G GremlinStudio

Privacy Policy

Last updated: February 14, 2026

GremlinStudio ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data when you use the GremlinStudio desktop application ("the App") and our website at gremlinstudio.net ("the Website").

1. Overview

GremlinStudio is a desktop application that runs locally on your computer. Your graph data, queries, connection credentials, and configuration are stored on your machine and never transmitted to our servers. We collect minimal information to operate our business, process payments, and improve the product.

2. Information We Collect

2.1 Desktop Application

The App stores all data locally on your machine in a SQLite database. This includes:

  • Connection profiles (hostnames, ports, authentication keys)
  • Query history and saved queries
  • Graph visualization style rules
  • License activation key and email
  • User preferences and settings
  • AI provider API keys (if you configure Bring Your Own Key)

None of this data is transmitted to GremlinStudio servers. All data remains on your machine and is only accessible to your operating system user account.

2.2 Optional Telemetry (Desktop App)

The App includes an optional, opt-in telemetry system that is disabled by default. You can enable or disable telemetry at any time in Settings > Privacy.

When enabled, we collect:

  • Feature usage counts (which panels and features you use)
  • Query execution counts and durations (not the query text itself)
  • Error stack traces for crash reporting
  • App version and operating system type

We never collect:

  • Query text, results, or graph data
  • Connection strings, database credentials, or authentication keys
  • Database schema or data content
  • IP addresses or device identifiers
  • AI/OpenAI API keys

Telemetry data is processed by Microsoft Azure Application Insights (East US region) and retained for 90 days. The App does not use cookies or local storage for tracking purposes.

2.3 Website

When you visit our Website, we collect:

  • Analytics: We use Microsoft Clarity for session replay, heatmaps, and usage analytics. Clarity may set first-party cookies. We also use Azure Application Insights for page view and click tracking (configured without cookies or local storage).
  • Contact form: If you submit our contact form, we collect your name, email address, company name (optional), team size (optional), and message. This data is forwarded via webhook for email delivery and is not stored in a database.

2.4 Purchases

When you purchase a subscription, payment processing is handled entirely by Stripe. We do not collect, store, or have access to your credit card number or billing address. Stripe provides us with your email address, name, subscription tier, and payment status so we can generate and deliver your license key.

3. How We Use Your Information

  • License delivery: Your email address (from Stripe) is used to send your license key and subscription-related communications.
  • Contact form responses: To respond to your inquiry.
  • Telemetry (if enabled): To understand feature usage, fix bugs, and improve the product. Telemetry data is analyzed in aggregate and is never used to identify individual users.
  • Website analytics: To understand how visitors interact with our marketing site.

4. Third-Party Services

We use the following third-party services:

Service Purpose Data Shared
Stripe Payment processing Email, name, payment info (Stripe-hosted)
Telemetry and website analytics Anonymized usage events (opt-in for desktop)

Each third-party service operates under its own privacy policy. We encourage you to review their policies.

4.1 Your Own Third-Party Connections

The App connects directly from your machine to services you configure, including:

  • Azure Cosmos DB: Your graph database. Connections are made directly from your machine using credentials you provide. We never proxy, intercept, or have access to your database traffic.
  • OpenAI / Azure OpenAI: If you configure a Bring Your Own Key (BYOK) for AI-powered natural language queries, API calls are made directly from your machine. Your API key is stored locally and never transmitted to GremlinStudio.

5. Data Storage and Security

5.1 Desktop App Data

All application data is stored in a local SQLite database on your machine. The database is accessible only to your operating system user account. We do not encrypt the local database file; your data is protected by your operating system's file permissions and any disk encryption you have enabled.

5.2 Website Data

The Website is hosted on Microsoft Azure Static Web Apps with the following security measures:

  • HTTPS encryption for all connections
  • Security headers: X-Frame-Options, X-Content-Type-Options, X-XSS-Protection, Referrer-Policy, Permissions-Policy
  • No server-side data storage (static site with serverless functions)

6. Data Retention

  • Desktop App (local): Data persists until you delete the database file or uninstall the App.
  • Telemetry: 90 days (Azure Application Insights workspace default).
  • Contact form: Transient processing only; not stored in a permanent database. Azure Functions logs are retained for 30 days.
  • Stripe: Per Stripe's data retention policies (typically 7 years for regulatory compliance).
  • Clarity: Per Microsoft Clarity's data retention policies.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your personal data (right to erasure).
  • Object to or restrict the processing of your data.
  • Portability: All desktop App data is stored locally and under your full control.
  • Withdraw consent: Disable telemetry at any time in Settings > Privacy.

To exercise these rights, contact us at info@gremlinstudio.net.

8. Cookies

The Desktop App does not use cookies or web tracking of any kind.

The Website uses cookies set by Microsoft Clarity for analytics purposes. Azure Application Insights on the Website is configured without cookies. Stripe may set cookies on its own domain during the checkout process.

9. Children's Privacy

GremlinStudio is not directed at children under 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us and we will promptly delete it.

10. International Data Transfers

Telemetry data (if enabled) and website analytics are processed in Microsoft Azure (East US region, United States). Payment data is processed by Stripe in accordance with Stripe's data processing agreements. If you are located outside the United States, your data may be transferred to and processed in the United States.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date. Your continued use of the App or Website after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: