Graphy’s Privacy Notice
Graphy’s Privacy Notice

Graphy’s Privacy Notice

🗓️
Last updated: 15/04/2024

❓ What is this notice all about?

We want to be completely transparent about how we collect and use your personal data and this privacy notice exists to tell you exactly how we do this.

This notice applies wherever we decide why and how we process personal data (and therefore act as a Data Controller under data protection law). It covers the personal data we process when you use our services.

Our privacy notice tells you the journey of your personal data from the moment it enters our systems up until it's time for us to say "goodbye 👋", as well as the various stops it makes along the way.

📮 Our contact details

Address: Octagon Point, 5 Cheapside, London EC2V 6AA, United Kingdom

👇 The different ways we process personal data

When you set up a Graphy account
🗂️ What personal data do we collect, why do we collect it, and what legal basis do we rely on?
💡
Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.

When you first set up a Graphy account, we need some information about you to create and manage your account. We'll ask for your work email address, job title, company name, company size, financial details and some information about which types of reports you are interested in generating using Graphy products. The legal basis we rely on for this is Article 6(1)(b) of the GDPR - Contract.

During your onboarding, we may also invite you to a video call where we will confirm your account details. Calls are recorded for training and reference purposes. The legal basis we rely on for this is Article 6(1)(f) of the GDPR - Legitimate Interest.

To keep in touch with you, we will use your name and email to provide you with account updates and relevant communications, and also to invite you to join our customer community. The legal basis we rely on for this is Article 6(1)(f) of the GDPR - Legitimate Interest.

To allow you to embed your graph and save your work, or to take advantage of our AI options and features, you would need to be logged in to your account. If you choose not to generate an embed code, you won’t need to be logged in to an account. For this processing we rely on Article 6(1)(f) of the GDPR - Legitimate Interest.

🗺️ Where do we store it?

To deliver our service, we process and store data using cloud-based applications.

We use survey and automated workflow tools to collect your onboarding information and get you set up quickly.

We use standard applications to process data, such as email, word processing and other office cloud-based software alongside a Customer Relationship Management platform (CRM) and communication services.

We collect payment for our service via a finance platform.

If we ever need to speak with you via video call, we make use of an online booking system and a video call platform. We may use call recording and note taking software which we make use of for training and reference purposes.

Most of the data we process is stored in the EEA, including our platform servers. If any data is transferred to a third country such as the US, we make use of Standard Contractual Clauses, along with the UK Addendum where necessary, to secure the transfer of the data.

If you opt to make use of the AI features on the platform, your data may be processed in the US by Open AI and this transfer is secured by the use of Standard Contractual Clauses, along with the UK Addendum. Open AI will not use your data for model training purposes.

⏲️ How long do we keep it for?

We will retain your personal data while you are a customer of Graphy and for up to 3 months after you leave, in line with our business needs.

We keep financial data for a minimum of 6 years, in line with UK law.

🗂️ What cookies do we collect, why do we collect them, and what legal basis do we rely on?
💡
Cookies are text files placed on your hard drive by a web page server when you visit a website and are saved in your browser's history. They allow the website to recognise your device and store some information about your preferences or past actions. Cookies cannot be used to run programs or deliver viruses to your computer; they are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie.

When you use our website, the cookies can be stored on your device are either first party cookies, which are placed and read by us directly while you are using our website or third party cookies, which are set by other third parties we have partnered with.

Below is a list of the cookies we use and the purposes for which they are used:

Essential cookies
💡
These are essential to the operation of our website and are integral to the functioning of our Website, therefore they cannot be removed.
Name
Provider
Purpose
Expiry
graphy_lockbox; graphy-app
Graphy
Authentication cookies
2 years
Non-essential cookies
💡
These cookies are additional to the the performance of our Website and help us improve the service we provide to you.
Cookie Name
Provider
Purpose
Expiry
ajs_user_id, ajs_group_id, ajs_anonymous_id
Segment
Data analytics for improving the product
1 year
intercom-session-*
Intercom
Live chat software
1 week
amplitude_*
Amplitude
Data analytics for improving the product
10 years
_gid, _gat, _ga
Google Analytics
Data analytics for improving the product
1 day
_dd_s
Datadog
Data analytics for improving the product
15 minutes
fs_uid, fs_session, fs_csrftoken, fs_trusted_device, fs_last_activity, fs_cid_, _fs_tab_id, fs_lua
FullStory
Data analytics for improving the product
1 year, 30 days, 30 days, 60 days, When the session/browser closes, 1 year, When the tab is closed, 30 minutes

Click to find out more about Intercom, Segment, Amplitude, Google Analytics, Datadog, and FullStory cookies.

You can choose not to store Non-essential cookies on your computer when you visit our website, or you can adjust your browser settings to prevent cookies from being saved on your computer. You can find information about how to manage Cookies in the most commonly used browsers at the following addresses:

When you first visit our web app, you will be prompted to customise your cookies selection and be provided with a link to this policy, where you can find more information about the cookies we use.

If you would like to revisit the cookie banner at a later time, open your Settings by clicking on your avatar in the bottom left corner of the screen and then Cookie preferences.

