Privacy Policy
Last updated: April 6, 2026
Summary
Cognograph is a spatial AI workflow canvas operated by Stefan Kovalik ("I", "me", "my"). This policy explains what data I collect, how I use it, and your rights regarding that data.
The short version: I collect the minimum data needed to provide the service. I don't sell your data, don't run ads, and don't track you across the web. Your workspace content belongs to you.
1. Data I Collect
Account Data
When you create an account, I collect:
- Email address: for authentication and account recovery.
- OAuth profile (if using GitHub/Google sign-in): name and avatar from your provider profile.
- User ID: a unique identifier generated by Supabase Auth.
Payment Data
Payment processing is handled entirely by Stripe. I store your Stripe customer ID to link your account to your subscription. I never see or store your credit card number, CVV, or full billing details.
Workspace Data
When cloud sync is enabled, your workspace content (nodes, edges, conversations, settings) is stored in a Supabase Postgres database. Row-Level Security ensures only you can access your data. If you use Cognograph without an account, all data stays in your browser's IndexedDB.
API Keys
If you store API keys through the settings panel, they are encrypted server-side using AES-256-GCM before storage. The encryption key is held by the server; keys are decrypted only at the moment they are used to make an API call on your behalf, then immediately discarded from memory. You can also use Cognograph in BYOK mode where keys never leave your browser.
Claude Account Routing (Desktop Only)
The desktop app supports authentication through the Claude CLI, allowing you to use your existing Claude subscription (Pro, Team, or Enterprise) without providing an API key. When using this mode, requests are processed locally through the Claude CLI on your machine. No API key is stored or transmitted to Cognograph servers. Your usage is governed by your Claude subscription limits and Anthropic's terms of service.
Notion Sync
If you enable Notion push sync, workspace metadata (node titles, types, properties, and content) is sent to Notion's API using your Notion integration token. Sync events are queued locally and transmitted when connectivity is available. I do not store your Notion integration token on my servers.
Generated Media
Images, audio, video, and 3D models generated through the creative pipeline are stored in Cloudflare R2 object storage, keyed to your user ID. You can delete your artifacts at any time.
Terminal Sessions
Cloud terminal sessions relay I/O through a WebSocket connection. Terminal scrollback (last 100 lines) is held in server memory for reconnection support and is discarded after 30 minutes of inactivity. Terminal data is not persisted to disk or logged.
2. How I Use Your Data
- To provide and maintain the service (authentication, workspace sync, billing).
- To process payments and manage subscriptions via Stripe.
- To proxy API requests to AI providers when using managed keys or credits.
- To generate and store media artifacts you request.
- To diagnose errors and improve reliability via Sentry error monitoring. Error reports include stack traces and browser metadata but not workspace content. All text in session replays is masked, all media is blocked, and network request bodies are not captured.
I do not use your data for advertising, profiling, or training AI models.
3. AI Provider Communications
When you use AI features, conversation content is sent to the AI provider you've configured (Anthropic, OpenAI, Google, etc.). Depending on your setup:
- BYOK mode: Requests go directly from your browser to the provider. I never see them.
- Managed proxy: Requests route through my server to the provider using either your stored key or platform credits. I do not log request or response content.
- Claude account routing (desktop): Requests are processed locally through the Claude CLI. They never pass through my servers.
Cognograph's spatial context injection means connected nodes are included in the AI prompt. Be mindful of what you connect. If you connect a note containing sensitive information to a conversation, that content will be sent to the AI provider.
4. Third-Party Processors
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Auth, database | Account info, workspace data |
| Stripe | Payments | Email, payment method |
| Cloudflare | Hosting, CDN, R2 storage | Web requests, media files |
| Fly.io | Cloud terminals | Terminal I/O (ephemeral) |
| AI Providers | LLM, image, audio gen | Conversation content, prompts |
| Notion | Workspace sync (if enabled) | Node titles, content, properties |
| Claude CLI (desktop) | Local AI routing | Conversation content (local only, not transmitted to Cognograph) |
| Sentry | Error monitoring | Error reports, stack traces (text masked, media blocked, no workspace content) |
5. Cookies and Local Storage
Cognograph uses Supabase Auth cookies for session management (authentication tokens). I also use browser localStorage and IndexedDB for application state and offline workspace data. I do not use tracking cookies, analytics cookies, or third-party advertising cookies.
6. Data Retention and Deletion
Your workspace data is retained as long as your account is active. You can delete individual workspaces, artifacts, or your entire account at any time. When you delete your account:
- Your workspace data is deleted from Supabase within 30 days.
- Your media artifacts are deleted from R2 storage.
- Your Stripe customer record is retained as required by financial regulations.
- Your encrypted API keys are permanently deleted.
7. Your Rights
You have the right to:
- Access: request a copy of your data.
- Correct: update your account information.
- Delete: delete your account and all associated data.
- Export: download your workspace data in JSON format.
- Restrict: use Cognograph in local-only mode without an account.
These rights apply regardless of your location. I honor data subject rights under the GDPR (EU/EEA), UK GDPR, and CCPA (California) to the extent they apply. To exercise these rights, email [email protected]. I will respond within 30 days.
8. Data Location
Your data is processed and stored in the following regions:
- Database & auth (Supabase): US East.
- Media storage (Cloudflare R2): automatic, nearest region.
- Cloud terminals (Fly.io): US regions.
- Web hosting (Cloudflare Pages): global CDN edge.
By using the Service, you consent to your data being transferred to and processed in the United States. I rely on standard contractual clauses and processor agreements with each sub-processor for lawful international data transfers.
9. Security
I use industry-standard security measures including encrypted connections (TLS), server-side encryption for API keys (AES-256-GCM), Row-Level Security in the database, JWT-based authentication, and isolated cloud terminal environments. The source code is open source under AGPL-3.0, enabling independent security audits.
10. Children's Privacy
Cognograph is not directed at children under 13. I do not knowingly collect personal information from children.
11. Changes to This Policy
I may update this policy when the service changes. Material changes will be communicated via email to registered users and noted by updating the "Last updated" date above.
12. Contact
Questions about privacy? Email [email protected].