Privacy Policy

RelationChart — operated by Westbye Insights (enkeltpersonforetak)
Last updated: March 10, 2026

1. Who We Are

RelationChart is a social dynamics journaling and visualization tool operated by Westbye Insights, a sole proprietorship registered in Norway. For the purposes of the General Data Protection Regulation (GDPR), Westbye Insights is the data controller.

Contact: contact@relationchart.com

2. What Data We Collect

2.1 Account Data

When you create an account, we collect:

  • Email address
  • Password (hashed — we never store or have access to your plaintext password)
  • Display name (if provided)

2.2 User-Generated Content

RelationChart allows you to create personal records about your social relationships. This may include:

  • Relationship memos and journal entries
  • Personality assessments and axis ratings you assign to contacts
  • Graph structures representing your social connections
  • Story entries and contextual notes

This content is personal and private. It is stored in your individual account and is not accessible to other users, to RelationChart staff, or to any third party — except as described in Section 5 (AI Analysis).

2.3 Usage Data

We collect minimal, anonymous usage data to maintain and improve the service:

  • Pages visited and features used (aggregated, not linked to your identity)
  • Error logs and performance metrics
  • Device type and browser (for compatibility purposes)

We do not use third-party analytics trackers.

3. How We Store Your Data

All user data is stored in Supabase, a hosted PostgreSQL infrastructure provider. Your data resides in a Supabase project configured with Row Level Security (RLS), meaning the database enforces — at the infrastructure level — that each user can only access their own records.

Data region: All user data is stored and processed within the European Union (Ireland). Your data does not leave the European Economic Area.

Supabase acts as a data processor on our behalf. Their processing is governed by their Data Processing Agreement, available at supabase.com/legal/dpa. Since all data remains within the EEA, no international transfer mechanisms (such as Standard Contractual Clauses) are required for core data storage.

4. How We Use Your Data

We use your data for the following purposes:

  • Providing the service: Storing and displaying your relationship maps, memos, and personality assessments.
  • Authentication: Managing your account and verifying your identity.
  • AI features: If you use AI features, selected data from your account is sent to a third-party language model provider to generate insights. See Section 5 for details.
  • Service improvement: Aggregated, anonymized usage patterns to improve RelationChart's functionality.

We do not use your data for advertising, profiling, or any purpose other than delivering and improving the service you signed up for.

5. AI Analysis Feature

RelationChart includes an AI analysis feature that processes your memos and relationship data to generate insights.

How it works:

  • When you explicitly request an AI analysis, the relevant data (memos, personality axes, relationship context) is sent to Anthropic via their API.
  • This data is transmitted in real time and is not stored by the LLM provider beyond the duration of the API request.
  • AI analysis is never performed automatically. It is triggered only by your explicit action.
  • You can use RelationChart's full journaling and visualization features without ever activating AI analysis.

Legal basis (GDPR): Your explicit consent, given when you activate the feature.

6. Data About Third Parties

RelationChart is a personal journaling tool. The relationship data, personality assessments, and memos you create describe other people in your life — people who have not consented to being documented.

Our position:

  • Your RelationChart data is a private journal. It is analogous to a diary or personal notebook and falls under the GDPR's household exemption (Article 2(2)(c)) insofar as the data is used for purely personal purposes.
  • We do not share, publish, or make accessible any data you create about other people.
  • We encourage you to use RelationChart responsibly and to refrain from storing sensitive information (health conditions, political opinions, sexual orientation) about others unless it is genuinely relevant to your personal reflection.
  • If you choose to share or export your data outside RelationChart, you bear responsibility for how that data is used.

7. Your Rights Under GDPR

As a user based in the European Economic Area, you have the following rights:

  • Access: Request a copy of all data we hold about you.
  • Rectification: Correct inaccurate data in your account.
  • Erasure: Delete your account and all associated data. We will comply within 30 days.
  • Data portability: Receive your data in a structured, machine-readable format.
  • Restriction: Request that we limit processing of your data.
  • Objection: Object to processing based on legitimate interests.
  • Withdrawal of consent: Withdraw consent for AI analysis at any time by disabling the feature.

To exercise any of these rights, contact us at contact@relationchart.com. We will respond within 30 days.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at datatilsynet.no.

8. Legal Basis for Processing

PurposeLegal Basis (GDPR Art. 6)
Account creation and authenticationPerformance of a contract (Art. 6(1)(b))
Storing your journals and relationship dataPerformance of a contract (Art. 6(1)(b))
AI analysis featureConsent (Art. 6(1)(a))
Service improvement (aggregated analytics)Legitimate interest (Art. 6(1)(f))

9. Data Retention

  • Active accounts: Your data is retained for as long as your account exists.
  • Deleted accounts: Upon account deletion, all associated data (memos, graphs, personality data) is permanently deleted from our Supabase database within 30 days. Backups are purged within 90 days.
  • AI analysis logs: No user data is retained by the AI provider after the API request completes.

10. Security

We implement the following security measures:

  • All data is encrypted in transit (TLS 1.2+) and at rest.
  • Supabase Row Level Security (RLS) enforces per-user data isolation at the database level.
  • Passwords are hashed using bcrypt via Supabase Auth.
  • We do not store API tokens, session keys, or credentials in client-side code.

No system is perfectly secure. If you discover a security vulnerability, please contact us at contact@relationchart.com.

11. Cookies and Local Storage

RelationChart uses only essential cookies and local storage required for authentication and session management. We do not use advertising cookies, tracking cookies, or any third-party cookie-based services.

12. Children

RelationChart is designed for university students and is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If we become aware that a user is under 16, we will delete their account promptly.

13. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email or in-app notification. The “Last updated” date at the top of this page reflects the most recent revision.

14. Contact

For any questions about this privacy policy or your data:

Westbye Insights
contact@relationchart.com