Privacy Policy

Last updated: November 21, 2025

At ChartOne, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our chart rendering API service.

Information We Collect

1. Account Information

When you create an account, we collect:

  • Email address
  • Name (optional)
  • Account preferences and settings

2. API Usage Data

To provide and improve our service, we collect:

  • API requests and responses
  • Chart configurations and parameters
  • Chart types, themes, and formats requested
  • Request timestamps and response times
  • API key usage and quota consumption
  • Cache hit/miss statistics

3. Technical Information

For security and rate limiting purposes, we collect:

  • IP addresses
  • User agent strings
  • Request headers
  • Error logs and debugging information

4. Payment Information

Payment processing is handled by Stripe. We do not store your credit card information. We only store:

  • Stripe customer ID
  • Subscription status and plan information
  • Billing history and invoice records

5. Anonymous Usage

For users accessing our API without authentication, we collect:

  • IP addresses for rate limiting (20 requests/day per IP)
  • Basic request metadata
  • No personally identifiable information

How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To process your API requests and generate charts
  • Account Management: To create and manage your account, API keys, and subscriptions
  • Billing: To process payments and manage subscriptions through Stripe
  • Rate Limiting: To enforce usage quotas and prevent abuse
  • Security: To detect and prevent fraudulent activity and unauthorized access
  • Performance Optimization: To cache frequently requested charts and improve response times
  • Analytics: To understand usage patterns and improve our service
  • Communication: To send service-related notifications and support responses

Data Storage and Security

Infrastructure

We use industry-leading cloud infrastructure providers:

  • Database: Neon Database (PostgreSQL) with encryption at rest and in transit
  • Caching: Upstash Redis for temporary chart caching (24-hour TTL)
  • Hosting: Fly.io for application hosting with geographic distribution
  • Payments: Stripe for PCI-compliant payment processing

Security Measures

  • All data transmission uses HTTPS/TLS encryption
  • API keys are hashed using SHA-256 before storage
  • Regular security audits and updates
  • Access controls and authentication mechanisms
  • Automated backups and disaster recovery procedures

Data Retention

  • Account Data: Retained while your account is active
  • Usage Logs: Retained for 90 days for analytics and debugging
  • Cached Charts: Automatically deleted after 24 hours
  • Billing Records: Retained for 7 years for tax and legal compliance
  • Deleted Accounts: Permanently deleted within 30 days of account closure

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • Service Providers: With trusted third-party services (Stripe, Neon, Upstash, Fly.io)
  • Legal Requirements: When required by law, court order, or government regulation
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Protection: To protect our rights, property, or safety, or that of our users

Cookies and Tracking

We use minimal cookies and tracking technologies:

  • Essential Cookies: Required for authentication and session management
  • Analytics: To understand how our service is used and identify areas for improvement
  • No Third-Party Advertising: We do not use cookies for advertising purposes

Your Privacy Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and associated data
  • Export: Download your data in a machine-readable format
  • Opt-Out: Unsubscribe from marketing communications
  • Object: Object to certain processing of your data

To exercise these rights, please contact us at privacy@chartone.dev

GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to be informed about data collection and use
  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making and profiling

Our legal basis for processing your data includes:

  • Contract Performance: To provide our API service
  • Legitimate Interests: For security, fraud prevention, and service improvement
  • Consent: For marketing communications (where applicable)
  • Legal Obligation: For tax and regulatory compliance

CCPA Compliance (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information
  • Right to opt-out of the sale of personal information
  • Right to non-discrimination for exercising your rights

We do not sell your personal information.

Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data, including:

  • Standard contractual clauses approved by the EU Commission
  • Data processing agreements with service providers
  • Compliance with applicable data protection regulations

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Updating the "Last updated" date at the top of this policy
  • Sending an email notification for material changes
  • Displaying a prominent notice on our website

Your continued use of our service after changes become effective constitutes acceptance of the updated Privacy Policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days.

View Terms of Service →Back to Home