Axiom Chartsby
Privacy Policy

Last updated: 22 January 2026 / 22 Gennaio 2026

This Privacy Policy describes how Cartesia S.r.l. ("we", "us", or "our") collects, uses, and protects your personal data when you use Axiom Charts (the "Service"). We are committed to protecting your privacy in accordance with Regulation (EU) 2016/679 ("GDPR") and applicable Italian data protection laws.

Data Controller

The Data Controller is Cartesia S.r.l., with registered office at Largo Lucio Lazzarino 1, 56122 Pisa (PI), Italy. VAT Number: IT02543630509. You can contact us at: email info@cartesia.one, PEC cartesia@pec.it, phone +39 050 22 18 247, mobile +39 320 02 30 925.

Personal Data We Collect

We collect the following categories of personal data:

  • Account Data: When you register via Google Sign-In, we receive your email address and display name from Google.
  • Usage Data: We track your generation count, subscription plan, and service usage to manage your account and enforce usage limits.
  • Project Data: The content you create (diagrams, visualizations, chat messages) is stored to provide the Service.
  • Technical Data: Browser type, IP address, device identifiers, and browser fingerprint for anonymous users who have not registered.
  • Preference Data: Your language preference and custom style presets.

Purposes and Legal Basis for Processing

We process your personal data for the following purposes:

  • Service Provision (Art. 6(1)(b) GDPR - Contract): To create and manage your account, provide the visualization generation service, save your projects, and enforce usage limits.
  • Anonymous Trial Access (Art. 6(1)(f) GDPR - Legitimate Interest): For non-registered users, we use browser fingerprinting to provide limited free trials while preventing abuse. You can avoid this by not using the anonymous trial feature.
  • Service Improvement (Art. 6(1)(f) GDPR - Legitimate Interest): To analyze usage patterns and improve the Service. We balance this against your privacy rights by minimizing data collection and using aggregated data where possible.
  • Legal Compliance (Art. 6(1)(c) GDPR): To comply with applicable laws and regulations.

Third-Party Data Processors

We share your data with the following third-party service providers who act as data processors on our behalf:

  • Google Cloud Platform / Firebase: We use Google Firebase for user authentication (Firebase Auth) and data storage (Cloud Firestore). Your account data and projects are stored on Google servers. Google acts as our data processor under a Data Processing Agreement. Data may be transferred to the United States under EU-approved Standard Contractual Clauses.
  • Google Vertex AI: Your text prompts and diagram requests are sent to Google Vertex AI (Gemini model) for AI-powered generation. Google processes this data as a data processor under their Cloud Data Processing Addendum. We do not share personal identifiers with the AI service—only the content of your generation requests.
  • FingerprintJS: For anonymous users only, we use FingerprintJS client-side library to generate a browser identifier. This processing occurs entirely in your browser; no data is sent to FingerprintJS servers.

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), specifically the United States, where our third-party providers (Google) operate data centers. These transfers are protected by EU Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of data protection.

Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal purposes. For anonymous users (shadow users), fingerprint data is retained for 12 months of inactivity, after which it is automatically deleted.

Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of Access (Art. 15): You can request a copy of your personal data.
  • Right to Rectification (Art. 16): You can request correction of inaccurate data.
  • Right to Erasure (Art. 17): You can request deletion of your data ("right to be forgotten").
  • Right to Restriction (Art. 18): You can request limitation of processing in certain circumstances.
  • Right to Data Portability (Art. 20): You can receive your data in a structured, machine-readable format.
  • Right to Object (Art. 21): You can object to processing based on legitimate interests.
  • Right to Withdraw Consent (Art. 7): Where processing is based on consent, you can withdraw it at any time.

To exercise these rights, please contact us at info@cartesia.one or cartesia@pec.it. We will respond within 30 days as required by GDPR.

Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) at www.garanteprivacy.it, or with the supervisory authority in your EU Member State of residence.

Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit (TLS/HTTPS), secure authentication via Google Sign-In, access controls, and regular security assessments. Our infrastructure is hosted on Google Cloud Platform, which maintains ISO 27001 certification and SOC 2 compliance.

Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us and we will delete such information.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a prominent notice on our website or by sending you an email. The "Last updated" date at the top indicates when the policy was last revised.

Contact Us

For any questions about this Privacy Policy or to exercise your data protection rights, please contact: Cartesia S.r.l., Largo Lucio Lazzarino 1, 56122 Pisa (PI), Italy. Email: info@cartesia.one. PEC: cartesia@pec.it. Phone: +39 050 22 18 247. Mobile: +39 320 02 30 925. Website: cartesia.one

We use cookies to improve your experience. By continuing to use this site, you agree to our Privacy Policy and Cookie Policy.