Privacy Policy
Last Updated: November 29, 2025
1. Information Collection
Information You Provide
We collect information you provide directly to us, including:
- Account information (name, email address, password)
- Payment information (processed by Paddle)
- Graph analysis requests and uploaded images
- Support and feedback communications
- Referral codes and promotional information
Automatically Collected Information
- Usage data and analytics (via PostHog)
- Device information and IP address
- Browser type and operating system
- Session logs and timestamps
2. Use of Information
We use the information we collect to:
- Provide, maintain, and improve our AI analysis services
- Process your transactions and manage subscriptions
- Send you technical notices, updates, and support messages
- Respond to your comments and questions
- Detect, prevent, and address fraud and security issues
- Analyze usage patterns to improve user experience
- Send promotional communications (you can opt-out anytime)
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), we process your personal data based on the following legal grounds:
- Contract: Processing necessary to provide our services to you
- Consent: You have given explicit consent for specific processing activities
- Legitimate Interest: For analytics, fraud prevention, and service improvement
- Legal Obligation: To comply with applicable laws and regulations
4. Data Security
We take reasonable measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction.
- Data encryption in transit (HTTPS/TLS)
- Encrypted storage for sensitive information
- Regular security audits and monitoring
- Access controls and authentication measures
However, no internet transmission is completely secure. We cannot guarantee absolute security of your data.
5. Your Rights (GDPR)
If you are located in the European Economic Area (EEA), you have the following rights:
Right to Access
Request a copy of all personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your personal data ("right to be forgotten"). Note: We may retain certain data for legal or accounting purposes.
Right to Data Portability
Request your data in a machine-readable format (CSV/JSON).
Right to Object
Object to processing of your personal data for marketing purposes.
Right to Restrict Processing
Request restriction of processing in certain circumstances.
How to Exercise Your Rights
Email privacy@graphanalyze.com with your request. We will respond within 30 days.
6. Data Storage and Retention
Data Location
- User data is stored on secure cloud servers
- Payment data is processed by Paddle (servers in US and EU)
- Backups are stored in compliance with data protection regulations
Data Retention
- Account data: Retained while your account is active
- Deleted accounts: Data purged after 7 days (scheduled deletion)
- Analytics data: Anonymized after 90 days
- Legal requirements: May retain data for up to 7 years for tax/accounting
- Analysis history: Retained for service improvement unless you request deletion
International Transfers
If you are in the EEA, your data may be transferred to the United States or other countries. We ensure adequate protection through:
- Standard Contractual Clauses (SCCs)
- Paddle's GDPR-compliant data processing agreement
- Appropriate security safeguards
7. Third-Party Services
We use the following third-party services that process your data:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Paddle | Payment processing | View Policy |
| PostHog | Analytics | View Policy |
| AWS SES | Email delivery | View Policy |
| Google Gemini | AI analysis | View Policy |
8. Cookies and Tracking
Essential Cookies
- Authentication: Keeps you logged in
- Security: CSRF protection and session management
- Preferences: Language, theme settings, and user preferences
Analytics Cookies
We use PostHog for anonymous usage analytics to improve our service. You can opt-out of analytics in your account settings.
Third-Party Cookies
Paddle may set cookies during checkout. See Paddle's Cookie Policy.
Managing Cookies
You can control cookies through your browser settings. Note that disabling essential cookies may affect the functionality of our service.
9. Children's Privacy
Our service is not intended for children under 16 (or 13 in some jurisdictions). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately at privacy@graphanalyze.com and we will delete it promptly.
10. Data Breach Notification
In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.
11. Changes to Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through a prominent notice on our website at least 7 days before the changes take effect. Your continued use of the service after changes become effective constitutes acceptance of the revised policy.
12. Contact Information
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:
- Data Controller: GraphAnalyze
- Privacy Email: privacy@graphanalyze.com
- Support Email: support@graphanalyze.com
- DPO Contact: dpo@graphanalyze.com
For GDPR-related inquiries and data subject requests, please use the privacy or DPO email addresses above.