PRIVACY POLICY

Bitsness Technology & Solutions Co., Ltd. (“Bitsness”, “we”, “us”, or “our”) operates the Grapuco platform at grapuco.com. Grapuco transforms source code repositories into navigable knowledge graphs, enabling intelligent code search, AI-assisted exploration, and MCP Server integration for development workflows.

This Privacy Policy explains what data we collect, how we process it, who we share it with, and what rights you have. By using Grapuco, you agree to the practices described herein. If you do not agree, please do not use our service.

1. Data We Collect

1.1 Account & Identity Data

• Email address: used for registration, login via One-Time Password (OTP), billing receipts, and essential service communications.
• Password: stored exclusively as a one-way bcrypt hash with random salt. We never store, log, or transmit your plaintext password.
• Display name and profile preferences: optional profile metadata you choose to provide.
• Billing and payment history: subscription plan, credit top-up records, and invoice metadata. We do not store credit card numbers — all payment processing is handled by Stripe.

1.2 Code Metadata (What We Keep)

Grapuco is an indexing and knowledge-graph platform — not a code hosting service. We process your source code to extract structural intelligence, but we do not permanently retain your raw source files.

Specifically, we collect and store:

• Abstract Syntax Tree (AST) structure: parsed representations of your code’s syntactic elements.
• Symbols: names, signatures, and locations of classes, functions, interfaces, methods, variables, and other identifiable code entities.
• Knowledge Graph: a relationship graph capturing how symbols depend on, call, inherit from, or reference one another.
• AI-enriched metadata: semantic labels, dependency maps, community clusters, and process-flow annotations generated by our analysis engine.
• Vector embeddings: numerical representations of code symbols used to power semantic search (stored in pgvector, scoped per repository).

1.3 Telemetry & Analytics

• Essential cookies only: a locale preference cookie (NEXT_LOCALE) and session authentication tokens. We do not use third-party tracking cookies.
• Google Analytics (optional): anonymous, aggregated usage telemetry is collected only when you provide explicit consent via our cookie banner. You may withdraw consent at any time.
• Operational logs: API call frequency, feature usage patterns, AI credit consumption, and MCP Server connection metadata (API key prefix and timestamp only — never the full API key).
• Device information: browser type, operating system, and IP address, collected solely for security, fraud prevention, and abuse detection.

2. File Processing & Ephemeral Storage

This section describes exactly what happens to your source code after upload. We designed this pipeline with a single principle: your code should exist on our infrastructure for the shortest time technically possible.

How It Works

1. Upload: You upload a ZIP archive (or push incremental delta updates). The file is written to an isolated, ephemeral storage volume.
2. Indexing: A sandboxed worker process parses your code using Tree-sitter, extracts the AST, identifies symbols and relationships, and writes the resulting knowledge graph to our databases.
3. Destruction: Immediately upon indexing completion (typically 1–3 minutes), the entire temporary directory and ZIP archive are hard-deleted using OS-level overwrite operations. No physical copy of your source code persists on our servers.

Technical guarantee: Raw source code files are never written to long-term storage (databases, object stores, or backup systems). The ephemeral volume is destroyed — not merely unlinked — ensuring that your code cannot be recovered after the indexing window closes.

What remains: Only the extracted knowledge graph (symbols, relationships, vector embeddings, and AI-enriched metadata) is persisted. This structural data alone cannot be used to reconstruct your original source code.

3. Third-Party AI Integrations (Sub-processors)

Grapuco provides Semantic Search and Retrieval-Augmented Generation (RAG) capabilities. To deliver these features, certain code metadata is transmitted to third-party Large Language Model (LLM) providers.

3.1 What Is Shared

• Code symbol metadata: function names, class signatures, docstrings, and relationship context — the minimum context required to generate meaningful embeddings and AI responses.
• Raw source code is never sent to LLM providers. Only pre-extracted, structured metadata is transmitted.

3.2 Our Commitments

• No model training: Under these agreements, our LLM partners are contractually prohibited from using any data transmitted via our API calls to train, fine-tune, or improve their public or private models.
• Data minimization: We transmit the smallest possible context window required to fulfill each request. No unnecessary data leaves our infrastructure.

3.3 Current Sub-processors

We will update this table whenever we onboard a new sub-processor that handles personal data or code metadata. Material changes will be communicated via email to all registered users.

