Privacy Policy

Effective Date: March 1, 2026

This Privacy Policy describes how Graphiquity Inc. ("Graphiquity," "we," "us," or "our") collects, uses, and protects your information when you use the Graphiquity platform, website, APIs, and related services (the "Service"). By using the Service, you consent to the practices described in this policy.

1. Information We Collect

We collect the following categories of information:

Account Information

• Name and email address provided during registration
• Authentication credentials managed through AWS Cognito (we do not store your password directly)
• Account plan type and billing status

Usage Data

• API request logs, including timestamps, endpoints accessed, and response status codes
• Query execution metadata (query count, execution time) for performance monitoring
• IP addresses and user agent strings from HTTP requests
• Feature usage patterns within the web console

Graph Data (Customer Data)

• All nodes, edges, properties, and associated metadata that you create and store through the Service
• Temporal versioning records (_version, _valid_from, _valid_to) generated by the system

2. How We Use Information

We use the information we collect to:

1. Provide, operate, and maintain the Service
2. Authenticate your identity and authorize access to your data
3. Monitor and improve Service performance, reliability, and security
4. Communicate with you about your account, including service announcements and security alerts
5. Enforce our Terms of Service and protect against abuse
6. Comply with legal obligations

We do not sell your personal information to third parties. We do not use your Customer Data for advertising, training machine learning models, or any purpose other than providing the Service.

3. Data Storage

1. Customer Data is stored in AWS DynamoDB in the us-east-1 (N. Virginia) region.
2. Free-tier accounts store data in a shared DynamoDB table with partition-key-based tenant isolation.
3. Paid-tier accounts receive a dedicated DynamoDB table for enhanced isolation and independent backup capabilities.
4. All data is stored within AWS infrastructure and is subject to AWS's physical and environmental security controls.

4. Data Retention

1. Active Accounts. Your Customer Data is retained for as long as your account is active. Due to the append-only architecture, all versions of your data (including soft-deleted records) are preserved.
2. Account Deletion. Upon account termination, we will retain your data for up to 30 days to allow for data export. After this period, all Customer Data associated with your account will be permanently deleted.
3. Usage Logs. API request logs and usage metadata are retained for up to 90 days for operational and security purposes.

5. Third-Party Services

We use the following third-party services to operate the platform:

• Amazon Web Services (AWS). Infrastructure hosting, including Lambda (compute), DynamoDB (data storage), API Gateway (API management), and CloudFront (content delivery). Subject to the AWS Privacy Policy.
• Amazon Cognito. User authentication and identity management, including account registration, password management, and JWT token issuance. Subject to the AWS Privacy Policy.

We do not integrate with any advertising networks, analytics platforms, or social media tracking services.

6. Security Measures

We implement the following security measures to protect your data:

• Encryption at rest. All data stored in DynamoDB is encrypted at rest using AWS-managed encryption keys (AES-256).
• Encryption in transit. All communication between clients and the Service is encrypted using TLS 1.2 or higher.
• Tenant isolation. Each tenant's data is scoped by partition key prefixes, ensuring that queries and operations cannot access another tenant's data.
• Authentication. API access requires valid JWT tokens (from Cognito) or API keys scoped to your tenant.
• Rate limiting. API endpoints are rate-limited to prevent abuse and protect service availability.

While we take reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

7. Your Rights

You have the following rights regarding your data:

1. Access. You can access all of your Customer Data at any time through the API or web console.
2. Export. You can export your graph data in JSON format through the API at any time.
3. Deletion. You can request deletion of your account and all associated Customer Data by contacting us at privacy@graphiquity.com. We will process deletion requests within 30 days.
4. Correction. You can update your account information through the Service settings.
5. Objection. You may object to certain data processing activities by contacting us. Note that some processing is necessary to provide the Service.

8. Cookies and Local Storage

The Graphiquity web application uses browser localStorage for the following purposes only:

• Theme preference. Storing your selected light or dark theme preference.
• Query history. Storing recent Cypher queries in the web console for convenience.
• Authentication tokens. Storing session tokens issued by AWS Cognito for maintaining your signed-in state.

We do not use tracking cookies, third-party cookies, or any browser fingerprinting techniques. We do not serve advertisements and do not integrate with any ad networks.

9. Children's Privacy

The Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@graphiquity.com and we will take steps to delete such information.

10. International Data Transfers

The Service is hosted in the United States (AWS us-east-1 region). If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to the transfer of your information to the United States.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a notice on the Service at least 30 days before the changes take effect. The "Effective Date" at the top of this page indicates when the policy was last revised. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

12. Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Graphiquity Inc.
Email: privacy@graphiquity.com