Last updated July 3, 2026
This privacy notice for GraphyNotes ("GraphyNotes," "we," "us," or "our") describes how and why we collect, store, use, and/or share ("process") your information when you use our services ("Services"), such as when you:
Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you have any questions or concerns, please contact us at contact@graphynotes.com.
This summary provides key points from our privacy notice. You can find more detail on any topic using the table of contents below.
What personal information do we process? When you create an account and use GraphyNotes, we process the account information you provide (such as your email address) and the content you create in the app (your graphs, notes, and node data). We do not require you to provide sensitive personal information to use the Services.
Do we process any sensitive personal information? No. GraphyNotes does not ask for or knowingly process sensitive personal information (such as health data, government IDs, or precise biometric data).
Do you receive any information from third parties? No. We do not purchase or receive information about you from data brokers, marketing partners, or public databases.
How do you process my information? We process your information to create and secure your account, sync and store your graph data, process subscription payments, and respond to support requests. We never process your information for advertising or resell it.
In what situations and with which parties do we share personal information? We share information only with the service providers that operate GraphyNotes on our behalf: Supabase (authentication, database, and cloud storage), Stripe (subscription billing), and Mailjet (contact-form email delivery). We do not sell or share your personal information for advertising purposes.
How do we keep your information safe? We use industry-standard technical and organizational measures, including encryption in transit and at rest, to protect your personal information. No method of transmission or storage is 100% secure, so we cannot guarantee absolute security.
What are your rights? Depending on where you live, you may have rights to access, correct, delete, or export your personal information, and to withdraw consent at any time.
How do I exercise my rights? The easiest way is to contact us at contact@graphynotes.com. We will respond in accordance with applicable data protection laws.
Personal information you disclose to us
In Short: We collect the personal information that you provide to us when you register for an account or contact us.
Account information. When you create a GraphyNotes account, we collect:
Content you create. GraphyNotes lets you build graphs made of nodes, links, notes, and images. This content is yours; we store it so it can sync across your devices. We do not read, scan, or analyze the substance of your notes for any purpose other than providing the Services (e.g., search within your own graphs).
Payment data. If you subscribe to a paid plan, payment is handled entirely by Stripe. We do not collect or store your card number or billing details ourselves — Stripe processes and stores that information under its own privacy policy: stripe.com/privacy.
Support and contact form data. If you contact us through our contact form, we collect your name, email address, and the message you send, and deliver it via our email provider, Mailjet.
Sensitive information. We do not process sensitive information (such as health data, racial or ethnic origin, or precise geolocation).
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such information.
Information automatically collected
In Short: Some technical information — such as your IP address and browser/device characteristics — is collected automatically for security and reliability purposes.
When you visit or use the Services, our infrastructure providers (Supabase, and our hosting/CDN provider) may automatically log technical information such as your IP address, browser type, device type, operating system, and timestamps of requests. This is used solely to operate, secure, and troubleshoot the Services (e.g., detecting abuse, diagnosing errors) — not for advertising or profiling.
In Short: We process your information to provide and secure the Services, communicate with you, and process payments. We never process it for advertising.
We process your personal information for the following reasons:
We do not process your information for targeted advertising, and we do not build advertising profiles.
In Short: We only process your personal information when we have a valid legal reason to do so.
If you are located in the EU, UK, or EEA, this section applies to you.
We rely on the following legal bases under the GDPR / UK GDPR:
We are the "data controller" of the personal information described in this notice.
In Short: We only share information with the service providers that run GraphyNotes on our behalf. We do not sell or rent your information.
We share personal information with the following categories of service providers, each bound by their own privacy/data-processing terms:
We may also disclose information:
We do not sell your personal information, and we do not share it with data brokers, ad networks, or retargeting platforms.
In Short: We use only the cookies/local storage necessary to keep you signed in and remember your preferences — no advertising or cross-site tracking cookies.
GraphyNotes uses essential cookies/local storage set by our authentication provider (Supabase) to keep you logged in, plus locally-stored app preferences (e.g., last-opened graph). We do not use third-party advertising cookies, analytics trackers, or cross-site tracking pixels.
In Short: Your information may be processed on servers located in the United States.
Our infrastructure providers (Supabase, Stripe, Mailjet, Cloudflare) operate servers primarily in the United States. If you access the Services from outside the United States — including from Brazil or the EEA/UK — your information will be transferred to, stored, and processed in the United States and other countries where our providers operate. Each of these providers maintains its own safeguards for international data transfers (e.g., Standard Contractual Clauses where applicable). You can review their policies directly: Supabase, Stripe, Mailjet.
In Short: We keep your information for as long as your account is active, plus a limited period afterward as required for legal or operational reasons.
We retain your account information and graph content for as long as your account remains active. If you delete your account, we delete or anonymize your personal information within a reasonable period, except where we must retain limited records (e.g., billing records) to comply with legal, tax, or accounting obligations, or to resolve disputes.
In Short: We use encryption and industry-standard safeguards, but no system is 100% secure.
We rely on encryption in transit (TLS) and at rest, provided by our infrastructure partners, and follow the principle of least privilege for internal access to production data. Passwords are never stored in plaintext. Despite these measures, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.
In Short: We do not knowingly collect data from children under 18.
GraphyNotes is not directed at children, and we do not knowingly collect personal information from anyone under 18 years of age. By using the Services, you represent that you are at least 18 years old. If we learn that we have collected personal information from a child under 18, we will delete it and deactivate the associated account. If you believe we may have collected information from a minor, please contact us at contact@graphynotes.com.
In Short: Depending on where you live, you may have rights to access, correct, delete, or export your information, and to withdraw consent.
Subject to applicable law, you may have the right to:
You can exercise most of these rights directly from your account (e.g., export or delete a graph from within the app), or by contacting us at contact@graphynotes.com. We will respond in accordance with applicable data protection laws.
If you are in the EEA or UK and believe we are processing your data unlawfully, you have the right to lodge a complaint with your local data protection supervisory authority.
In Short: Yes — residents of California, Virginia, and other states with comprehensive privacy laws have rights to know, access, delete, and correct their personal information, and to opt out of the sale/sharing of personal information. GraphyNotes does not sell or share personal information.
We have not sold or shared any personal information with third parties for monetary or other valuable consideration in the preceding twelve (12) months, and we do not intend to.
The categories of personal information we collect are limited to: identifiers (email address), account credentials, the content you create in the app, and limited technical/log data (see Section 1). We disclose these categories only to the service providers listed in Section 4, strictly to operate the Services — never for advertising.
If you are a resident of California, Virginia, Colorado, Connecticut, Utah, or another state with a comprehensive privacy law, you may have the right to:
To exercise any of these rights, contact us at contact@graphynotes.com. We may need to verify your identity before completing your request. If you use an authorized agent to submit a request, we may require proof of their authorization.
In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this privacy notice from time to time. The updated version will be indicated by an updated "Last updated" date. If we make material changes, we will notify you by posting a notice on the Services or by emailing the address associated with your account. We encourage you to review this notice periodically.
If you have questions or comments about this notice, you may contact us by email at contact@graphynotes.com.
You can review and update your account email and delete graphs directly within the app. To request a full export or deletion of your account and all associated personal information, please contact us at contact@graphynotes.com.