Privacy Policy

Last updated: 26 August 2025

This Privacy Policy describes how Chartopia (d12dev) (“we,” “us,” or “our”) collects, uses, stores, and protects your information when you use our website, services, or API (collectively, the “Services”).

We've written this policy to be clear and readable. The blockquotes (like this one) are conversational summaries to make things easy to understand. Everything outside the blockquotes is legally binding.

1. Collection of Personal Information

We may collect the following Personal Data when you use our Services:

  • Account details (e.g., name, email address, login credentials).
  • Contact information provided voluntarily (e.g., support requests).
  • Payment information where required for paid features.
  • User-generated content you upload or create.

Certain information is required to provide the Services (e.g., email for account creation). Optional information is collected only if you choose to provide it.

We retain Personal Data for as long as your account is active or as needed to provide the Services. Certain data may be retained longer if required for legal or regulatory purposes.

In short: we only collect the info we need to run the site and let you create great content. Most of this is pretty minimal.

2. Collection of Non-Personal Information

We may also collect non-personal information automatically, such as:

  • Browser type and version.
  • Device information and operating system.
  • IP address (which may be anonymized where feasible).
  • Usage data (pages visited, features used, API requests).
  • Cookies and analytics identifiers.

This information is used to improve performance, monitor usage, and secure the Services.

3. Managing Your Personal Information

You may access, update, or delete your Personal Data at any time through your account settings or by contacting us directly.

When you request deletion, we will remove your Personal Data from active systems without undue delay. Certain data (e.g., audit logs, contract acceptance records, legal compliance records) may be retained for a limited period as required by law, regulatory obligations, or legitimate interests.

Translation: you control your data, but in some cases we may need to hold on to a minimal record (like account identifiers or billing history) to comply with legal obligations.

4. Use and Processing of Collected Information

We process your Personal Data for the following purposes and under these legal bases:

  • To provide Services (contract necessity)
    Managing accounts, providing API access, processing payments.
  • To improve Services (legitimate interest)
    Analytics, performance monitoring, personalization.
  • To communicate with you (contract or consent)
    Sending service updates, responding to support requests.
  • To comply with legal obligations (legal requirement)
    Record-keeping, security, responding to lawful requests.
  • With your consent
    Where required, such as marketing communications.

We will not use your Personal Data for purposes incompatible with those listed above.

5. Information Transfer and Storage

We store and process data using secure third-party infrastructure providers (e.g., DigitalOcean). Data may be transferred outside your country, including outside the European Economic Area (EEA).

Where data is transferred internationally, we implement appropriate safeguards, such as Standard Contractual Clauses (SCCs) or other GDPR-compliant mechanisms.

Put simply: your data may cross borders, but we'll make sure the legal protections follow it.

6. User Rights

You have the following rights under applicable data protection laws (e.g., GDPR, CCPA):

  • Access your Personal Data.
  • Correct inaccurate or incomplete data.
  • Request deletion of your data.
  • Restrict or object to processing.
  • Port your data to another service.
  • Withdraw consent at any time (where processing is based on consent).
  • Lodge a complaint with a supervisory authority.

To exercise these rights, contact us using the details below.

7. Children's Privacy

Our Services are not directed at children under 13 (or under 16 in the European Union, unless local law allows a lower age). We do not knowingly collect Personal Data from children.

If we become aware that we have inadvertently collected such data, we will delete it without undue delay.

8. Cookies

We use cookies and similar technologies for:

  • Essential purposes (authentication, session management).
  • Functional purposes (preferences, UI settings).
  • Analytics (understanding site usage).
  • Advertising/marketing (only with consent).

You can control cookies via your browser settings. Some features of the Services may not function properly without essential cookies.

For more details, see our Cookie Policy.

9. Information Security

We implement appropriate technical and organizational security measures to protect Personal Data, including:

  • Encryption in transit (HTTPS) and at rest (where feasible).
  • Access controls and authentication measures.
  • Logging and monitoring for suspicious activity.

Despite these measures, no system can be guaranteed 100% secure. You are responsible for safeguarding your account credentials.

10. Data Breach Notification

In the event of a Personal Data breach, we will notify affected users and competent authorities without undue delay and, where feasible, within 72 hours of becoming aware, unless the breach is unlikely to result in a risk to your rights and freedoms.

11. Legal Disclosure

We may disclose Personal Data if required by law, regulation, legal process, or governmental request. Any such disclosure will be limited and proportionate to the request.

12. Changes and Amendments

We may update this Privacy Policy from time to time. Material changes will be notified via email or a prominent notice on the Services. Continued use of the Services after changes take effect constitutes acceptance.

13. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us by using our contact form.