以下政策正文为英文(法律参考文本)。
法律
隐私政策
GraphCanon 处理的个人数据、使用的服务商以及如何就数据问题联系我们。
Effective
Overview
GraphCanon (https://www.graphcanon.com) is a read-mostly directory and knowledge graph of open-source AI development tools. We publish sourced metadata from public GitHub repositories and optional trust scans - not endorsements.
This policy explains what personal data we process when you browse the site, sign in, or submit a tool. We aim to collect only what we need to run the service.
Contact us at support@applib.dev for privacy or data requests.
Data we collect
Depending on how you use GraphCanon, we may process:
- Account data when you sign in with GitHub OAuth: GitHub user id, login, avatar URL, and email when GitHub shares it with us.
- Submission data when you suggest a tool: the GitHub URL you provide, ingest logs, and (if signed in) your account id as submitter.
- Publisher claim data when a verified maintainer claims a listing: GitHub login, claim timestamp, and verification outcome.
- Usage and analytics when enabled: page views and events via Google Analytics 4 (IP address may be processed by Google; we do not store raw IP in our database).
- Server logs from our host (Vercel): request paths, timestamps, and standard HTTP headers for security and debugging.
- Cookies and local storage: session tokens for authentication, theme preference, and saved-tools state in your browser.
Catalog and third-party repository data
Tool listings, summaries, categories, and graph edges are derived from public GitHub metadata and README excerpts. That content remains subject to each upstream repository's license and terms.
We do not sell the public catalog. The dataset is published under CC0 1.0 (see Terms). GitHub is a separate controller for repository data on github.com.
Service providers
We rely on subprocessors to operate GraphCanon:
- GitHub - repository metadata API and OAuth sign-in.
- Supabase - PostgreSQL database and authentication session storage (EU/US regions per project settings).
- Vercel - hosting, CDN, and edge logs.
- Google Analytics (optional, production only when configured) - aggregated usage measurement.
- LLM providers during ingest/enrichment - repo descriptions and README excerpts sent for summarization; no end-user account data unless you submit content.
Why we process data
For visitors in the EEA/UK, we rely on:
- Contract / pre-contract steps - running the service you request (browse, search, submit, sign in).
- Legitimate interests - securing the site, preventing abuse, improving the catalog, and measuring aggregate traffic.
- Consent - where required for non-essential analytics cookies (configure your browser or use GA opt-out tools if you prefer).
- Legal obligation - responding to valid requests from authorities when applicable.
Retention
Account and claim records persist until you delete your account or we remove them after an abuse review.
Anonymous draft submissions may be retained until published or purged by admins.
Server and analytics retention follows each provider's default windows (typically 30-90 days for logs, longer for aggregated analytics).
You may request deletion of personal data we control by emailing us; we will respond within a reasonable time.
Your rights
Depending on your location, you may have rights to access, rectify, erase, restrict, or port personal data, and to object to certain processing.
Contact us at support@applib.dev for privacy or data requests.
You may also lodge a complaint with your local data protection authority.
Children
GraphCanon is not directed at children under 16. We do not knowingly collect personal data from children.
Changes
We may update this policy. The effective date at the top reflects the latest revision. Continued use after changes constitutes acceptance of the updated policy.
问题请参阅上文联系部分或发送邮件至 support@applib.dev。