QueryWell
Local-firstReporting-only by default

Secure and audit-ready,
by design

QueryWell is built for the people who have to answer to auditors and regulators. Your data stays on the device, secrets stay in the OS keychain, and every run and export leaves a tamper-evident trail.

Buy QueryWell See the full product

Nothing phones home

QueryWell runs entirely on your machine. Results, history and exports never leave the device — no telemetry, no cloud sync. Only the licence check ever goes online.

Secrets in the OS keychain

Credentials live in OS-native secret storage — never in plaintext and never in the app's local database. Basic auth is clearly labelled dev/fallback and only allowed over HTTPS.

Reporting-only by default

Destructive operations are blocked, and QueryWell respects all Fusion roles, privileges and data security. It connects through Oracle's supported APIs only — no JDBC, SQL*Net, or backend SQL.

Your data stays in-country

There's no warehouse to breach and no cross-border copy to explain to a regulator. Bank of Ghana's CISD-2026 data-residency rule becomes a checkbox instead of a headache.

Masked audit logs

Every run and export is logged. Sensitive parameter names — token, key, IBAN, account and the like — are masked in the log automatically.

Tamper-evident exports

Every export is SHA-256 hashed and recorded in the export log — evidence you can hand straight to auditors and examiners.

Security & governance at a glance

  • Reporting-only by default — destructive operations blocked
  • Respects all Fusion roles, privileges and data security
  • OS-native secret storage; no secrets in the local database
  • Sensitive parameters (token, key, IBAN, account…) masked in logs
  • Content Security Policy enforced in production builds
  • No telemetry, no cloud sync — nothing phones home
  • Connects through Oracle's supported APIs only — no JDBC / SQL*Net / backend SQL
  • Cryptographically signed auto-updates; signed & notarised macOS build

Where your data lives

QueryWell stores connection metadata, history, audit logs and saved queries in local SQLite on your device. Query results and report output are yours alone — they're never copied to a vendor cloud or warehouse.

Not a bulk extractor. For very large outbound extracts, QueryWell points you to Oracle's supported BICC / scheduled channels — keeping you within Oracle's guidance rather than pulling mass data through an interactive tool.

Reporting your auditors will trust

Own it outright, keep your data in-country, and hand over tamper-evident evidence on demand.

Buy QueryWell Take the screen-by-screen tour