GraphVision Logo

GraphVision

Legal

Privacy Policy

Last updated: December 17, 2025

1. Data Controller

GraphVision AI
(Your Legal Entity – Spain)
Email: info@graphvision.co

We comply fully with EU GDPR and Spanish AEPD regulations.

2. Overview

This Privacy Policy explains how GraphVision collects, processes, stores, and protects personal data.

We utilize advanced tenant-level encryption for scientific manuscripts and project data to ensure that your research content remains secure and isolated.

3. Data We Collect

Account Data

  • Display Name
  • Email
  • Google Profile Photo

Billing Information

Securely processed by Stripe.

Usage Data

  • Mode selection
  • Export counts
  • Error logs (which never include manuscript content)

Project Data

  • Generated JSON diagrams
  • Generated images
  • Generation metadata (title, type, timestamps)

User Content

Input text and prompts are stored only in encrypted format.

4. Scientific Manuscript & Data Privacy

We prioritize the security of your intellectual property through a strict Encryption-at-Rest policy.

Encryption Architecture

  • All user-generated text (inputs, prompts, and summaries) is encrypted using unique, per-user cryptographic keys before being written to our database.
  • Each user is assigned a unique encryption key ("Tenant Key").
  • This Tenant Key is itself encrypted using a master security key before storage.
  • This ensures that your data is cryptographically isolated from other users' data.

Data Processing

  • Manuscript text exists in plaintext only within the secure, ephemeral memory (RAM) of our servers during the generation process.
  • We do not store plaintext manuscripts in our persistent databases or backups.
  • If you delete your account, the unique key associated with your data is destroyed, rendering your stored content permanently unrecoverable (Crypto-shredding).

AI Processing

Text is transmitted securely via TLS (HTTPS) to our AI partners (Google Gemini) solely for the purpose of content generation. Your content is processed in accordance with Google's Privacy Policy.

5. Legal Basis for Processing (GDPR Article 6)

We process personal data based on:

  • Contract Necessity: To provide the visual generation service.
  • Legitimate Interest: Platform stability and security.
  • Consent: Cookies, analytics, and optional features.

6. Data Retention

  • Account Data: Retained until you delete your account.
  • Billing Data: Retained as required by tax and accounting laws.
  • Encrypted Content: Stored until you delete specific projects or your account.
  • Logs: Retained for 90 days; never include manuscript content.

7. Data Sharing

We use only GDPR-compliant processors. None of these providers have access to your encryption keys or the ability to decrypt your stored content at rest:

  • Supabase (Database Hosting)
  • Stripe (Payments)
  • Google OAuth (Authentication)
  • Google Gemini (AI Generation)

8. Your GDPR Rights

You may request:

  • Access to your data.
  • Correction or deletion of your data.
  • Export of your data.
  • Withdrawal of consent.
  • Complaint to the Spanish Data Protection Agency (AEPD).

Submit requests to: info@graphvision.co

9. Contact

For privacy questions:

info@graphvision.co