Privacy Policy

Last Updated: March 2, 2026

1. Introduction

Systemonomic ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

This Privacy Policy applies to all users of the Systemonomic platform. By using the Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

  • Account Information: Name, email address, password, and company name
  • Payment Information: Credit card details, billing address (processed securely through Stripe)
  • Profile Information: Job title, organization details, preferences
  • User Content: Projects, WDA diagrams, tasks, roles, organizational designs, and other data you create using the Service
  • Communications: Messages, support tickets, feedback, and survey responses

2.2 Information Collected Automatically

When you access or use our Service, we automatically collect:

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Information: Pages viewed, features used, time spent, click patterns, navigation paths
  • Log Data: Server logs, error reports, API requests
  • Cookies and Similar Technologies: We use cookies, web beacons, and local storage to enhance your experience

2.3 Information from Third Parties

We may receive information from third-party services you connect to your account, such as:

  • Payment processors (Stripe)
  • Email service providers (SendGrid)
  • Analytics services
  • Social media platforms (if you choose to connect them)

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Create and manage your account, process transactions, deliver features
  • Improve the Service: Analyze usage patterns, develop new features, optimize performance
  • Communicate with You: Send transactional emails, respond to support requests, provide updates
  • Marketing: Send promotional content (with your consent, and you can opt out anytime)
  • Security: Detect fraud, prevent abuse, protect against security threats
  • Legal Compliance: Comply with legal obligations, enforce our Terms, resolve disputes
  • Analytics: Generate aggregated, anonymized statistics about Service usage

4. Legal Bases for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your personal data based on the following legal bases:

  • Contract Performance: Processing necessary to provide the Service under our Terms
  • Legitimate Interests: Improving our Service, fraud prevention, network security
  • Consent: Marketing communications, cookies (where required)
  • Legal Obligations: Compliance with tax, accounting, and regulatory requirements

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We share data with third-party vendors who perform services on our behalf:

  • Stripe (payment processing)
  • SendGrid (email delivery)
  • Railway (hosting infrastructure)
  • Neo4j Aura (database services)
  • Cloudflare (CDN and security)
  • Analytics providers (usage tracking)

5.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights and safety.

5.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

6. Data Retention

We retain your personal information for as long as necessary to:

  • Provide the Service to you
  • Comply with legal, tax, or accounting obligations
  • Resolve disputes and enforce our agreements

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal purposes. Backup copies may persist for up to 90 days.

7. Your Privacy Rights

7.1 GDPR Rights (EEA Users)

If you are in the EEA, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for consent-based processing

7.2 CCPA Rights (California Users)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Know: Request disclosure of personal data we collect, use, and share
  • Delete: Request deletion of your personal data
  • Opt-Out: Opt out of the "sale" of your personal data (we do not sell data)
  • Non-Discrimination: We will not discriminate against you for exercising your rights

7.3 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@systemonomic.com or use the account settings page in the Service. We will respond to your request within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

  • Encryption in transit (HTTPS/TLS) and at rest
  • Access controls and authentication
  • Regular security assessments
  • Secure hosting infrastructure
  • Employee training on data protection

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer data internationally, we use appropriate safeguards such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by relevant authorities
  • Other legally recognized transfer mechanisms

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Essential Cookies: Required for the Service to function (authentication, security)
  • Analytics Cookies: Help us understand how you use the Service
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of the Service.

11. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately, and we will delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending you an email notification (for significant changes)

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Privacy Inquiries: legal@systemonomic.com

Data Protection Officer (GDPR): legal@systemonomic.com

General Support: support@systemonomic.com

Support Form: Submit a ticket

We are committed to protecting your privacy and will respond to all inquiries within 30 days as required by GDPR and CCPA.

Terms of ServiceRefund PolicyBack to App