Legal

Privacy Policy

Last updated: March 3, 2026

1. Introduction

Graphito (“we”, “us”, “our”) operates the graphito.net platform. This policy explains what data we collect, why we collect it, and how we protect it.

2. Data we collect

When you use Graphito, we may collect:

  • Account information — name, email address, and authentication credentials provided through GitHub or Google OAuth.
  • Repository metadata — file names, directory structure, and dependency graphs synced from your connected repositories. We do not store your source code unless you explicitly generate documentation from it.
  • Usage data — interaction logs, feature usage patterns, and anonymized analytics to improve the platform.
  • Agent memory — learnings, decisions, and checkpoints your AI agents store through the MCP protocol.

3. How we use your data

We use your data to:

  • Provide and maintain the Graphito platform and its features.
  • Build and update your project knowledge graphs.
  • Persist agent memory across sessions and IDE clients.
  • Send transactional emails (account confirmations, billing notifications).
  • Improve our search, tagging, and recommendation systems.

4. Data sharing

We do not sell your data. We share data only with:

  • Infrastructure providers — hosting (Railway), database (PostgreSQL), and file storage services that process data on our behalf.
  • Payment processors — Polar handles subscription billing. We do not store credit card details.
  • Legal obligations — when required by law or to protect our rights.

5. Data retention

We retain your data for as long as your account is active. When you delete your account, we remove your personal data and project graphs within 30 days. Anonymized analytics data may be retained indefinitely.

6. Security

We use industry-standard measures to protect your data, including encrypted connections (TLS), secure authentication (OAuth 2.0), and access-controlled infrastructure. API keys are hashed before storage.

7. Your rights

You may request access to, correction of, or deletion of your personal data at any time by contacting us. If you are in the EU/EEA, you have additional rights under the GDPR, including data portability and the right to restrict processing.

8. Cookies

We use essential cookies for authentication and session management. We use privacy-respecting analytics (Amplitude) to understand usage patterns. We do not use third-party advertising cookies.

9. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notice.

10. Contact

For privacy-related questions, reach us at privacy@graphito.net.