Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your data.

Summary (For the Human Reader):
We only collect the data needed to provide and improve our database lineage analyzer and SQL dependency visualization tool. We don't sell your data. Your uploaded database scripts are processed in-memory only and deleted immediately after analysis. You can delete your account at any time. We use industry-standard tools to protect your info. If you have any questions, contact us through our Contact page.

This Privacy Policy describes how Graphenza ("we", "our", or "us") collects, uses, and shares information about you when you use our website (graphenza.com) and our database lineage analysis and enterprise data flow visualization services (collectively, the "Service"). Please read this Privacy Policy carefully to understand our practices regarding your personal data.

1. Definitions

  • Account: A unique account created for you to access our Service or parts of our Service.
  • Company: "Graphenza", "we", "us", or "our" refers to the legal entity operating the Service.
  • Cookies: Small files placed on your device by a website, containing details of your browsing history and preferences.
  • Data Controller: For GDPR, the Company is the legal person determining the purposes and means of processing Personal Data.
  • Device: Any device that can access the Service, such as a computer, smartphone, or tablet.
  • Personal Data: Any information relating to an identified or identifiable individual (see GDPR/CCPA definitions).
  • Service: The online services, website, and software provided by Graphenza at graphenza.com, including our data lineage tool for Oracle, PostgreSQL, SQL Server and database ETL analysis tool.
  • Service Provider: Any natural or legal person who processes data on behalf of the Company (e.g., payment processors, cloud providers).
  • Usage Data: Data collected automatically, generated by the use of the Service or from the Service infrastructure itself (e.g., duration of a page visit, analysis count).
  • You: The individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service.

2. Data We Collect

2.1 Account Information

We collect the following personal data when you create an account:

  • Email address and username (for account creation and authentication)
  • Password (stored as encrypted hash using industry-standard hashing algorithms)
  • Subscription plan information (current plan, plan start/end dates, subscription ID)
  • Account creation date and last login timestamp

2.2 Database Scripts and Analysis Data

Critical Privacy Feature: Your uploaded SQL, PL/SQL, and database script files are:

  • Processed in-memory only (not saved to disk or permanent storage)
  • Deleted immediately after analysis (files are removed from server memory as soon as processing completes)
  • Never shared with third parties (we do not transmit your database scripts to external services)
  • Stored only in your browser's localStorage (analysis results/visual graphs are stored client-side, not on our servers)
  • Automatically cleared on logout (all client-side data is removed when you log out)

We do not retain copies of your database scripts, and we do not use your scripts for training machine learning models or any other purpose beyond providing the analysis service you request.

2.3 Usage Data

We collect basic usage statistics to improve our Service:

  • Tool usage logs (which tools you use, timestamps, analysis count)
  • File upload metadata (file count, file sizes, file types - but NOT file contents)
  • Analysis results metadata (number of nodes/edges in generated graphs - but NOT the actual graph data)
  • IP address (for security and fraud prevention)
  • Browser type and version (for compatibility purposes)

2.4 Payment Information

Payment information is processed by Paddle (and Stripe when available). We do not store or collect your payment card details. That information is provided directly to our payment processors, whose use of your personal information is governed by their privacy policies.

3. How We Use Your Data

We use your personal data to:

  • Provide, maintain, and improve our database lineage analyzer and SQL dependency visualization tool
  • Process your database scripts and generate visual lineage graphs
  • Manage your account and subscription
  • Send you service-related communications (account verification, password resets, subscription updates)
  • Monitor and analyze usage patterns to improve our Service
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

We do NOT: Sell your data to third parties, use your database scripts for training AI models, share your analysis results with other users, or use your data for advertising purposes.

4. Data Subject Requests and Your Rights

You may submit a Data Subject Request or other privacy request by contacting us through our Contact page. Depending on your location, you may have rights under GDPR, CCPA, or other laws, including the right to access, correct, delete, restrict, or object to processing of your data, and the right to data portability. We may need to verify your identity before processing your request.

5. GDPR Privacy

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your Personal Data in accordance with the General Data Protection Regulation (GDPR). You have the right to access, rectify, erase, restrict, or object to processing of your data, and to data portability. You may withdraw your consent at any time. To exercise your rights, contact us through our Contact page. You also have the right to lodge a complaint with a supervisory authority.

6. CCPA Privacy

This section applies to California residents. Under the California Consumer Privacy Act (CCPA), you have the right to know what personal information is collected, used, shared, or sold; the right to delete personal information; the right to opt out of the sale of personal information; and the right to non-discrimination for exercising your rights. To exercise your rights, contact us through our Contact page. We do not sell any personal information or user data to third parties. We do not sell the personal information of users under 16 years of age.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

  • Encrypted password storage: Passwords are hashed using industry-standard algorithms (bcrypt)
  • Secure session management: Sessions are managed securely with automatic timeout
  • HTTPS encryption: All data transmission is encrypted in transit (in production)
  • Automatic data cleanup: Client-side data is automatically cleared on logout
  • File upload validation: Files are validated for type, size, and security before processing
  • Rate limiting: API endpoints are rate-limited to prevent abuse
  • Input validation: All user inputs are validated to prevent SQL injection and other attacks
  • Audit logging: Security events are logged for monitoring and investigation

However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

8. Data Retention

We retain your account data until you delete your account. Specifically:

  • Account information: Retained until account deletion
  • Uploaded database scripts: Processed in-memory and deleted immediately after analysis (not retained)
  • Analysis results: Stored only in your browser's localStorage, automatically cleared on logout
  • Usage logs: Retained for service improvement and security purposes, anonymized after 90 days
  • Payment records: Retained as required by law and payment processor policies

You can request deletion of your account and all associated data at any time through your Settings page or by contacting us.

9. International Data Transfers

Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country.

If you are located in the EEA, United Kingdom, or Switzerland, we ensure that any transfer of your personal information to countries outside these regions is done in accordance with applicable data protection laws, including through the implementation of appropriate safeguards such as standard contractual clauses.

10. Children's Privacy

Our Service is not directed to children under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information from our records.

11. Third-Party Links and Services

Our Service may contain links to third-party websites, services, or applications that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policies of these third parties.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and to hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

The types of cookies we use include:

  • Essential Cookies: Necessary for the operation of our Service (session management, authentication)
  • Analytical/Performance Cookies: Allow us to recognize and count the number of visitors and see how visitors move around our Service
  • Functionality Cookies: Enable us to personalize our content for you and remember your preferences

We do NOT use targeting/advertising cookies or share your data with advertising networks.

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

Changes to this Privacy Policy are effective when they are posted on this page. If we make material changes, we will notify you via email or through a notice on our Service.

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us through our Contact page or email us at support@graphenza.com.

By using Graphenza, you consent to our collection, use, and sharing of your information as described in this Privacy Policy.

Last updated: January 5, 2026