Privacy Policy

Effective date: 14 June 2025

1. Introduction

This Privacy Policy explains how Secure Technology Analytics Ltd ("we", "us", "our") collects, uses, and safeguards personal data when you use the Graffiti AI service, including its bookmarklets, browser extensions, hosted APIs, and related websites (collectively, the "Service"). It also explains your rights under the UK GDPR/EU GDPR.

2. Data Controller

Secure Technology Analytics Ltd
Unit 99, The Icon
Basildon, SS14 1FH, United Kingdom
Email: privacy@stechanalytics.com

3. Data We Collect

• User-provided data: name, email address, organisation, licence key, and any text or files you submit.
• Technical data: IP address, browser type, operating system, timestamps, referring URLs.
• Usage data: page URLs and excerpts captured, prompts, model responses, error logs.
• Cookies & similar tech: small text files stored on your device for session management and analytics (see Section 7).

4. Purposes & Legal Bases

• Provide and operate the Service – contractual necessity.
• Maintain security & prevent abuse – legitimate interests.
• Debug, monitor, and improve the product – legitimate interests.
• Comply with legal obligations – legal requirement.
• Optional analytics or marketing – consent (where applicable).

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes above, after which it is deleted or anonymised. Typical retention periods are:

• Server logs: up to 12 months.
• Prompt/response history: up to 24 months, unless you request earlier deletion.
• Account records: as long as your account is active and six months thereafter.

6. International Data Transfers

We may process data outside the UK/EEA (e.g., cloud infrastructure in the USA). When doing so, we rely on Standard Contractual Clauses or other approved safeguards to ensure an adequate level of protection.

7. Cookies & Tracking Technologies

We use strictly-necessary cookies for authentication and session management. We may also use optional analytics cookies, which are deployed only with your consent via our cookie banner. You can withdraw consent at any time through the banner's "Preferences" link.

8. Your Rights

Subject to certain conditions, you have the right to:

• Access your personal data.
• Rectify inaccurate or incomplete data.
• Erase your data ("right to be forgotten").
• Restrict or object to processing.
• Data portability.
• Withdraw consent at any time (where processing is based on consent).
• Lodge a complaint with a supervisory authority (see Section 10).

To exercise these rights, please email privacy@stechanalytics.com. We will respond within one month as required by law.

9. Security Measures

We implement industry-standard safeguards, including TLS encryption in transit, encryption at rest, role-based access controls, and regular security audits. No system is 100 % secure, but we take reasonable steps to protect your data.

10. Complaints

If you believe we are not handling your personal data properly, please contact us first. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) or your local supervisory authority.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised version here and update the "Effective date" above. Continued use of the Service after changes constitute acceptance of the revised Policy.

© 2025 Secure Technology Analytics Ltd. All rights reserved.