Privacy Policy

Your privacy matters. Learn how we protect your data.

Last updated: January 20, 2026

Introduction

Plotivy ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our AI-powered scientific data visualization platform.

Legal Basis for Processing (GDPR)

  • Contract: To provide the Service, generate plots, and manage accounts.
  • Consent: For non-essential cookies and analytics tracking.
  • Legitimate Interests: To improve the platform, prevent abuse, and ensure security.
  • Legal Obligations: Where required by law.

Information We Collect

Account and Profile Data

When you create an account, we collect identifiers such as email address, authentication method, and optional profile fields (e.g., name or avatar). This data is stored in Supabase.

Usage and Diagnostics

We collect usage data to improve the Service, including feature usage, error logs, device and browser details, and performance metrics.

Analytics Cookies

We use PostHog analytics to understand how visitors use our platform. This includes:

  • Page views and navigation patterns
  • Feature usage and interactions
  • Device and browser information
  • Session recordings (when analytics cookies are enabled)

🎥 Session Recording Privacy Protections

When session recording is enabled, we automatically protect your sensitive data:

  • Data Tables: Blocked from recordings - we cannot see your uploaded data
  • Plots & Charts: Blocked - your visualizations are not recorded
  • Code Editors: Blocked - your code is not visible in recordings
  • Input Fields: All text inputs are masked
  • API Requests: Request/response bodies are redacted

Even our team cannot see your actual data in session recordings.

You can opt out of analytics tracking at any time by clicking "Essential only" in our cookie consent banner.

Essential Cookies

Essential cookies are required to keep the site functioning properly. These include cookies that remember your cookie preferences and maintain your session state.

Data You Upload and Generate

When you upload data files or create plots on Plotivy, the data is processed on our servers to generate visualizations and AI-assisted analysis.

🔒 How Your Data Is Protected

  • AI Code Generation: When you use AI features, we send only structural metadata (column names, data types, row counts) to our AI providers - NOT your actual data values.
  • Local Processing: Your actual data values remain in your browser and on our backend servers. They are never transmitted to third-party AI services.
  • Temporary Storage: Unless you explicitly save outputs to your workspace or gallery, uploaded data and intermediate results are not stored long term and are deleted after processing.
  • Workspace Data: If you save workspaces, your data is stored in Supabase with encryption at rest and protected by Row Level Security (only you can access your data).

AI Processing & Third-Party Services

When you use Plotivy's AI-powered features, we process your requests as follows:

What IS sent to AI providers:

  • Column names (e.g., "Temperature", "Pressure", "Time")
  • Data types (e.g., "numeric", "text", "datetime")
  • Number of rows and columns
  • Your natural language prompts describing what plot you want

What is NOT sent to AI providers:

  • ❌ Your actual data values (measurements, names, IDs, etc.)
  • ❌ Sample rows of your dataset
  • ❌ Any personally identifiable information from your data
  • ❌ Your email or account information

We use OpenRouter and OpenAI as AI providers. The generated Python code runs on our secure backend, where your actual data is processed locally to create visualizations.

How We Use Your Information

We use collected information to:

  • Provide, operate, and maintain the Service
  • Generate plots and AI-assisted analyses
  • Improve platform performance and user experience
  • Understand which features are most valuable to users
  • Detect and prevent abuse, fraud, or security incidents
  • Comply with legal obligations

Data Storage and Security

We use Supabase (PostgreSQL database) to store account data, gallery images, and user preferences. Analytics data is stored by PostHog in accordance with their privacy policy. We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, or destruction, including access controls and encrypted connections.

Third-Party Services

Plotivy uses the following third-party services:

  • PostHog: Analytics and session recording (when enabled)
  • Supabase: Database and authentication services
  • OpenRouter: AI code generation services
  • Netlify: Website hosting and content delivery

These providers may process data on our behalf as processors. Each service has its own privacy policy governing how they handle data.

International Transfers

Your data may be processed in countries outside your own. When international transfers occur, we rely on appropriate safeguards (such as standard contractual clauses) as required by applicable law.

Your Rights

Under GDPR and other privacy regulations, you have the right to:

  • Opt out of analytics cookies at any time via our cookie consent banner
  • Request access to data we have collected about you
  • Request correction of inaccurate or incomplete data
  • Delete your account and all data - Available in your account settings (Art. 17 - Right to Erasure)
  • Export all your data - Download a copy in JSON format from your account settings (Art. 20 - Data Portability)
  • Withdraw consent where processing is based on consent
  • Object to processing based on legitimate interests
  • Lodge a complaint with a supervisory authority

To exercise any of these rights, visit your account settings or contact us at plotivy.info@gmail.com.

Data Retention

We retain your data for the following periods:

Data TypeRetention Period
Account data (email, name, profile)Until account deletion
Gallery images & visualizationsUntil deleted by user or account deletion
Uploaded data filesDeleted immediately after processing
User preferencesUntil account deletion
Analytics data (PostHog)90 days
Consent logs7 years (legal compliance)
Survey responsesUntil account deletion or upon request

Automated Processing

We use AI to generate plots and analysis from your data and prompts. This processing does not produce legal or similarly significant effects. You remain responsible for validating outputs before use.

Children's Privacy

Plotivy is designed for researchers, students, and professionals. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

Changes to This Policy

We may update this privacy policy from time to time. We will notify users of significant changes by updating the "Last updated" date at the top of this page. Continued use of Plotivy after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy or how we handle your data, please contact us at:

Email: plotivy.info@gmail.com

Return to Home