Privacy Policy

Last updated: February 2026.

Chartsy ("we," "us," or "our") operates chartsy.app (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the Service. By using Chartsy, you agree to the practices described here and in our Terms and Conditions.

Chartsy is a subscription-based SaaS analytics platform that integrates with third-party eCommerce and payment providers to provide analytics dashboards, reporting, and AI-generated insights.

This Privacy Policy is designed to comply with Regulation (EU) 2016/679 (General Data Protection Regulation "GDPR") and other applicable data protection laws.

1. Scope of This Privacy Policy

This Privacy Policy applies to all personal information collected through:

• Visitors of chartsy.app
• Registered Chartsy users (merchants)
• Individuals whose personal data is processed through merchant integrations
• API interactions and AI-generated analytics features

This Policy does not apply to third-party services, which are governed by their own privacy policies, including:

• Paddle: https://paddle.com/privacy
• BigCommerce: https://www.bigcommerce.com/privacy/

2. Information We Collect

a) Personal Data

We may collect information that identifies you, such as:

• Full name
• Email address
• Username
• Billing-related information (processed via Paddle as Merchant of Record)

Chartsy does not directly process or store full payment card numbers, CVV codes, bank credentials, or raw authentication data. Subscription billing and payment processing for Chartsy are handled by Paddle.com Ltd, which acts as Merchant of Record.

b) Usage Data

We automatically collect certain technical information when you interact with the Service, such as:

• IP address
• Browser type and version
• Pages visited and interaction details
• Device information
• Cookies and tracking identifiers

c) Merchant Customer Data

When merchants connect their Stripe, Paddle, BigCommerce, or other payment or eCommerce accounts:

• The merchant acts as Data Controller for their customer data.
• Chartsy acts as Data Processor, processing such data solely on documented instructions from the merchant. Chartsy does not determine the purposes or means of processing merchant customer data.

Chartsy may process transactional and subscription-related data (e.g., purchase totals, subscription status, timestamps) to provide analytics services.

Before sending analytical data to AI tools, direct personal identifiers (such as names and email addresses) are removed or replaced with internal identifiers where applicable.

Chartsy does not collect, process, or store the following merchant customer payment data:

• Full payment card numbers
• Bank credentials
• CVV codes
• Raw payment authentication data

3. How We Use Your Data

Chartsy processes personal data strictly for specified, explicit, and legitimate purposes in accordance with applicable data protection laws.

We use personal data for the following purposes:

• Operating, maintaining, and improving the Service
• Providing analytics and insights to merchants
• Generating AI-based analytical summaries
• Communicating updates, changes, and support responses
• Monitoring usage and performance
• Complying with legal obligations

AI-generated insights are based on aggregated or pseudonymized data. AI is used solely to enhance reporting clarity and analytical interpretation and is not used for automated decision-making producing legal or similarly significant effects.

4. Legal Basis for Processing

Where the GDPR applies, Chartsy processes personal data based on the following legal grounds:

• Performance of a contract – where processing is necessary to provide and operate the Service, including account management and analytics delivery.
• Legitimate interests – including improving platform functionality, ensuring system security, preventing misuse, and enhancing analytics features, provided such interests are not overridden by the rights and freedoms of data subjects.
• Legal obligations – where processing is required to comply with applicable laws.

Where Chartsy processes merchant customer data, it acts solely as a Data Processor. The lawful basis for such processing is determined by the merchant acting as Data Controller.

A Data Processing Agreement (DPA) in accordance with Article 28 GDPR is available upon request at support@chartsy.app.

5. Data Retention

• Personal data is retained only as long as necessary to fulfill the purposes described in this Privacy Policy or to meet legal obligations.
• Merchant and user data are deleted upon account cancellation, termination, or request. Backup copies may be securely retained for a limited period before automatic deletion in accordance with internal retention policies.

6. Data Security

Chartsy implements appropriate technical and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, or destruction.

Such measures include, where appropriate:

• Encryption in transit
• Encryption at rest, where applicable
• Access controls based on the principle of least privilege
• Infrastructure isolation
• Secure API authentication
• Logging and monitoring of system activity

Chartsy infrastructure is hosted on secure cloud servers located in Frankfurt, Germany, provided by DigitalOcean LLC.

While we continuously review and improve our security practices, no method of transmission or storage is entirely secure, and absolute security cannot be guaranteed.

7. Subprocessors

Chartsy engages trusted third-party service providers ("Subprocessors") to support the operation of the Service. Each Subprocessor processes personal data pursuant to a written agreement requiring appropriate safeguards.

Current Subprocessors include (but may not be limited to):

• DigitalOcean, LLC (Germany – Frankfurt region) – Hosting & infrastructure – https://www.digitalocean.com/legal/privacy-policy
• Paddle.com Ltd (United Kingdom) – Payment processing & subscription billing – https://paddle.com/privacy
• Google LLC (United States) – Web and app analytics (GA4) – https://policies.google.com/privacy
• Google Gemini API (United States) – AI-powered analytical summaries – https://policies.google.com/privacy
• UserJot – Collecting user feedback – https://userjot.com/privacy

Chartsy may update this list from time to time. Material changes may be communicated where required by law.

8. International Data Transfers

Chartsy infrastructure is operated from servers located in Frankfurt, Germany. If you access the Service from outside Germany, your information may be transferred to, processed, and stored in Germany.

Personal data may also be transferred outside the EEA or the UK where Subprocessors are located. By using the Service, you consent to such transfers under appropriate legal safeguards (e.g., Standard Contractual Clauses), where required. Subprocessors located outside your jurisdiction are responsible for complying with applicable data protection requirements within the scope of the services they provide.

9. Your Rights

Depending on applicable law, you may have the right to:

• Request access, correction, or deletion of your personal data
• Restrict or object to processing
• Request data portability
• Withdraw consent (where processing is based on consent)
• File a complaint with your local data protection authority

To exercise your rights, contact us at support@chartsy.app. Requests will be handled in accordance with applicable law.

10. Cookies and Tracking Technologies

Chartsy uses cookies and similar tracking technologies to operate and secure the Service, maintain user sessions, analyze usage, and improve performance.

Where required by law, users may be presented with cookie consent options. Users may also control cookies through their browser settings.

11. Children's Privacy

The Service is intended solely for business use and is not directed to individuals under the age of 16. Chartsy does not knowingly collect or process personal data from minors. If we become aware that personal data has been provided by an individual under 16 without appropriate authorization, we will take reasonable steps to delete such data without undue delay.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the functionality of the Service. The updated version will be posted on this page with a revised "Last updated" date and will become effective upon publication. Where required by applicable law, we will provide additional notice of material changes.

Continued use of the Service after such updates constitutes acknowledgment of the revised Policy.

13. Contact

For questions about this Privacy Policy or to exercise your privacy rights, you can contact us at:

Email: support@chartsy.app

Operator / Owner: Chartsy

Registered business address: Rruga Dom Mark Dushi, Pallatet Ndregjoni

Unique Business Identification Number (NIPT): M12323022K

Website: chartsy.app