Privacy Policy – Nicegraphs

1. Data Controller Identification

This Privacy Policy describes how personal data is processed by the Nicegraphs platform, operated by an independent developer located in São Paulo – SP, Brazil.

For matters related to personal data, contact can be made via email: [email protected].

2. Data Collected

Account Data:

• Username
• Email
• Google ID (when authenticated via Google)
• Encrypted password (when not authenticated via Google)
• Account creation date
• User plan

Usage Data:

• Text provided for chart generation
• Chart generation history
• AI model used
• Date and time of generations
• Internal consumption data related to usage

We use cookies exclusively for authentication via JWT token.

3. Purpose of Data Processing

• Email: authentication and contact.
• Google ID: authentication via Google account.
• Username: account identification.
• Encrypted password: secure account access.
• Submitted text: chart generation and history storage.
• Creation date: internal tracking.

Data processing is primarily based on contract execution (platform usage), legitimate interest for security and service improvement, and consent when applicable.

4. Storage and Retention

Data is stored on infrastructure hosted by DigitalOcean, with servers located in the United States.

Periodic backups are performed.

Data remains stored while the account is active and even after deactivation, until the user requests permanent deletion.

Generations made without a linked account are stored anonymously.

5. Sharing with Third Parties

For service operation, certain data may be shared with:

• OpenAI (text processing via AI)
• Google (Gemini and authentication)
• DeepSeek (AI processing)
• Stripe (payment processing)
• Google Analytics (traffic analysis)
• Google AdSense (ad display on the free plan)

Text provided for chart generation is sent to artificial intelligence APIs for processing. Email addresses are not sent to AI APIs.

6. International Data Transfer

As part of the infrastructure and services used, data may be stored or processed outside of Brazil, especially in the United States.

By using the platform, the user acknowledges this international data transfer.

7. Cookies

We use authentication cookies to keep the user session active. Third-party services such as Google Analytics and Google AdSense may use their own cookies, according to their respective policies.

8. User Rights

The user may, at any time:

• Access their data.
• Correct information.
• Request deletion.
• Request portability when applicable.

Account deletion or deactivation can be performed through the platform itself. Specific requests can be made via email.

9. Account Deletion

Account deactivation does not imply immediate full data deletion. Permanent deletion can be expressly requested by the user.

10. Security

We adopt technical security measures, including:

• HTTPS
• Encrypted password storage
• Server firewall
• Rate limiting to prevent abuse

11. Children's Data

The platform does not contain inappropriate content. There is no intentional collection of sensitive data from minors.

12. Advertising

The free plan displays ads through Google AdSense. We do not directly sell personal data.

13. Legal Basis

Data processing is primarily based on contract execution, legitimate interest for security and service improvement, and consent when applicable, in compliance with the LGPD and, where applicable, the GDPR.

14. Changes to This Policy

This Policy may be updated periodically. Significant changes will be communicated to users upon accessing the platform.

15. International Scope

The platform has a global audience and may serve users from different countries. Whenever applicable, international data protection regulations will be observed.