Home/Privacy

Legal

Privacy Policy

What personal data GraphCanon processes, which providers we use, and how to contact us about your data.

Effective

Overview

GraphCanon (https://www.graphcanon.com) is a read-mostly directory and knowledge graph of open-source AI development tools. We publish sourced metadata from public GitHub repositories and optional trust scans - not endorsements.

This policy explains what personal data we process when you browse the site, sign in, or submit a tool. We aim to collect only what we need to run the service.

Contact us at support@applib.dev for privacy or data requests.

Data we collect

Depending on how you use GraphCanon, we may process:

  • Account data when you sign in with GitHub OAuth: GitHub user id, login, avatar URL, and email when GitHub shares it with us.
  • Submission data when you suggest a tool: the GitHub URL you provide, ingest logs, and (if signed in) your account id as submitter.
  • Publisher claim data when a verified maintainer claims a listing: GitHub login, claim timestamp, and verification outcome.
  • Usage and analytics when enabled: page views and events via Google Analytics 4 (IP address may be processed by Google; we do not store raw IP in our database).
  • Server logs from our host (Vercel): request paths, timestamps, and standard HTTP headers for security and debugging.
  • Cookies and local storage: session tokens for authentication, theme preference, and saved-tools state in your browser.

Catalog and third-party repository data

Tool listings, summaries, categories, and graph edges are derived from public GitHub metadata and README excerpts. That content remains subject to each upstream repository's license and terms.

We do not sell the public catalog. The dataset is published under CC0 1.0 (see Terms). GitHub is a separate controller for repository data on github.com.

Service providers

We rely on subprocessors to operate GraphCanon:

  • GitHub - repository metadata API and OAuth sign-in.
  • Supabase - PostgreSQL database and authentication session storage (EU/US regions per project settings).
  • Vercel - hosting, CDN, and edge logs.
  • Google Analytics (optional, production only when configured) - aggregated usage measurement.
  • LLM providers during ingest/enrichment - repo descriptions and README excerpts sent for summarization; no end-user account data unless you submit content.

Retention

Account and claim records persist until you delete your account or we remove them after an abuse review.

Anonymous draft submissions may be retained until published or purged by admins.

Server and analytics retention follows each provider's default windows (typically 30-90 days for logs, longer for aggregated analytics).

You may request deletion of personal data we control by emailing us; we will respond within a reasonable time.

Your rights

Depending on your location, you may have rights to access, rectify, erase, restrict, or port personal data, and to object to certain processing.

Contact us at support@applib.dev for privacy or data requests.

You may also lodge a complaint with your local data protection authority.

Children

GraphCanon is not directed at children under 16. We do not knowingly collect personal data from children.

Changes

We may update this policy. The effective date at the top reflects the latest revision. Continued use after changes constitutes acceptance of the updated policy.

Questions: see the contact section above or email support@applib.dev.

Command menu

Search tools or jump to a page