Privacy Policy
Last updated: March 17, 2026
01
Introduction
GraphNode explains how it collects, uses, discloses, and safeguards personal information when you access or use our platform, website, and related services. This policy applies to all users including individual users, team administrators, and enterprise account holders. Questions can be directed to privacy@graphnodesoftware.com.
02
Information We Collect
Account Information
Full name, business email, company name, job title, and platform role. SSO or SCIM provisioning may supply information automatically.
Usage and Platform Data
Scan configurations and results, project settings, vulnerability triage actions, report generation history, and feature usage patterns.
Technical Data
IP address, browser type and version, operating system, device type, referring URL, pages visited, session duration, and timestamps.
Communication Data
Support team contact contents, metadata including email, date/time, and attachments.
03
How We Use Your Information
- Delivering application security scanning and personalized platform experience
- Generating analytics for enterprise administrators
- Responding to customer inquiries and providing support
- Detecting security threats and fraudulent activity
- Improving service content and platform performance
- Complying with legal obligations
04
Legal Basis for Processing (GDPR)
For EEA, UK, and Swiss residents:
Contract Performance
Delivering security scanning services and managing your account.
Legitimate Interests
Service improvement, security, fraud prevention, analytics.
Consent
Obtained for marketing communications; withdrawable anytime.
Legal Obligation
Tax, accounting, and regulatory requirements.
05
Data Sharing and Disclosure
We do not sell personal data. Limited sharing occurs with:
- Enterprise administrators accessing organizational user data
- Trusted third-party sub-processors (cloud hosting, analytics, email, support)
- Legal authorities when required by law
- Acquiring entities in merger/acquisition scenarios
06
International Data Transfers
U.S.-based operations mean data transfers to the United States. Transfers from EEA/UK/Switzerland use Standard Contractual Clauses with supplementary protective measures and transfer impact assessments.
07
Data Retention
- Active accounts: Retained during subscription
- Post-deletion: 90 days for recovery and legal compliance, then permanent deletion
- Aggregated data: Retained indefinitely
- Legal records: Retained per applicable law requirements
08
Your Rights
GDPR (EEA/UK/Switzerland)
Access, rectification, erasure, portability, processing restriction, objection, and consent withdrawal rights. Requests answered within 30 days; complaints to local authorities available.
CCPA (California)
Right to know, right to delete, opt-out of sale (we do not sell data), and non-discrimination protections.
Contact privacy@graphnodesoftware.com to exercise your rights.
09
Security Measures
- TLS 1.2+ encryption in transit; AES-256 at rest
- Role-based access controls and multi-factor authentication
- Enterprise-grade cloud infrastructure with monitoring
- Regular third-party audits and penetration testing
- Documented incident response with user notification protocols
10
Children's Privacy
Our B2B service is not directed at individuals under the age of 16. Any unintended collection of such data will be promptly deleted upon discovery.
11
Cookies and Tracking Technologies
We use essential and analytics cookies for platform operation, session maintenance, and preference retention. Detailed information is available in our Cookie Policy.
12
Changes to This Policy
We may update this policy with 30 days' notice via website posting, email, or in-service notifications. Continued use after changes constitutes acceptance.
13
Contact Us
Data Protection Officer: privacy@graphnodesoftware.com
Mailing Address: Bahcelievler Mah. 319 Cad. E Blok (Teknokent) No:35E B24, Golbasi / Ankara, Turkey
Response target: 30 days for legitimate requests.