Privacy Policy
Last updated: July 19, 2026
This policy applies to Digraph's website and platform. For privacy requests, contact info@digraph.dev.
1. Scope and roles
This policy describes how Digraph collects, uses, discloses, and otherwise processes personal data when you visit our website, contact us, create an account, or use the Digraph platform (collectively, the “Services”). Digraph is responsible for personal data it processes for its own purposes, such as website visitors, account administration, billing, support, and service security.
When an organization uses the Services and provides personal data as part of its content or instructions, that organization normally decides why and how the data is processed. In that context, Digraph generally processes the data to provide the Services on the organization's behalf. If you have a question about such data, please contact the organization directly first.
2. Personal data we collect
| Category | Examples | Source |
|---|---|---|
| Account and profile data | Name, email address, password authentication data, organization and role | You or your organization |
| Customer Content | Brand names, prompts, keywords, URLs, uploaded or entered material, analysis inputs and results | You or your organization |
| Communications | Support requests, feedback, and correspondence | You |
| Transaction data | Plan, subscription status, invoices, and billing contact information | You and payment providers |
| Usage and device data | Pages and features used, timestamps, log events, IP address, browser, device, and operating system | Your device and our infrastructure |
| Cookie data | Cookie preferences and authentication or session information | Your browser |
Please do not submit payment-card numbers, government identifiers, health information, or other highly sensitive personal data unless we have explicitly agreed to handle it.
3. How we use personal data
- Provide, operate, secure, maintain, and support the Services;
- Create and administer accounts, organizations, and subscriptions;
- Process Customer Content and generate requested analysis or outputs;
- Communicate with you about accounts, service changes, support, and transactions;
- Monitor performance, troubleshoot issues, and improve the Services using aggregated or de-identified information where practical;
- Detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms; and
- Comply with legal obligations and protect our rights and the rights of others.
We do not sell personal data or share it for cross-context behavioral advertising. We do not use Customer Content to train Digraph's own general-purpose AI models.
4. Legal bases for EEA and UK users
Where European or UK privacy law applies, we process personal data when it is necessary to perform a contract or take steps at your request; to comply with a legal obligation; for our legitimate interests in operating, securing, and improving the Services, where those interests are not overridden by your rights; or with your consent. You may withdraw consent at any time, without affecting processing that occurred before withdrawal.
5. How we disclose personal data
We disclose personal data only as needed for the purposes above, including to:
- Service providers that support authentication, databases, storage, hosting, email, analytics, security, and payments, such as Supabase, Google Cloud, Resend, Stripe, and Google OAuth where enabled;
- AI and data-processing providers used to deliver requested analysis, which may include OpenAI, Anthropic, Google, Perplexity, xAI, Mistral, DeepSeek, or another provider selected through the Services;
- Your organization's authorized users and administrators;
- Professional advisers, insurers, and authorities where reasonably necessary to comply with law, protect rights or safety, or respond to legal process; and
- A successor or prospective successor in connection with a reorganization, financing, sale, or transfer of all or part of the Services, subject to applicable law.
Third-party providers process information under their own terms and privacy notices. Their availability and data practices may change, so this list is not exhaustive.
6. International transfers
The Services and providers we use may process personal data in countries other than the country where you live, including the United States. Where required, we use an appropriate transfer mechanism or safeguard for the transfer, such as contractual commitments or another mechanism recognized by applicable law.
7. Retention
We retain personal data for as long as reasonably necessary to provide the Services, maintain security and records, resolve disputes, meet legal obligations, and enforce agreements. Account data is generally retained while an account is active and for a limited period afterward to support deletion requests, recovery, and legal or operational needs. Backups and de-identified or aggregated data may be retained for longer where permitted by law.
8. Your privacy rights and choices
Depending on your location and the law that applies, you may have the right to request access to, correction of, deletion of, restriction of, or objection to certain processing of your personal data, and to receive a portable copy of certain data. You may also withdraw consent, opt out of marketing communications, or use an authorized agent where applicable. We will verify requests as required by law and will not discriminate against you for exercising applicable rights. If we deny a request, you may have a right to appeal; contact us using the details below.
EEA and UK users may also lodge a complaint with their local data-protection authority. For Customer Content submitted by an organization, please direct your request to that organization first.
To make a request, email info@digraph.dev.
10. Security
We use reasonable technical and organizational measures designed to protect personal data, including encryption in transit, access controls, and security monitoring. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
11. Children's privacy
The Services are not directed to children under 13, and we do not knowingly collect their personal data. If you believe a child has provided us personal data, contact us so we can take appropriate action.
12. Changes to this policy
We may update this policy as the Services or applicable law changes. We will post the revised policy with an updated “Last updated” date and may provide additional notice for material changes where appropriate.
13. Contact
For privacy questions or requests, email info@digraph.dev. For general service terms, see the Terms of Use.