4. Security & Encryption

4.1 Encryption

• At rest: All databases (PostgreSQL, Neo4j, pgvector, Redis) are protected by AES-256 full-disk encryption. Backup volumes are encrypted with the same standard.
• In transit: All communication between your browser/IDE, the MCP Server, and our backend services is encrypted using TLS 1.3. Internal service-to-service traffic is also encrypted.

4.2 Authentication & Access Control

• Passwords: Hashed with bcrypt (high cost factor) and random salt. Never logged or stored in plaintext.
• API keys: Stored as bcrypt hashes. Only a short prefix is retained in plaintext for identification purposes. You can revoke API keys instantly from your dashboard.
• OTP codes: Expire after 10 minutes and are single-use. Brute-force protection is enforced via rate limiting.
• JWT tokens: Short-lived with configurable expiration. Refresh tokens are rotated on each use.

4.3 Infrastructure Security

• Zero-Trust network architecture: All internal services authenticate and authorize every request. No implicit trust is granted based on network location.
• Audit logging: Comprehensive, tamper-evident audit logs record all data access events — including access by Grapuco engineering and operations staff. No employee can access customer data without a logged, justified reason.
• Tenant isolation: Grapuco uses a multi-tenant architecture with strict logical isolation. Every database query is scoped to the authenticated tenant’s namespace. No tenant can access another tenant’s data under any circumstance.
• Vulnerability management: We conduct regular dependency audits, penetration testing, and security reviews. Critical vulnerabilities are patched within 24 hours of discovery.

5. Multi-Tenant Data Isolation

Grapuco serves multiple customers on shared infrastructure. We enforce strict data isolation at every layer:

6. Data Retention

7. Your Rights (GDPR-Aligned)

Regardless of your geographic location, we extend the following rights to all Grapuco users, aligned with the EU General Data Protection Regulation (GDPR) and comparable frameworks:

7.1 Right to Erasure (“Right to Be Forgotten”)

You may permanently and irreversibly delete your account at any time by navigating to Settings → Account → “Permanently Delete My Account.” Upon confirmation, the following data is immediately queued for permanent deletion across all server clusters:

• Personal information (email, display name, preferences)
• All knowledge graphs, symbol data, and community clusters
• All vector embeddings associated with your repositories
• MCP Server query history and connection logs
• API keys (hashes and prefixes)
• Billing metadata (after the legally mandated financial retention period)

Deletion is permanent and irreversible. Once processed, your data cannot be recovered from any storage system, backup, or replica. Full propagation across all clusters completes within 30 calendar days.

7.2 Right to Data Portability

You have the right to export your data in a machine-readable format. You may request a full JSON export of your knowledge graph, symbol data, and account metadata by contacting our support team at support@grapuco.com. Export requests are fulfilled within 7 business days.

7.3 Additional Rights

• Right of access: You may request a copy of all personal data we hold about you.
• Right to rectification: You may request correction of any inaccurate personal data.
• Right to restrict processing: You may request that we limit how we process your data while a dispute is resolved.
• Right to object: You may object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent (e.g., analytics cookies), you may withdraw consent at any time without affecting prior lawful processing.
• API key revocation: You may revoke any API key instantly from your dashboard, immediately terminating all associated access.

8. Cookies

We use a minimal cookie footprint:

• NEXT_LOCALE: Stores your language/locale preference. Essential, no consent required.
• Session token: Authenticates your logged-in session. Essential, no consent required.
• Google Analytics (_ga, _gid): Anonymous usage telemetry. Only set after you provide explicit consent via our cookie banner. You may withdraw consent at any time via Settings → Privacy.

We do not use advertising cookies, retargeting pixels, or any third-party tracking mechanisms beyond the optional analytics described above.

9. Children’s Privacy

Grapuco is a professional developer tool and is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If we become aware that a user is under 16, we will promptly delete their account and all associated data.

10. International Data Transfers

Grapuco’s infrastructure may process data in jurisdictions outside your country of residence. When personal data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or equivalent mechanisms recognized under applicable data protection law.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

• Post the revised policy on this page with an updated effective date.
• Notify registered users via email for material changes that affect your rights or how we process your data.

Continued use of Grapuco after the updated policy takes effect constitutes your acceptance of the changes. If you disagree with any update, you may exercise your Right to Erasure as described in Section 7.1.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: