Privacy Policy

Last updated: February 6, 2026

This Privacy Policy describes how Infograph AI ("we", "us", or "our") collects, uses, and shares your personal information when you use our website and application at infograph.ai (the "Service"). By using the Service, you agree to this policy.

1. Information We Collect

Account Information

When you create an account through our authentication provider (Clerk), we collect your email address, name, profile image, and optionally your phone number.

Automatically Collected Data

When you access the Service, our hosting infrastructure (Cloudflare) automatically collects your IP address, browser type and version, operating system, device identifiers, pages visited, timestamps, referring URL, and error logs. This is used for security, performance monitoring, and abuse prevention.

Usage Data

We collect information about how you interact with the Service, including projects you create, queries and prompts you send to AI features, dashboard configurations, and feature usage patterns.

Files and Data You Upload

You may upload CSV, TSV, JSON, NDJSON, XLSX, and XLS files. These are stored in Amazon Web Services (AWS) S3.

Connected Third-Party Accounts

If you connect external data sources, we access data on your behalf via OAuth:

  • Google Sheets — Spreadsheet names, metadata, and content.
  • Microsoft OneDrive/Excel — File names, metadata, and worksheet data.

These connections are managed through Nango. We only access data you explicitly authorize, and you can revoke access at any time.

Data accessed via connected third-party accounts (including Google Sheets, Microsoft OneDrive/Excel, or any other connected source) is used solely to provide the core functionality of the Service — specifically, to read your data and generate dashboards at your request. This data is:

  • Not used for advertising or cross-context behavioral tracking
  • Not used for AI/ML model training or improvement
  • Not used for analytics beyond what is strictly necessary to operate the Service
  • Only transmitted to Anthropic as strictly necessary to generate the dashboard you requested
  • Not retained beyond what is needed to serve your immediate request

Billing Information

Payment processing is handled by Dodo, our merchant of record. We do not store your payment card details. Dodo collects payment method details, billing address, and transaction history. We store your subscription status, plan type, and billing cycle locally to manage your account.

AI Conversation Data

We store your AI conversation history, including messages you send and AI responses, along with token usage and credit consumption for billing purposes.

2. How and Why We Process Your Data

We process your data for the following purposes, under these legal bases:

  • Contract performance — Providing the Service, managing your account, processing payments, delivering AI-generated dashboards and responses, storing your projects and files, and enforcing usage quotas.
  • Legitimate interests — Security monitoring, fraud prevention, service improvement, and communicating with you about your account. We balance these interests against your privacy rights.
  • Consent — Connecting third-party data sources (Google Sheets, Microsoft OneDrive) and receiving non-essential communications. You may withdraw consent at any time.
  • Legal obligations — Complying with applicable laws, regulations, and legal processes.

3. Third-Party Services and AI Processing

We use the following third-party services to operate the Service:

  • Clerk — Authentication and user management. Privacy Policy
  • Dodo — Payment processing (merchant of record). Privacy Policy
  • Anthropic — AI model provider for AI-powered features. Your data is transmitted to Anthropic to generate responses. Privacy Policy
  • AWS — Cloud infrastructure and file storage. Privacy Policy
  • Nango — OAuth connections for Google and Microsoft integrations. Privacy Policy

When you use AI features, your messages and relevant project context (including chat prompts, data queries and results, code snippets, and project context) are sent to Anthropic to generate responses. We may use anonymized and aggregated data (from which you cannot be identified) to improve the Service, including for analytics. We do not use your raw, identifiable data to train AI models, and we do not use data from connected third-party accounts (including Google Sheets or Microsoft OneDrive) for AI/ML model training or improvement under any circumstances. Please review Anthropic's privacy policy for their data handling practices.

4. Data Sharing

We do not sell or share your personal information for cross-context behavioral advertising. We share your data only in these circumstances:

  • With your consent — When you create public or password-protected share links, the shared content becomes accessible to anyone with the link.
  • Service providers — With the third-party services listed above, solely to operate the Service.
  • Legal requirements — If required by law, regulation, or governmental request.
  • Business transfers — In connection with a merger, acquisition, or sale of assets.

5. Data Storage and Security

Your data is stored on AWS infrastructure. We protect your information with:

  • Encryption in transit (HTTPS/TLS) and at rest
  • CSRF protection and security headers
  • Bcrypt hashing for share passwords
  • Scoped access controls and session validation

No method of transmission or storage is completely secure. We take reasonable measures but cannot guarantee absolute security.

6. Data Retention

  • Account data — Retained while active. Removed within 90 days of account deletion.
  • Project data and files — Retained while active. Soft-deleted items permanently removed within 90 days.
  • AI conversations — Retained while active. Deleted with your account.
  • Server logs — Up to 90 days.
  • Billing records — As required by tax and accounting laws (up to 7 years).

Data may be retained longer where required by law or legal proceedings. To delete your account and data, contact support@infograph.ai. We will process deletion requests within 30 days.

7. Your Rights

Depending on your location, you may have the right to access, correct, delete, or port your personal data, withdraw consent, or object to processing. To exercise any right, contact support@infograph.ai. We will respond within 30 days.

EEA Residents

Your rights are governed by the GDPR. Our legal bases for processing are detailed in Section 2. You may lodge a complaint with your local data protection authority.

US Residents

You may have additional rights under state privacy laws including the CCPA/CPRA, VCDPA, CPA, CTDPA, and UCPA, such as the right to know what data we collect, request deletion, opt out of sale or sharing, and non-discrimination for exercising your rights. We do not sell personal information.

8. Cookies

We use essential cookies for authentication and session management, managed by Clerk. We do not use analytics or advertising cookies.

9. Age Restrictions

The Service is not intended for anyone under 16. We do not knowingly collect data from children under 16. If you believe a child has provided us with personal information, contact support@infograph.ai.

10. International Data Transfers

Infograph AI is based in the Cayman Islands. Your data may be transferred to and processed in other countries, including the United States. By using the Service, you consent to these transfers.

11. Generated Output Disclaimer

AI-generated dashboards, visualizations, and code may contain errors or inaccuracies. You are responsible for reviewing all output before relying on it. The Service does not provide professional, financial, legal, or medical advice.

12. Changes to This Policy

We may update this policy. For material changes that reduce your rights or expand data processing, we will provide at least 30 days notice. Continued use after changes take effect constitutes acceptance.

13. Contact

For questions about this policy, privacy requests, or data protection inquiries: support@infograph.ai