DataMint
DOCUMENTATION

Documentation

Reference for how DataMint works — connections, templates, access, scheduling, and security.

Connections

A connection is an encrypted link to one of your databases (MongoDB or PostgreSQL). DataMint connects read-only and never stores your data. Connect with a least-privilege read-only user; for managed Postgres (Neon/RDS) append ?sslmode=require.

Templates

A template defines a report: source collection/table, included fields, base filters, viewer-exposed filters, optional joins, value transforms, and an optional chart. Field paths support dotted access (e.g. user.email).

Exposed filters

Declare filters viewers can change at run time — string, number, boolean, date, date-range, or multiselect. Base filters always apply; exposed ones merge on top.

Access & sharing

Templates are visible to all org viewers until you grant a specific person — then they become restricted to granted users (admins/builders always see everything). You can also invite a non-member by email to one template, or create a token-gated public link that needs no login.

Exports & limits

Exports stream as Excel-safe CSV. Hard caps: 100,000 rows, 30-second query timeout, and a per-org export rate limit. These are not user-configurable.

Scheduling

Schedules run a template on a cron (with timezone) and email the CSV to recipients. Each run is logged with status, row count, and duration — see a schedule's History.

Security model

  • Read-only query allowlist enforced at the driver.
  • Connection strings encrypted at rest (AES-256-GCM); never returned to the browser or logged.
  • Every metadata query is organization-scoped; outbound DB targets are checked against an SSRF blocklist.
  • JWT auth with short-lived tokens; rate limiting on auth and exports.

Need more?

Check the FAQ or open a ticket from Help inside the app.