Privacy policy

This privacy policy explains which data we collect about you and how we use it. It also explains your rights about this data and how to exercise them. By using our service, you accept this privacy policy. If you are in disagreement with it, please do not use our service and contact us to get your data deleted.

Preamble

When designing GraphMe, we took privacy very seriously from the beginning. No company wants to risk compromising information by sharing it with a third party service that is spying on it. That is why we collect only the very minimal amount of information needed to keep the product running, and nothing more. You are not the product, GraphMe is!

Which data we collect

Account information: When you install the application, we get access to your identity and the identity of the workspace the application has been installed in. When you subscribe to a plan, we get access to billing information (name, email address, billing address). Account information is stored until your account is closed. Billing information may be stored undefinitely when necessary for regulatory or compliance purposes.

Content submitted through our service: When using our service, you voluntarily store content into it, such as connection information, queries and graphs. It can be via our Web console or via the application for Slack. Interactions from users may also result in some content being generated, such as graphs. We keep track of every command that was sent to our service. It includes metadata such as the user ID, channel ID and command issued. Content submitted through our service is stored until you voluntarily choose to delete it (when applicable), or until your account is closed.

Information from Slack: Our service listens to some events from Slack. This includes reactions to commands, interactivity that result from it, and lifecycle of the application for Slack. When you install the application for Slack, you are redirected to Slack where you have to give your consent for us to access this data. The token associated with your installation of GraphMe is stored until you uninstall the application, or until your account is closed. Other information obtained from Slack is processed in-memory and not persisted.

Information from Grafana: When a request is sent to the instance of Grafana you configured, we access information such as configured dashboards and their panels. While we have access to data stored in Grafana, we do not process any personal information that might be stored there. Information obtained from Grafana is processed in-memory and not persisted.

Website statistics: Our websites contain a privacy-preserving tracking code. We collect data about which pages are visited, referrals, entry and exit pages, time spent, device type, browser type and country. It does not rely on any cookies to collect data, meaning individual users are not tracked. Website statistics are anonymous and may be stored undefinitely.

Logs and metrics: We collect technical data about every interaction with our service. This may include your operating system, device type, browser type, IP address, time of access, loading time, HTTP status code and crash reports. Logs and metrics may be stored up to one year.

How we use collected data

To provide the service: First and foremost, we use aforementioned collected data to provide you with a service.

To communicate with you about the service: We may use collected data to send you emails or Slack messages about your service usage. For example, we may send you notifications when you reached a quota, or if your payment was declined.

For research and development: We may use collected data for analytics purposes. This allows us to better understand how you use our service, and to improve it.

To protect our legitimate business interests and legal rights: Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.

How we share collected information

We share collected information with a restricted set of third party services, also known as sub-processors.

Fathom: Fathom is our privacy-preserving website analytics provider. They have access to website statistics. Please refer to Fathom’s Privacy Policy to learn more about how they process data.

Cloudflare: Cloudflare is our CDN (Content Delivery Network) provider. Every request to our app goes through Cloudflare first. They have access to access logs.

Cloudflare is also our blob storage provider. They have access to rendered graphs. Please refer to Cloudflare’s Privacy Policy to learn more about how they process data.

Slack: Slack is the platform with which you interact with GraphMe. They have access to your interactions with our service. Please refer to Slack’s Privacy Policy to learn more about how they process data.

Stripe: Stripe is our payment provider. They have access to payment information. Please refer to Stripe’s Privacy Policy to learn more about how they process data.

Sentry: Sentry is our error tracking system. They have access to errors that may happen when you use our service. Please refer to Stripe’s Privacy Policy to learn more about how they process data.

Logtail: Logtail is our logging system. They have access to various logs such as access logs and system logs. Please refer to Logtail’s Privacy Policy to learn more about how they process data.

Grafana Cloud: Grafana Cloud is our observability system. They have access to access metrics and usage statistics. Please refer to Grafana’s Privacy Policy to learn more about how they process data.

Your rights

We follow the GDPR framework, which gives you the following rights.

The right to be informed

You have the right to be informed about how we collect and use your personal data. This is the purpose of this privacy policy.

The right of access

You have the right to receive a copy of personal data we collected about you.

The right to rectification

You have the right to correct your personal data if it is incorrect.

The right to erasure

You have the right to get your personal data deleted. This is not an absolute right, there are exceptions that may prevent us from completing such as request.

The right to restrict processing

Alternatively to removing your personal data, you have the right to restrict how we use it. We will still store your personal data, but stop processing it. This is not an absolute right, there are exceptions that may prevent us from completing such as request.

The right to data portability

You have the right to export your personal data in a machine readable format, and reuse it for your own purpose in a different service.

The right to object

You have the right to object the processing of your personal data. In particular, you have the right to object your personal data being used for marketing purposes.

Request data deletion

Regardless of whether you are subject to the GDPR, you can always request your data to be deleted by reaching out to us at [email protected]

Changes to our privacy policy

We may change this privacy policy from time to time. In case of a significant change, we will notify you by email or Slack. We recommend anyway that you periodically review this privacy policy.

Contact us

If you have questions or concerns, or wish to exercise your data rights, including data deletion, please contact us at [email protected]