Privacy Policy

This Privacy Policy describes how LLMGraph("we", "us") collects, uses, and shares information when you access or use the Service. By using the Service you agree to the practices described here. If you do not agree, do not use the Service.

We collect the following categories of information:

• Account information: name, email address, profile image, and authentication metadata from identity providers (Google, GitHub) when you sign in.
• Billing information: processed by Stripe. We store the resulting customer and subscription identifiers; we do not store full payment-card numbers.
• Workspace content: prompts, code, configurations, graph definitions, deployment metadata, and other content you create through the Service.
• Usage data: execution logs, request metadata, error traces, and aggregate metrics used for billing, debugging, and abuse prevention.
• Communications: messages you send us through support channels and contact forms.
• Device and connection data: IP address, browser type, and similar information automatically logged when you access the Service.

We use information to:

• Provide, operate, and maintain the Service;
• Authenticate users and manage sessions;
• Process subscriptions, charges, and refunds;
• Send transactional communications (sign-in links, invitations, billing notices);
• Monitor usage, enforce limits, and prevent abuse;
• Investigate security incidents and comply with legal obligations;
• Improve the Service and develop new features.

We rely on third-party providers to operate the Service. These subprocessors process data on our behalf under contractual data-protection terms:

• Amazon Web Services (AWS) — hosting, compute (Lambda, Step Functions), storage, model invocation (Bedrock), email delivery (SES), secrets management.
• Stripe — subscription billing and payment processing.
• Google, GitHub — OAuth identity providers used at your direction when you sign in.
• Vercel — frontend hosting and edge delivery.

We may add or remove subprocessors over time. The list above reflects our current providers and is not a complete record of every vendor relationship.

We share information only as follows:

• With the subprocessors listed above, strictly to operate the Service;
• With other members of your team or workspace, as required by the collaboration features you use;
• In response to legal process, where required by applicable law, or to protect the rights, property, or safety of LLMGraph, our users, or others;
• In connection with a merger, acquisition, financing, or sale of assets, in which case we will provide notice through the Service.

We do not sell personal information.

When you invoke a language model through the Service, the prompt and any associated context are sent to the configured model provider (e.g. Amazon Bedrock) for inference. Your interaction with that provider is governed by the provider's terms and privacy practices in addition to this Policy. We do not use customer prompts or outputs to train foundation models.

We retain account information for the life of your account and for a reasonable period afterward to comply with legal obligations and resolve disputes. Workspace content is retained while your subscription is active and deleted within a reasonable period after account closure, subject to backup and audit retention windows. Execution logs are retained for a limited period sufficient to support billing reconciliation, debugging, and abuse investigation.

We use commercially reasonable administrative, technical, and physical safeguards to protect information, including encryption in transit, encryption at rest for stored data, IAM-isolated runtime environments, and secret management through AWS Secrets Manager. No system is perfectly secure; we cannot guarantee that information will never be accessed or disclosed in a manner inconsistent with this Policy.

Subject to applicable law, you may have the right to:

• Access, correct, or delete personal information we hold about you;
• Export a copy of your account data;
• Object to or restrict certain processing;
• Withdraw consent where processing is based on consent;
• Lodge a complaint with a data-protection authority.

You may exercise most of these rights from your account settings, or by contacting us through the contact page. We may need to verify your identity before fulfilling certain requests.

We use cookies and similar technologies for authentication (session cookies issued by our identity layer), basic analytics, and security. You can control cookies through your browser settings; disabling essential cookies may break sign-in.

The Service is not directed to children under 13 (or the minimum age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

We are headquartered in the United States and process information there and in other countries where our subprocessors operate. Where required, we rely on appropriate transfer mechanisms such as the Standard Contractual Clauses to safeguard cross-border transfers.

We may update this Policy from time to time. If we make material changes we will provide reasonable notice (for example, by email or in-product notice). Continued use of the Service after changes take effect constitutes acceptance.

Questions or requests related to this Policy? Reach us through the contact page.