Privacy Policy

1. Who we are

Chart Rosetta is operated by Ed & Sy Inc., a company based in Canada. This Privacy Policy describes how we handle personal information when you use our website and services, in accordance with Canadian privacy law, including the Personal Information Protection and Electronic Documents Act (PIPEDA) where applicable.

2. Data we collect

We collect and process the following categories of data:

• Account data: When you sign in with a magic-link email, we receive your email address. This is managed by our authentication provider (Supabase).
• Chart content and usage: We do not store your chart images. Chart images are sent to our AI provider (Anthropic) only to generate plain-English explanations; Anthropic does not train on customer content per their policy. We store the text explanations we generate (what the chart shows, insight, so what) and share tokens so we can provide the service, show your history, and enable shareable links. We also store usage data (e.g., explanation count per month and whether you have a Pro subscription) to enforce limits and manage your account.
• Contact form: If you use our contact form, we receive your name, email, subject, and message. This is sent to us by email (via Resend) and is not stored in our database. We use it only to respond and do not use it for marketing unless you have agreed otherwise.
• Email capture: If we offer a newsletter or email capture (e.g., after a first explanation), we may store the email you provide. We will use it only as described at the time of collection (e.g., product updates or marketing only with your consent).
• Payment data: Subscription payments are processed by our payment provider(s) (e.g., Stripe or Lemon Squeezy, depending on how you subscribe). We do not store full card numbers on our servers; we receive only information necessary to manage your subscription (e.g., customer ID, plan, and billing status).
• Analytics: We use PostHog and Vercel Analytics to understand how the Service is used (e.g., page views, feature use, plan tier). When you are logged in, we may associate your user ID, email, plan, and usage-related traits (e.g., total charts explained) with analytics. See our Cookie Policy for how these tools use cookies and similar technologies.

3. How we use your data

We use the data above to:

• Provide, maintain, and improve the Service (including explanations, history, and sharing).
• Authenticate you and manage your account and subscription.
• Respond to your inquiries and support requests.
• Send service-related or transactional messages (e.g., subscription confirmations).
• Comply with legal obligations and enforce our Terms of Service.

Under Canadian law, we collect, use, and disclose your personal information only for purposes that a reasonable person would consider appropriate, and we obtain your consent where required by PIPEDA or other applicable Canadian privacy legislation.

4. Sharing your data

We share data only with service providers necessary to operate the Service: authentication and database (Supabase), AI for generating explanations (Anthropic—we send chart images only to generate explanations; they do not train on your content), payments (Stripe or Lemon Squeezy), email delivery (Resend), analytics (PostHog, Vercel), and hosting (Vercel). These providers are bound by contracts or policies that limit their use of your data. We do not sell your personal data. We may disclose data if required by law or to protect our rights, safety, or property.

5. Retention

We retain account and explanation history while your account is active and for a reasonable period after deletion to support recovery and legal obligations. Contact form and support correspondence are retained as needed for support and record-keeping. Payment records are retained in line with our payment processor and legal requirements.

6. Your rights

Under Canadian privacy law, you have the right to access your personal information and to request correction of inaccurate or incomplete information. You may also withdraw consent or request deletion where applicable. To exercise these rights, contact us at edmel@ednsy.com or through our contact form. We will respond within the time required by applicable law. If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada or the relevant provincial privacy commissioner.

7. Cookies and similar technologies

We use cookies and similar technologies as described in our Cookie Policy. Session cookies are necessary for authentication and cannot be disabled if you wish to use an account.

8. Children

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us and we will delete it promptly.

9. International transfers

We are based in Canada. Our service providers may store and process data in Canada, the United States, or other countries. When your information is transferred outside Canada, we take steps to ensure it is protected in a manner consistent with Canadian privacy law, including through contracts or other safeguards where appropriate.

10. Changes and contact

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page will change when we do. Material changes may be communicated by email or a notice in the Service. For questions or requests about this policy or your data, contact us at edmel@ednsy.com or via our contact form.