Privacy Policy
The Silver Crown Group LLC
Effective date: May 17, 2026
This Privacy Policy describes how The Silver Crown Group LLC (“SessionGraph”, “we”, “our”, or “us”) collects, uses, and shares personal information when you use the SessionGraph desktop application and the SessionGraph web platform (collectively, the “Service”). We are committed to protecting your privacy and processing your data lawfully and transparently.
1. Information We Collect
Account Information
When you create a SessionGraph account, we collect your email address and, optionally, a display name. This information is used to identify your account, send transactional emails (password reset, license confirmation, billing receipts), and associate your subscription status with your license key.
Usage Statistics
The SessionGraph desktop application optionally sends aggregate usage statistics to our servers when you are signed in: the number of tokens compressed, estimated cost savings in USD, session count, and compression ratio. These statistics are used to display your savings dashboard in the web UI. They are numeric metrics only — they contain no conversation content, no source code, and no API keys.
Payment Information
Payments are processed by Stripe. We do not receive or store your credit card number, CVV, or full payment card details. We store only your Stripe Customer ID and subscription status (free, pro, or cancelled) so we can determine your entitlements when validating your license key.
Log and Technical Data
Our web servers collect standard access logs including your IP address, browser user agent, and the pages you visit. These logs are retained for up to 90 days for security and debugging purposes and are not used for marketing or advertising.
2. What We Do Not Collect
Your source code
Files on your filesystem are read by the local proxy only to build session graphs, which are stored exclusively in the local SQLite database (~/.sessiongraph/sessions.db). They are not transmitted to our servers.
Your API keys
Your Anthropic, OpenAI, or other API keys are read from your environment at request time and forwarded only to the upstream AI provider. They are never stored by SessionGraph (locally or remotely).
Conversation content
The content of your AI conversations — your prompts, the model's responses, and the code discussed — stays on your machine. We do not receive it.
Session graphs
Session graphs are stored locally only. We do not upload your session graphs to our servers.
3. How We Use Your Data
We use the information we collect to:
- Provide, operate, and maintain the Service
- Manage your account and authenticate your identity
- Process payments and manage your subscription via Stripe
- Validate your license key when the desktop app checks entitlements (the validation ping contains only a hash of your license key — no personal data)
- Display your token savings and session statistics in the web dashboard
- Send transactional emails (billing receipts, account notices)
- Produce anonymised, aggregate analytics about product usage (e.g., average compression ratio across all users) — individual users are never identifiable in these reports
- Respond to your support requests
- Comply with legal obligations
We do not use your data for advertising, do not build advertising profiles, and do not sell your personal information to any third party.
4. Data Sharing
We share your personal information only with the following service providers, each of whom processes data solely on our behalf under contractual data processing agreements:
We do not sell your personal information. We do not share it with advertisers, data brokers, or analytics platforms. We may disclose data if required by law (e.g., a valid court order or subpoena), and will notify you unless legally prohibited from doing so.
5. Data Retention
- Account data (email, name, subscription status) is retained for as long as your account is active. Upon a verified deletion request, account data is purged within 30 days.
- Usage statistics (token counts, cost savings) are retained for 24 months from the date of collection, then automatically deleted.
- Server access logs are retained for 90 days and then automatically purged.
- Payment records are retained as required by applicable financial regulations (typically 7 years), but access is restricted to finance and legal personnel.
6. Your Rights
GDPR (EU / EEA / UK residents)
If you are located in the European Economic Area or the United Kingdom, you have the following rights under the GDPR / UK GDPR:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate data
- Right to erasure— request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations
- Right to data portability — receive your account data in a structured, machine-readable format
- Right to restrict processing — request that we limit how we use your data in certain circumstances
- Right to object — object to processing based on legitimate interests
CCPA (California residents)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA:
- Right to know — what personal information we collect, use, and share
- Right to delete — request deletion of your personal information
- Right to opt out of sale — we do not sell personal information; this right is not currently applicable but is honoured by default
- Right to non-discrimination — exercising your privacy rights will not affect your access to the Service
To exercise any of these rights, email privacy@sessiongraph.dev with the subject line “Privacy Request”. We will respond within 30 days (GDPR) or 45 days (CCPA) of receiving a verifiable request.
7. Cookies
The SessionGraph web platform uses a single session cookie to maintain your authenticated state after login. This cookie is:
- HttpOnly and Secure (not accessible by JavaScript; only sent over HTTPS)
- Session-scoped (expires when you close your browser) or up to 30 days if you select “Remember me”
- Strictly necessary for the Service to function — no consent banner required under ePrivacy Directive
We do not use advertising cookies, cross-site tracking cookies, or third-party analytics cookies (e.g., Google Analytics). We do not embed social media pixels.
8. Security
We implement industry-standard security measures including TLS encryption in transit, bcrypt password hashing, and access controls limiting data access to authorised personnel. Payments are handled entirely by Stripe, which is PCI DSS Level 1 certified. In the event of a data breach affecting your personal information, we will notify you and the relevant supervisory authority within the legally required timeframe.
9. How to Delete Your Account
To delete your SessionGraph account and all associated personal data:
- Email privacy@sessiongraph.dev from the address associated with your account.
- Use the subject line: “Account Deletion Request”.
- We will verify your identity, cancel any active subscription (no refund for unused time), and purge your account data within 30 days.
- You will receive an email confirmation once deletion is complete.
Note: Deleting your account does not delete your local SessionGraph data (session graphs, usage history stored on your machine). To remove that, delete the ~/.sessiongraph directory.
10. Contact Us
If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact our privacy team:
If you are in the EU/EEA and believe we have not addressed your concern adequately, you have the right to lodge a complaint with your local data protection supervisory authority.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the effective date at the top of this page. Continued use of the Service after the effective date constitutes acceptance of the revised policy.