Privacy Policy

Graphletter processes documents you upload solely to produce the compliance assessment you request. Documents are stored in your tenant's Supabase storage bucket with row-level security so only you and users you invite can access them.

What we collect

• Account information: name, email, organization.
• Evidence documents you upload and the AI assessments generated from them.
• Product analytics (page visits, feature use) via PostHog, anonymised where possible.

What we don't do

• We do not train models on your documents.
• We do not sell your data.

Questions? Email hello@graphletter.com.