Digraph

Privacy Policy

Last updated: July 19, 2026

This policy applies to Digraph's website and platform. For privacy requests, contact info@digraph.dev.

1. Scope and roles

This policy describes how Digraph collects, uses, discloses, and otherwise processes personal data when you visit our website, contact us, create an account, or use the Digraph platform (collectively, the “Services”). Digraph is responsible for personal data it processes for its own purposes, such as website visitors, account administration, billing, support, and service security.

When an organization uses the Services and provides personal data as part of its content or instructions, that organization normally decides why and how the data is processed. In that context, Digraph generally processes the data to provide the Services on the organization's behalf. If you have a question about such data, please contact the organization directly first.

2. Personal data we collect

CategoryExamplesSource
Account and profile dataName, email address, password authentication data, organization and roleYou or your organization
Customer ContentBrand names, prompts, keywords, URLs, uploaded or entered material, analysis inputs and resultsYou or your organization
CommunicationsSupport requests, feedback, and correspondenceYou
Transaction dataPlan, subscription status, invoices, and billing contact informationYou and payment providers
Usage and device dataPages and features used, timestamps, log events, IP address, browser, device, and operating systemYour device and our infrastructure
Cookie dataCookie preferences and authentication or session informationYour browser

Please do not submit payment-card numbers, government identifiers, health information, or other highly sensitive personal data unless we have explicitly agreed to handle it.

3. How we use personal data

  • Provide, operate, secure, maintain, and support the Services;
  • Create and administer accounts, organizations, and subscriptions;
  • Process Customer Content and generate requested analysis or outputs;
  • Communicate with you about accounts, service changes, support, and transactions;
  • Monitor performance, troubleshoot issues, and improve the Services using aggregated or de-identified information where practical;
  • Detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms; and
  • Comply with legal obligations and protect our rights and the rights of others.

We do not sell personal data or share it for cross-context behavioral advertising. We do not use Customer Content to train Digraph's own general-purpose AI models.

4. Legal bases for EEA and UK users

Where European or UK privacy law applies, we process personal data when it is necessary to perform a contract or take steps at your request; to comply with a legal obligation; for our legitimate interests in operating, securing, and improving the Services, where those interests are not overridden by your rights; or with your consent. You may withdraw consent at any time, without affecting processing that occurred before withdrawal.

5. How we disclose personal data

We disclose personal data only as needed for the purposes above, including to:

  • Service providers that support authentication, databases, storage, hosting, email, analytics, security, and payments, such as Supabase, Google Cloud, Resend, Stripe, and Google OAuth where enabled;
  • AI and data-processing providers used to deliver requested analysis, which may include OpenAI, Anthropic, Google, Perplexity, xAI, Mistral, DeepSeek, or another provider selected through the Services;
  • Your organization's authorized users and administrators;
  • Professional advisers, insurers, and authorities where reasonably necessary to comply with law, protect rights or safety, or respond to legal process; and
  • A successor or prospective successor in connection with a reorganization, financing, sale, or transfer of all or part of the Services, subject to applicable law.

Third-party providers process information under their own terms and privacy notices. Their availability and data practices may change, so this list is not exhaustive.

6. International transfers

The Services and providers we use may process personal data in countries other than the country where you live, including the United States. Where required, we use an appropriate transfer mechanism or safeguard for the transfer, such as contractual commitments or another mechanism recognized by applicable law.

7. Retention

We retain personal data for as long as reasonably necessary to provide the Services, maintain security and records, resolve disputes, meet legal obligations, and enforce agreements. Account data is generally retained while an account is active and for a limited period afterward to support deletion requests, recovery, and legal or operational needs. Backups and de-identified or aggregated data may be retained for longer where permitted by law.

8. Your privacy rights and choices

Depending on your location and the law that applies, you may have the right to request access to, correction of, deletion of, restriction of, or objection to certain processing of your personal data, and to receive a portable copy of certain data. You may also withdraw consent, opt out of marketing communications, or use an authorized agent where applicable. We will verify requests as required by law and will not discriminate against you for exercising applicable rights. If we deny a request, you may have a right to appeal; contact us using the details below.

EEA and UK users may also lodge a complaint with their local data-protection authority. For Customer Content submitted by an organization, please direct your request to that organization first.

To make a request, email info@digraph.dev.

9. Cookies and similar technologies

We use necessary cookies for core functions such as preserving your cookie choice and maintaining a signed-in session. We use Google Analytics only after you choose optional analytics cookies through the cookie banner. We do not currently use marketing cookies.

CategoryPurposeChoice
NecessaryAuthentication, security, and cookie preferencesRequired for core functions
AnalyticsUnderstand website use and improve the experienceOptional; disabled until you consent
MarketingNot currently usedNot applicable

You can manage optional cookies in the cookie banner when it appears or through your browser settings. Blocking necessary cookies may affect the Services.

10. Security

We use reasonable technical and organizational measures designed to protect personal data, including encryption in transit, access controls, and security monitoring. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Children's privacy

The Services are not directed to children under 13, and we do not knowingly collect their personal data. If you believe a child has provided us personal data, contact us so we can take appropriate action.

12. Changes to this policy

We may update this policy as the Services or applicable law changes. We will post the revised policy with an updated “Last updated” date and may provide additional notice for material changes where appropriate.

13. Contact

For privacy questions or requests, email info@digraph.dev. For general service terms, see the Terms of Use.