When we raise awareness of our company
🗂️ What personal data do we collect, why do we collect it, and what legal basis do we rely on?
💡
Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.

When we raise awareness of our business, we use your name and email address to share information with you about similar products and services that we offer. The legal basis that we rely on for this processing is Article 6(1)(f) of the GDPR - Legitimate Interest.

🗺️ Where do we store it?

We make use of a Customer Relationship Management (CRM) software, email, and a mail merge system, based in the EEA and US, to share marketing messages with our customers. Wherever any data is transferred to a third country such as the US, we make use of Standard Contractual Clauses, along with the UK Addendum where necessary, to secure the transfer of the data.

⏲️ How long do we keep it for?

We'll retain your name and email address on a marketing list, in line with our retention schedule unless you unsubscribe. Anyone who unsubscribes will be transferred to our ‘do not contact list’. We retain your name and email address so that we know not to contact you with marketing messages.

When you apply for a job with us
🗂️ What personal data do we collect, why do we collect it, and what legal basis do we rely on?
💡
Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.

When you apply for a job with us, we ask you for some information about you to manage your recruitment process, such as your name, contact details and CV. We may also invite you to attend an interview via video call. The legal basis we rely on for this is Article 6(1)(f) of the GDPR - Legitimate Interests.

🗺️ Where do we store it?

We use hiring platforms based in the EEA and US to manage job applications. A US based platform is used for video interviews.

Where data is transferred to a third country such as the US, we make use of Standard Contractual Clauses, along with the UK Addendum where necessary, to secure the transfer of the data.

⏲️ How long do we keep it for?

If you're offered a job with us, we'll retain your data during your employment and remove it in line with our obligations under UK law. Otherwise we will keep your data during your the interview process and remove it after 12 months.

When you use the Graphy Browser Extension

When using the Graphy Browser Extension to extract charts from Google products, you may be asked to provide us with additional permissions that enable us to read data from your Google account. We use these permissions to access the data associated with any charts you have created in Google in order to transfer that data to a Graphy chart.

Graphy's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements

When you visit our website

Our website uses cookies and other similar technologies of which you should be aware.

🗂️ What cookies do we collect, why do we collect them, and what legal basis do we rely on?
💡
Cookies are text files placed on your hard drive by a web page server when you visit a website and are saved in your browser's history. They allow the website to recognise your device and store some information about your preferences or past actions. Cookies cannot be used to run programs or deliver viruses to your computer; they are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie.

When you use our website, the cookies can be stored on your device are either first party cookies, which are placed and read by us directly while you are using our website or third party cookies, which are set by other third parties we have partnered with.

Below is a list of the cookies we use and the purposes for which they are used:

Non-essential cookies
💡
These cookies are additional to the performance of our Website and help us improve the service we provide to you.
Cookie Name
Provider
Purpose
Expiry
_hjSessionUser_{site_id}, _hjHasCachedUserAttributes, _hjUserAttributesHash, _hjUserAttributes, hjViewportId, hjActiveViewportIds, _hjSession_{site_id}, _hjCookieTest, _hjLocalStorageTest, _hjSessionStorageTest, _hjTLDTest
Hotjar
Data analytics for improving the website

Click to find out more about Hotjar cookies.

You can choose not to store Non-essential cookies on your computer when you visit our website, or you can adjust your browser settings to prevent cookies from being saved on your computer. You can find information about how to manage Cookies in the most commonly used browsers at the following addresses:

When you first visit our website, you will be prompted to customise your cookies selection and be provided with a link to this policy, where you can find more information about the cookies we use.

📜 What are your rights?

Your personal data is yours and you have rights in relation to it granted by the UK GDPR, which include:

📮 The right to be informed

You have the right to be informed about the collection and use of your personal data, the purposes for processing, retention periods for that personal data and who it will be shared with.

🗝️ The right of access

You have the right to ask us for copies of the data we hold about you.

The right to object

You have the right to ask us to stop processing your personal information in some circumstances, such as when we are relying on our own (or someone else’s) legitimate interests to process your personal information, when we are processing your personal information for direct marketing or when we are processing your personal information for research.

📝 The right to rectification

You have the right to ask us to rectify the personal information you think is inaccurate or to complete information you think is incomplete.

🧽 The right to erasure

You have the right to ask us to erase your personal information, in some circumstances.

🚫 The right to restrict processing

You have the right to ask us to restrict the processing of your personal information for a duration of time, in some circumstances.

✈️ The right to data portability

You have the right to ask that we transfer the personal information you gave us to another organisation, or to someone else, in some circumstances.

You don't have to pay anything in order to exercise your rights. Please contact us at privacy@graphyapp.com, Octagon Point, 5 Cheapside, London EC2V 6AA, United Kingdom, if you wish to make a request under your rights. We have a calendar month to get back to you with a response.

💔 How you can complain

If you have any concerns about our use of your personal information, please let us know by writing to us at privacy@graphyapp.com

If you are not satisfied with our response or you are unhappy with how we have used your data, you can complain to the Information Commissioner's Office (ICO). You can find the ICO contact details below:

💡
ICO Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, Helpline number: 0303 123 1113.
💡

icon
Powered By Trust Keith