Legal
Privacy Policy
Last updated: May 22, 2026
This policy describes how Graniite (“Graniite,” “we,” “us”) handles your information when you use our service at graniite.co, graniite.io, and related applications (the “Service”).
If anything below is unclear, email team@graniite.co.
1. What we collect about you
Account information. Your email address, used to authenticate you and send transactional and (optional) product emails.
Usage data. Logs and usage metrics needed to run the Service, enforce plan limits, and bill accurately.
Billing data. Handled by Stripe. We store only what we need to administer your subscription.
Product analytics (with your consent). If you accept all cookies, this helps us improve user experience and improve Graniite services. We do not sell your data nor track any actions outside of Graniite. Decline the cookies to opt out.
2. What you store with us
Only you can read or view the content in your library. We do not browse or read your content except as strictly needed to operate, support, or secure the Service (for example, investigating an error you report or an abuse signal). Service providers process narrow slices of your content only at the moment you take an action that requires it (see Section 4).
3. How we use it
- To run the Service and the agents you authorize.
- To authenticate you and secure your account.
- To enforce plan limits and bill correctly.
- To send transactional email.
- To prevent abuse and fraud.
- To diagnose bugs and improve the product in aggregate.
We do not use your content to train or fine-tune any AI model. We do not sell your information.
4. Who we share it with
We share information only with the service providers we need to operate the Service. These fall into the following categories:
- Hosting, database, and storage providers.
- AI model providers (for transforms, chat, and OCR).
- Transcription providers (for audio and video).
- Webpage fetch and parsing providers.
- Transactional email delivery.
- Background job orchestration.
- Error and performance monitoring.
- Product analytics (opt-in, via the cookie banner).
- Stripe for payment processing.
The specific companies we use, with their addresses and compliance resources, are listed on our sub-processors page.
We may share information when required by law (subpoena, court order) or to protect Graniite, our users, or the public from harm. We will notify you unless legally prohibited from doing so.
5. Where it is stored
Our primary data stores are in the United States. If you access the Service from outside the US, your information is transferred to and processed in the US.
6. Retention
We keep your data while your account is active. When you delete your account, we remove your content from production systems within a reasonable period; backups age out shortly after. Some operational records (billing, logs, abuse signals) may be retained for as long as required for legal, accounting, or security purposes.
7. Your rights
You can:
- Access and export your content from your account.
- Delete your account.
- Update your account information in settings.
- Unsubscribe from non-essential email.
If you are in the EU or UK, you also have rights under the GDPR and UK GDPR, including the right to object to or restrict processing, request portability, and complain to a supervisory authority. Email team@graniite.co to exercise any of these rights.
8. Cookies
We use a small set of first-party cookies, in two groups:
Necessary cookies keep you signed in and your session secure. They’re set when you log in and can’t be turned off — without them you can’t use the Service.
Analytics cookies help us understand how the Service is used so we can improve it. They’re off by default and only run if you click “Accept all” in the cookie banner you see on your first visit. You can change your mind anytime — including right now: .
We do not use cookies for advertising, retargeting, or cross-site tracking.
9. Security
We use encryption in transit and at rest, scoped access controls, and secure handling of API tokens. No system is perfectly secure. Report vulnerabilities to team@graniite.co.
10. Children
The Service is not directed to children under 13 (or under 16 in the EU and UK). We do not knowingly collect information from anyone in that age range.
11. Changes
We may update this policy as the Service evolves. Material changes will be announced by email and the “Last updated” date above will change.
12. Contact
Email team@graniite.co.