Privacy Policy

Last Updated: October 13, 2025

1. Introduction

Welcome to Org Chart Studio ("we," "our," or "us"). We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our organizational chart creation and management service.

By using Org Chart Studio, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name
  • Email address
  • Authentication credentials (managed securely by our authentication provider, Clerk)
  • Profile information you choose to provide

2.2 Organizational Chart Data

When you use our service, we store:

  • Organizational chart structures you create
  • Employee/person data you input (names, titles, departments, manager relationships)
  • CSV files you import
  • Chart metadata (creation dates, modification history, versions)
  • Layout preferences and visual settings

2.3 Usage Information

We automatically collect certain information when you use our service:

  • Device information (browser type, operating system)
  • IP address and general location data
  • Usage patterns and interactions with our service
  • Session data and authentication timestamps

2.4 Local Storage

Our application stores draft charts locally in your browser's localStorage to preserve your work between sessions. This data remains on your device and is not transmitted to our servers unless you explicitly save to the cloud.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our service
  • Authenticate your identity and manage your account
  • Store and retrieve your organizational charts
  • Process your chart exports (PNG downloads)
  • Enforce plan limits and entitlements (chart counts, node limits, features)
  • Improve and optimize our service through usage analysis
  • Communicate with you about service updates, security alerts, and support
  • Detect, prevent, and address technical issues or security vulnerabilities
  • Comply with legal obligations and enforce our Terms of Service

4. Third-Party Services

4.1 Google OAuth (Sign in with Google)

We offer Google OAuth as an authentication option, allowing you to sign in using your Google account. When you choose to sign in with Google, we access the following information from your Google account:

  • Email address (to create and identify your account)
  • Name (to personalize your experience)
  • Profile picture (optional, for display purposes)

How we use your Google data:

  • To create and authenticate your Org Chart Studio account
  • To identify you when you sign in
  • To display your name in the application interface
  • To send you service-related communications (if you opt in)

Important: We do not use your Google data for any purposes beyond providing and improving Org Chart Studio. We do not sell, share, or use your Google data for advertising, data brokering, or any other commercial purposes. Your Google account information is processed through our authentication provider (Clerk) and is subject to the same security and privacy protections as all other user data.

Your use of Google sign-in is governed by Google's Privacy Policy and Terms of Service. You can revoke Org Chart Studio's access to your Google account at any time through your Google Account permissions page.

4.2 Authentication Provider (Clerk)

We use Clerk to manage user authentication, registration, and session management. Clerk processes your email address, name, and authentication credentials (including Google OAuth sign-in). Clerk's privacy practices are governed by their own privacy policy, available at https://clerk.com/legal/privacy.

4.3 Database Provider (Neon)

We store your organizational chart data in a PostgreSQL database hosted by Neon. Neon provides secure, managed database infrastructure. Data is encrypted in transit and at rest. Neon's privacy practices are available at https://neon.tech/privacy-policy.

4.4 Hosting Provider (Vercel)

Our application is hosted on Vercel's infrastructure. Vercel may collect certain usage and performance data. Their privacy policy is available at https://vercel.com/legal/privacy-policy.

5. Data Security

We implement appropriate technical and organizational security measures to protect your data:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for database storage
  • Secure authentication protocols
  • Regular security updates and monitoring
  • Access controls and authentication requirements

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide you services. You can request deletion of your account and associated data at any time. Upon deletion:

  • Your organizational charts and associated data will be permanently deleted
  • Your account information will be removed from our systems
  • Local browser data (drafts) remains on your device until you clear browser storage
  • Backup copies may persist for up to 30 days as part of our disaster recovery procedures

7. Your Rights

Depending on your location, you may have certain rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data
  • Portability: Request export of your organizational chart data
  • Objection: Object to certain processing of your data
  • Restriction: Request restriction of processing your data
  • Withdrawal: Withdraw consent where processing is based on consent

To exercise these rights, please contact us using the information provided in Section 12.

8. Cookies and Tracking

We use essential cookies and browser storage to:

  • Maintain your authenticated session
  • Store draft charts locally on your device
  • Remember your preferences and settings

Our authentication provider (Clerk) may set additional cookies to manage your session securely. You can configure your browser to refuse cookies, but this may limit your ability to use our service.

9. Children's Privacy

Our service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us, and we will take steps to delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of the service after changes are posted constitutes your acceptance of the revised policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Org Chart Studio

Email: hello@orgchartstudio.com

For data protection inquiries specifically related to European users, please include "GDPR Request" in your subject line.

This Privacy Policy is effective as of the date stated at the top of this page. This policy applies to Org Chart Studio and its related services.