Privacy Policy

Last updated: 2026-05-03

Summary

We collect what's needed to run your account and process your payment, and nothing more. No ads. No tracking. No analytics SDKs. No data resale. Your charts are yours.

What we collect

• From Google Sign-In: email address, Google user ID, name, and profile picture.
• From the app: chart images, button labels, and tab structure (the study material you create).
• From Paddle (when you subscribe): subscription status, plan, billing country, and the last 4 digits of your card. Paddle stores your full card data; we never see it.
• Server logs from our hosting provider: IP address, user-agent, and timestamp, retained briefly for security and operations.

What we don't collect

• No analytics SDKs.
• No tracking pixels.
• No advertising IDs.
• No behavioral profiling.

Where it's stored

Account data and chart files are stored in Google Cloud (Firebase) and may be processed in the United States or European Union. Data is cached locally on your device for offline access. Payment data is held by our payment provider.

Sub-processors

We use the following third parties to operate the service:

• Google — Firebase Authentication (Google Sign-In) for account login.
• Google — Cloud Firestore for storing your tabs, charts, and entitlement state.
• Google — Cloud Storage for Firebase for chart images and shared-pack payloads.
• Google — Cloud Functions for Firebase (server-side logic for payment webhooks and customer-portal sessions).
• Google — Firebase App Check with reCAPTCHA v3 for anti-abuse protection. reCAPTCHA may set Google cookies during validation. See Google's privacy policy.
• Google — Firebase Hosting for serving the static site and the app.
• Paddle — payment processing as Merchant of Record. Paddle's hosted checkout handles all card data, billing, taxes, and receipts, and may set its own cookies during checkout. See Paddle's privacy policy.

Sharing

We do not sell or share your data with third parties for marketing. The only sharing of your data is with the sub-processors listed above, strictly to operate the service you've subscribed to.

Your rights (GDPR)

If you are in the European Economic Area, the United Kingdom, or another jurisdiction with similar laws, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data ("right to be forgotten").
• Receive a portable copy of your data.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with your national supervisory authority.

To exercise any of these rights, email samvelpetros@gmail.com.

Account and data deletion

You can request deletion of your account and associated data by emailing samvelpetros@gmail.com. We will delete your Firebase data and cancel your Paddle subscription within 30 days of the request. Some billing records may be retained as required by law (see Data retention).

Data retention

We retain your account data while your subscription is active and for up to 90 days after cancellation, to allow recovery if you change your mind. Billing records (invoices, transaction logs) are retained for 7 years as required by tax and accounting law.

Cookies

Charts Hub itself sets only essential cookies required for authentication and session management. We do not use third-party tracking, analytics, or advertising cookies.

Two of our sub-processors may set their own cookies as part of providing their service:

• Google reCAPTCHA (used for App Check anti-abuse protection) may set Google cookies when verifying that you are not a bot. See Google's privacy policy.
• Paddle may set its own cookies during checkout and within the customer portal. See Paddle's privacy policy.

Both are necessary for the service to function (anti-fraud and payment processing) and are not used for advertising or cross-site tracking.

International transfers

Your data may be processed in the United States by Google/Firebase and Paddle, and in other countries where they operate. These transfers rely on the European Commission's standard contractual clauses and the providers' own certifications, where applicable.

Children

Charts Hub is not intended for and is not directed at anyone under the age of 18. We do not knowingly collect personal data from children.

Governing law

This Privacy Policy is governed by the laws of the Republic of Armenia, consistent with our Terms of Service. Where mandatory privacy and consumer-protection laws of your country of residence provide additional rights (e.g. GDPR for EEA residents, UK GDPR, CCPA for California residents), those rights apply in addition.

Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the current version. Material changes will be announced by email and/or in the app.

Contact

Questions about your privacy or this policy? samvelpetros@gmail.com