1. Overview & Scope
This Privacy Policy describes how Infinity Charts ("we," "us," or "our") collects, uses, processes, and protects your personal and integration information. We act as the Data Controller for account registration, usage diagnostics, and billing configurations, and as a Data Processor with respect to the database records accessed in your connected Notion workspaces.
This policy applies globally to all users who interact with the Infinity Charts application interface, API endpoints, dashboards, widgets, and charts embedded on third-party platforms.
2. Information We Collect
To deliver real-time interactive charting and custom visualizations, we collect, process, and retain limited categories of information. We restrict this collection strictly to parameters necessary for application execution.
A. Information Provided via Notion OAuth Integration
When authorizing Infinity Charts to access your Notion workspace, the Notion API supplies credentials that we store securely in our database:
- Encrypted OAuth Token: The authorization key (
accessToken) allowing our servers to request database entries on your behalf. - Workspace Identifiers: The Notion Workspace ID, Workspace Name, and unique Notion User ID to map configurations to your correct account workspace.
- Workspace Metadata: Custom icons or display names provided by Notion to customize your dashboard layout.
B. Notion Database Structure & Configuration Metadata
To build and save visualization presets, we store database properties and schema structures:
- Database Identifiers: The unique ID of authorized databases you choose to link.
- Property Schema: Column names, property types (e.g., Select, Date, Number), and sorting selections.
- Chart Customization: Visualization parameters including height settings, line smoothing, grid line configurations, palette options, and filter formulas.
C. Technical Telemetry & Cookie Storage
We collect anonymous diagnostics when you browse our site or view an embedded widget:
- Performance Telemetry: Loading times, rendering latency, browser user-agent, operating system, and geographic area (country-level) analyzed via Vercel Analytics.
- Cookies: Session tokens and layout preferences stored in local storage to keep you authenticated and maintain dashboard layouts.
3. Legal Bases for Processing
If you reside in the General Data Protection Regulation (GDPR) jurisdiction (EEA, United Kingdom, or Switzerland), we process your personal information under the following legal bases:
- Contractual Performance: Processing is required to fulfill our service agreements, authorize database syncs, and generate live embeds.
- Legitimate Interests: Processing is conducted to maintain security boundaries, prevent integration abuse, analyze service stability, and optimize layout configurations.
- Legal Obligations: Compliance with statutory billing records, security incidents, or regulatory disclosures.
4. Security & Encryption
We enforce architectural isolation to protect user credentials. Because access tokens grant query access to your Notion databases, we apply cryptographic controls at every layer:
AES-256 Encryption at Rest
All Notion workspace access tokens are encrypted using Advanced Encryption Standard (AES-256-GCM) prior to database persistence. Encryption keys are managed separately in insulated runtime environments.
TLS 1.3 Transit Security
All communications between Notion APIs, our backend servers, and your client browser are encrypted in transit using Transport Layer Security (TLS 1.2 or TLS 1.3).
Zero-Cache Data Minimization
Our databases do not cache or store raw database values, cell values, or text blocks fetched from Notion. Your database rows are read in real-time on query execution, formatted, and instantly piped to client charts.
5. Sharing & Disclosures
We limit external disclosures to subprocessors involved in hosting the service, executing code queries, and managing notifications. We do not sell or monetize personal profiles or database information.
Authorized Subprocessors
| Partner | Processing Purpose | Data Residency |
|---|---|---|
| Notion Labs, Inc. | Workspace database retrieval & authentication portal | United States |
| Vercel Inc. | Application hosting, edge server execution, analytics | United States / Global CDN |
| Resend, Inc. | Platform notification delivery & email dispatch | United States |
6. Retention & Revocation
We retain account identifiers, configurations, and encrypted access tokens as long as you maintain an active account. You hold ultimate control over this data retention period:
- Chart Deletion: Removing a chart from the Infinity Charts dashboard triggers an immediate deletion of its styling configuration and database mapping indexes.
- Notion Connection Revocation: You can disconnect Infinity Charts from your Notion workspace at any time under
Settings > Connectionsinside Notion. This invalidates the OAuth token immediately. - Account Deletion: If you request account closure, all corresponding database entries, workspace profiles, and encrypted tokens are purged from our live database within 14 business days.
7. Global Privacy Rights
Regardless of your nationality, you are entitled to key privacy rights. We extend high-standard protections equivalent to those found under GDPR and CCPA to all users:
- Right of Access & Portability: You may request a structured export of all profile settings and configuration records linked to your user ID.
- Right to Rectification: You can update configuration properties, workspace associations, and email aliases.
- Right to Erasure ("Right to be Forgotten"): You may request deletion of all historical records, analytical diagnostics, and access credentials.
- Right to Restriction & Objection: You have the right to object to diagnostic analysis or automated profiling.
To exercise any of these options, please dispatch your request to our support inbox at infinityblockshq@gmail.com.
8. International Transfers
By authorizing our services, you acknowledge that your personal and configuration data is transferred to and processed in the United States, where our hosting and database subprocessors operate.
To ensure compliance with cross-border data transfer regulations, we operate under Standard Contractual Clauses (SCCs) approved by the European Commission, guaranteeing equivalent data protection parameters.
9. Children's Privacy
Our database visualization services are directed strictly to professional organizations and individuals who are at least 13 years of age (or 16 years within the EEA). We do not knowingly compile or store records from minors. If you discover a child has registered or completed Notion authorization, notify us immediately to purge the credentials.
10. Changes to Policy
We update this privacy policy periodically to reflect API modifications, deployment expansions, or regulatory shifts. We will signal updates by updating the effective timestamp at the top of this page. Significant revisions that expand our data processing boundaries will be highlighted via in-app banner announcements.
11. Contact & Support
For inquiries, data protection compliance requests, or deletion queries, please contact the Data Protection Officer (DPO) at: