Privacy Policy | Chartissimo

Chartissimo LLC ("Chartissimo," "we," "us," or "our") operates the Chartissimo web application and related services at chartissimo.com. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

By using Chartissimo, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the service.

The key thing to know: Your spreadsheet values stay on our servers and are never sent to any AI provider. When we generate styled charts, only abstract geometric shapes (bars, lines, pie slices) are sent to the AI — never your actual data values, labels, or source information.

1. Information We Collect

Account Information

When you sign in with Google OAuth, we receive and store your name, email address, and profile photo from your Google account. We do not receive or store your Google password. Google handles authentication directly — we only receive an authorization token confirming your identity.

Chart Data

When you paste spreadsheet values into Chartissimo, those values are transmitted to and stored on our servers. We use this data to generate chart geometry (bars, columns, lines, pie slices) and to maintain your chart history so you can revisit and rework previous charts.

Generated Images

The styled chart images that Chartissimo produces are stored on our servers as part of your chart history. These images are associated with your account so you can access, download, and rework them later.

Usage Data

We collect anonymized usage data including page views, feature usage, and scroll depth. This data is collected via the Google Analytics 4 (GA4) Measurement Protocol on the server side. A client ID is stored in your browser's localStorage (not in cookies) to associate usage events across sessions. This data helps us understand how Chartissimo is used and where to focus improvements.

Payment Information

All payment processing is handled entirely by Stripe, which is PCI Level 1 certified — the highest level of payment security certification. We never store credit card numbers, CVVs, or full card details on our servers. We store only your Stripe customer ID and subscription metadata (plan type, billing period, subscription status) to manage your account.

2. How We Protect Your Data During Chart Generation

We want to be very clear about what happens to your data when you generate a styled chart:

Your data stays with us. The spreadsheet values you paste are processed on our servers to create abstract chart geometry — rectangles for bar charts, lines for line charts, circle segments for pie charts.
Only geometry goes to the AI. The abstract geometric image (with no data values, no labels, and no source information) is sent to our AI style-transfer provider to apply the visual style you selected.
Labels are added last. After the styled image is returned, we overlay your data labels on our servers. The AI provider never sees your numbers or text.

This architecture means that even if a third-party AI provider were compromised, your underlying data would not be exposed.

3. How We Use Your Information

We use the information we collect for the following purposes:

Service delivery: Generating styled charts from your data, maintaining your chart history, and providing account features like relabeling, rerolling, and downloading.
Account management and billing: Managing your subscription, processing payments through Stripe, tracking credit usage, and communicating account-related information.
Product improvement and analytics: Understanding how features are used, identifying bugs, and prioritizing development work. Usage analytics are aggregated and anonymized.
Customer support: Responding to your questions, troubleshooting issues, and providing assistance via email.

We do not sell your personal information. We do not use your chart data to train AI models. We do not share your data with third parties for their marketing purposes.

4. Third-Party Services

Chartissimo relies on the following third-party services to operate. Each service receives only the minimum data necessary for its function:

Google OAuth — Authentication only. Confirms your identity; we receive your name, email, and profile photo.
Supabase — Database, authentication session management, and image storage. Hosts your account data, chart history, and generated images. US-based infrastructure.
Stripe — Payment processing. Handles all credit card and billing information directly. PCI Level 1 certified. See Stripe's Privacy Policy.
Replicate — AI image generation. Receives abstract chart geometry images only (no data values, no labels, no user information). Used to apply artistic styles to chart shapes.
Google Cloud Run — Application hosting. Our backend runs in Google Cloud's us-west1 region (The Dalles, Oregon).
Loops.so — Transactional email delivery (account notifications, receipts). Receives your email address and name for message delivery only.

5. Data Storage and Security

Your data is stored using the following infrastructure:

Database and authentication: Supabase, with US-based infrastructure, row-level security policies, and encrypted connections.
Application hosting: Google Cloud Run in the us-west1 region (Oregon), with HTTPS encryption in transit.
Generated images: Supabase Storage, with access controls tied to your account.

We use HTTPS for all data in transit. Database access is protected by row-level security policies that ensure users can only access their own data. We follow security best practices, but no method of transmission or storage is 100% secure. If you become aware of a security issue, please contact us immediately at team@chartissimo.com.

6. Cookies and Local Storage

Chartissimo does not use cookies — not first-party, not third-party, not tracking cookies of any kind.

We do use browser localStorage for two purposes:

Anonymous client ID: A randomly generated identifier used for aggregated analytics (page views, feature usage). This is not linked to your identity unless you are signed in.
Authentication session tokens: Stored locally to keep you signed in between page loads. These tokens are issued by Supabase and expire automatically.

You can clear localStorage at any time through your browser settings. Doing so will sign you out and reset your anonymous analytics ID.

7. Data Retention

We retain your account data and chart history for as long as your account is active. If you delete your account, we will remove your personal data within 30 days. Some data may be retained in encrypted backups for a limited period beyond that, but will not be actively used.

If you need your data deleted immediately, contact us at team@chartissimo.com and we will process your request as quickly as possible.

8. Your Rights

You have the right to:

Access the personal data we hold about you.
Correct inaccurate or incomplete data.
Delete your account and associated data.
Export your data in a portable format.

To exercise any of these rights, email us at team@chartissimo.com. We will respond within 30 days.

9. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

Right to know: You can request a detailed accounting of what personal information we have collected about you, the sources, the business purposes, and the categories of third parties with whom it has been shared.
Right to delete: You can request deletion of your personal information, subject to certain exceptions.
Right to opt-out of sale: You have the right to opt out of the sale of your personal information.

We do not sell personal information. Chartissimo has never sold personal information and has no plans to do so. There is no need to opt out because there is nothing to opt out of.

We will not discriminate against you for exercising any of your CCPA rights. To submit a request, email team@chartissimo.com.

10. Children's Privacy

Chartissimo is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at team@chartissimo.com and we will delete that information promptly.

11. International Users

Chartissimo is operated from the United States. If you are accessing the service from outside the US, please be aware that your data will be transferred to, stored, and processed in the United States. By using Chartissimo, you consent to the transfer of your data to the US and the processing of your data under US law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Effective date" at the top of this page. For significant changes, we may notify you via email or through a notice in the application. We encourage you to review this page periodically.

13. Contact Us

If you have questions about this Privacy Policy, your data, or your rights, contact us at:

Chartissimo LLC
California, United States
team@chartissimo.com