Digraph
Digraph

Privacy Policy / Datenschutzerklärung

Last updated: 02.01.2026

1. Introduction

Digraph ("we," "us," or "our") operates the website digraph.dev and provides AI-powered advertising copy generation and brand monitoring services. This Privacy Policy explains how we collect, use, disclose, and protect your personal data.

Data Controller:
Name Surname
Böhlerstraße 69
40549 Düsseldorf, Germany
Email: privacy@digraph.dev

2. Personal Data We Collect

2.1 Data You Provide

CategoryExamplesPurpose
Account dataName, email addressAccount creation, authentication
Payment dataBilling address, payment method (processed by Stripe)Process subscriptions
Client/campaign dataBrand names, keywords, ad copy inputsProvide the service
CommunicationsEmails, support requestsCustomer support

2.2 Data Collected Automatically

CategoryExamplesPurpose
Usage dataPages visited, features used, timestampsService improvement
Device dataIP address, browser type, OSSecurity, troubleshooting
CookiesSession, preference, analytics (with consent)Functionality, analytics

3. Legal Basis for Processing (GDPR Art. 6)

Processing ActivityLegal Basis
Account creation & service deliveryContract performance (Art. 6(1)(b))
Payment processingContract performance (Art. 6(1)(b))
Essential cookiesLegitimate interest (Art. 6(1)(f))
Analytics cookiesConsent (Art. 6(1)(a))
Marketing emailsConsent (Art. 6(1)(a))
Legal complianceLegal obligation (Art. 6(1)(c))
Fraud preventionLegitimate interest (Art. 6(1)(f))

4. How We Use Your Data

  • Provide, maintain, and improve our services
  • Process payments and manage subscriptions
  • Send transactional emails (confirmations, password resets)
  • Respond to support requests
  • Detect and prevent fraud or abuse
  • Comply with legal obligations
  • Send marketing communications (only with consent)

5. Data Sharing & Recipients

We share personal data only with:

RecipientPurposeLocationSafeguard
Stripe, Inc.Payment processingUSASCCs + DPA
Google (OAuth)AuthenticationUSASCCs + DPA
OpenAI / AzureAI processingUSASCCs + DPA
Hosting providerInfrastructure[EU/USA]DPA

We do not sell your personal data.

6. International Data Transfers

Your data may be transferred to countries outside the EU/EEA, including the USA. We protect such transfers using:

  • EU Standard Contractual Clauses (SCCs)
  • Data Processing Agreements (DPAs)
  • Technical and organizational security measures

7. Data Retention

Data TypeRetention Period
Account dataDuration of account + 30 days after deletion
Payment records10 years (German tax law)
Support communications3 years
Server logs90 days
Analytics data14 months

8. Your Rights (GDPR)

You have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erase your data ("right to be forgotten") (Art. 17)
  • Restrict processing (Art. 18)
  • Data portability – receive your data in a structured format (Art. 20)
  • Object to processing based on legitimate interest (Art. 21)
  • Withdraw consent at any time (Art. 7(3))
  • Lodge a complaint with a supervisory authority

To exercise your rights: Email privacy@digraph.dev

Supervisory Authority:
Landesbeauftragte für Datenschutz und Informationsfreiheit NRW
https://www.ldi.nrw.de

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose
  • Delete your personal information
  • Correct inaccurate personal information
  • Opt-out of the sale or sharing of personal information
  • Non-discrimination for exercising your rights

We do not sell or share your personal information as defined by the CCPA.

Categories of personal information collected (past 12 months):

  • Identifiers (name, email, IP address)
  • Commercial information (subscription, payment history)
  • Internet activity (usage data, cookies)

To submit a request: Email privacy@digraph.dev with subject "CCPA Request"

10. Cookies

We use cookies and similar technologies:

Cookie TypePurposeConsent Required
EssentialSite functionality, securityNo
PreferencesRemember your settingsNo
AnalyticsUnderstand usage patternsYes
MarketingTargeted advertisingYes

Manage preferences via our cookie banner or browser settings. For details, see our Cookie Policy.

11. Security

We implement appropriate technical and organizational measures:

  • HTTPS/TLS encryption
  • Access controls and authentication
  • Regular security assessments
  • Data minimization
  • Employee confidentiality obligations

12. Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect data from children. If you believe a child has provided us data, contact privacy@digraph.dev.

13. Changes to This Policy

We may update this Privacy Policy. Material changes will be notified via email or website notice. Continued use after changes constitutes acceptance.

14. Contact

For privacy inquiries:

Name Surname
Böhlerstraße 69
40549 Düsseldorf, Germany
Email: privacy@digraph.dev