Last updated: March 24, 2026
SkillGraph ("we", "us", "our") operates the SkillGraph platform at skillgraph.tech. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Service. By using the Service, you consent to the data practices described in this policy. If you do not agree with this policy, do not use the Service.
SkillGraph acts as the data controller for personal data processed through the Service. For questions about data processing, contact us at: privacy@skillgraph.dev
We process your personal data on the following legal bases:
Account Data: When you sign up via Google or GitHub (through Clerk), we receive your name, email address, and profile picture. We do not store your passwords — authentication is handled entirely by Clerk and your OAuth provider.
Wallet Data: If you connect a Phantom wallet, we store your public wallet address. We never have access to your private keys.
User Content: Knowledge nodes, edges, chat messages, and any other content you create on the platform. This data is stored in your personal vault.
Usage Data: We collect basic usage information including IP addresses (for rate limiting only, not stored persistently), request timestamps, and API endpoint access patterns. We do not use third-party analytics or tracking scripts.
API Keys: If you generate API keys, we store a hashed version only. The full key is shown once at creation and cannot be retrieved afterward.
When you use the chat feature, your messages are sent to Google Gemini (a third-party AI model) for processing. By using the chat feature, you explicitly consent to your messages being transmitted to and processed by Google's AI systems. Google processes this data according to their Google Cloud Data Processing Terms. We send the current chat message and relevant graph context — not your entire vault.
We have no control over how Google processes, stores, or uses data once transmitted. AI-generated responses are stored as part of your chat history within your vault. You should not submit sensitive personal information, trade secrets, confidential business data, or any information you would not want processed by a third-party AI system through the chat feature.
We use the following third-party services that process your data:
Each provider processes data according to their own privacy policies and data processing agreements. We are not responsible for the data practices of these third-party services. We encourage you to review their respective privacy policies. If any third-party service experiences a data breach or changes its data practices, our liability is limited as set forth in our Terms of Service.
We use essential cookies only — no advertising or tracking cookies. Specifically:
We do not use Google Analytics, Facebook Pixel, or any third-party tracking tools. Because we only use strictly necessary cookies required for the Service to function, no cookie consent banner is required under GDPR Article 5(3) of the ePrivacy Directive.
Your data is retained for as long as your account is active. Upon account deletion, your data is retained for up to 30 days (to allow recovery), after which it may be permanently deleted from our databases. We make reasonable efforts to delete data but cannot guarantee complete removal from all backup systems immediately. Chat messages are stored per session and can be cleared at any time. Rate limiting data (IP addresses) is automatically purged every 5 minutes and is not stored persistently.
We implement reasonable technical measures to protect your data:
However, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data and shall not be liable for any unauthorized access, data breach, or data loss despite our reasonable security measures. You are responsible for maintaining the security of your own devices, credentials, and API keys.
If you are in the European Economic Area, you have the right to:
To exercise these rights, contact privacy@skillgraph.dev. We will respond within 30 days. We may ask you to verify your identity before processing your request. We may refuse requests that are manifestly unfounded, excessive, or repetitive, or charge a reasonable fee for such requests as permitted by GDPR Article 12(5).
If you are a California resident, you have the right to:
We do not sell, rent, or trade your personal information to third parties for monetary consideration. We do not share personal information for cross-context behavioral advertising.
If you enable a public profile, the following data becomes publicly accessible: your username, node titles, domains, tags, and short content excerpts (up to 200 characters). Full node content remains private. You can disable your public profile at any time, which immediately removes your data from our public listings. However, we cannot control data that has already been cached, indexed, or archived by third-party search engines, crawlers, or other services.
The Service is not intended for users under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, contact us and we will take steps to delete it. If you are under 16, do not use the Service or provide any personal information.
Your data may be processed in the United States (where our hosting providers operate) and the European Union. Where data is transferred outside the EEA, our providers maintain appropriate safeguards through Standard Contractual Clauses and data processing agreements. By using the Service, you consent to the transfer of your data to these jurisdictions. We are not liable for the data protection practices of our hosting providers in their respective jurisdictions.
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify affected users without undue delay, and in any case within 72 hours of becoming aware of the breach, as required by GDPR Article 33. Notification will be made via email where possible. We will also notify the relevant supervisory authority as required by law.
We do not use your personal data for automated decision-making or profiling that produces legal effects or similarly significant effects on you. AI-generated knowledge nodes are suggestions only and require your explicit review and approval.
To the maximum extent permitted by applicable law, our liability for any data processing issues, including but not limited to data breaches, unauthorized access, data loss, or processing errors, is limited as set forth in our Terms of Service. We process your data in good faith and with reasonable security measures, but we cannot guarantee absolute security. You acknowledge that the use of any internet-based service involves inherent risks to data privacy and security.
We may update this Privacy Policy at any time at our sole discretion. Changes take effect immediately upon posting. We will make reasonable efforts to notify users of material changes via the Service or email, but it is your responsibility to review this policy periodically. The "Last updated" date at the top reflects the most recent revision. Continued use of the Service after changes constitutes your acceptance of the revised policy. If you disagree, your sole remedy is to stop using the Service and delete your account.
For privacy-related questions or to exercise your data rights, contact us at: privacy@skillgraph.dev
If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.