The MCP gateway to your databases, for the whole org.
Engineers want agents. Security wants control. QueryBear is the gateway that gives you both.
Why enterprises choose QueryBear
Allowlists, not policies
Lock down tables, columns, and rows in the gateway. PII stays in the DB.
SOC-ready audit log
Every query, every agent, every DB. SIEM-ready out of the box.
Runs on-device, your SSO
Runs on-device behind your firewall. No new prod credentials handed out.
One gateway. Every team's agents.
Answer customer questions without giving anyone SQL.
One platform, total control.
Everything you need to give AI agents safe database access — from schema discovery to audit logging.
All local, own your data.
Every query, credential, and result stays on your engineer's machine. Nothing touches the cloud.
Native Desktop App
A macOS app. No browser, no cloud, no middleman.
Local Network Only
Queries go from your machine to your database. Nothing in between.
Zero Data Exposure
Credentials, schema, and results never touch an external server.
Works with your database.
Connect Postgres, MySQL, or SQLite in seconds — including every managed flavor built on them. Same safety layers, same audit trail, zero config.
PostgreSQL
Full schema detection. Connect with just your credentials.
MySQL
Works out of the box — same safety layers, zero config.
SQLite
Lightweight, local, and embedded. Great for prototyping.
Neon
Postgres
Supabase
Postgres
AWS Aurora
Postgres
Amazon RDS
Postgres
Cloud SQL
Postgres
Timescale
Postgres
CockroachDB
Postgres
Railway
Postgres
PlanetScale
MySQL
MariaDB
MySQL
Aurora MySQL
MySQL
TiDB
MySQL
Turso
SQLite
libSQL
SQLite
Fine-grained access control.
Define exactly which columns each role can see. Sensitive data stays hidden from the people who don't need it.
| Role | id | name | phone | address | dob | salary | ssn | bank_account | |
|---|---|---|---|---|---|---|---|---|---|
| Admin | |||||||||
| Engineer | |||||||||
| Analyst | |||||||||
| Support | |||||||||
| Marketing |
Connect your AI agent.
QueryBear exposes an MCP server your AI agents can use to safely query your databases — no extra setup required.
{
"mcpServers": {
"querybear": {
"url": "https://mcp.querybear.com/mcp"
}
}
}Paste into .cursor/mcp.json in your project root.
claude mcp add querybear https://mcp.querybear.com/mcp
Run this command in your terminal.
{
"mcpServers": {
"querybear": {
"serverUrl": "https://mcp.querybear.com/mcp"
}
}
}Add to your MCP config in Windsurf settings.
{
"mcpServers": {
"querybear": {
"url": "https://mcp.querybear.com/mcp"
}
}
}Add to your claude_desktop_config.json file.
https://mcp.querybear.com/mcp
Paste this URL when adding an MCP server in ChatGPT.
Common questions.
QueryBear currently supports PostgreSQL, MySQL, and SQLite. We're actively expanding to more databases — reach out if you need a specific one.
Your database credentials are encrypted at rest. Every query goes through a security layer with table allowlists, column-level privacy controls, and read-only enforcement. A full audit log tracks every query an agent runs.
No. You control exactly which tables and columns agents can see. QueryBear enforces read-only access by default, and your database credentials are never exposed to agents. We also have a desktop app coming soon — with it, database requests never leave your computer.
Any MCP-compatible client works out of the box — including Cursor, Claude Desktop, Claude Code, Windsurf, and ChatGPT. You just paste a single URL.
Absolutely. The Business plan supports team API key management so multiple agents and team members can share controlled access to the same databases. Admins get full RBAC controls to limit which tables, columns, and operations each team member or agent can access.