Privacy Policy

Graphletter processes documents you upload solely to produce the compliance assessment you request. Documents are stored in Supabase storage with bucket policies that scope access to the owning user's evidence path.

What we collect

• Account information: name, email, organization.
• Evidence documents you upload and the AI assessments generated from them.
• Operational telemetry needed to secure the service and investigate failures.

What we don't do

• We do not train models on your documents.
• We do not sell your data.

Questions? Open an issue on GitHub.