavy data platforms.

Governance controls for data leaders

Total Query Visibility Track exactly who queried what data and when down to the second. Easily answer audit questions about PII access.
One-Click Revocation Instantly revoke user or connection access across the entire organization with a single click.
Column Tagging Tag sensitive columns or tables once (e.g. name, email, phone number, address), and effectively track interactions across the board.
Optional BYO Database Use the SecureQL logging database, or store all query activity in your own database. The choice is yours.
Cloud-Vault Security All database credentials and keys are encrypted and stored via GCP Secrets Manager.

FAQ

Currently SecureQL connections are supported through the RunQL VSCode extension. You can use that extension in any VSCode based IDE. Analysts can write, execute, and analyze queries right in their editor while SecureQL transparently governs the endpoint connections in the background.

No, they never need to know the hostname/IP and port of your database server. Each user connects through a SecureQL URL + API key.

Yes. Disabling a member (user) or a connection in SecureQL revokes access instantly.

Yes. You can use SecureQL's managed logging database or you can point to your own MySQL database for logging. The choice is yours. If the connection to a logging server fails, SecureQL will switch to CSV fallback logging so query events continue to be captured.

Our infrastructure resides in Canada with Tier 1 providers. It can optionally be deployed for you in other regions, please reach out to us to find out more.

Secure database access without slowing your team down.

See how SecureQL works with your current SQL workflows while giving security and governance teams stronger control.

Book a Security Walkthrough Talk to the Team