Privacy Policy

We collect the following categories of information when you use Ploto:

• Account information: your email address and a securely hashed password when you register.
• Uploaded content: CSV and Excel files you upload to generate charts. These files are stored securely and are only accessible to you.
• Usage data: actions you take within the app (e.g., creating projects, uploading datasets, generating charts), collected to help us improve the product.
• Technical data: error reports and diagnostic information collected automatically when the app encounters an issue.
• Billing information: if you subscribe to a paid plan, your payment details are collected and processed directly by our payment processor. Ploto never stores your card number or banking information.

We use the information we collect to:

• Create and manage your account.
• Process your uploaded files and generate AI-powered charts.
• Provide, operate, and improve the Ploto service.
• Diagnose and fix technical errors.
• Send transactional emails (account confirmation, password reset, billing receipts).
• Comply with legal obligations.

We do not sell your personal data. We do not use your data for advertising purposes or share it with third parties for their own marketing.

When you generate a chart, Ploto sends a statistical summary of your data columns (e.g., column names, data types, and aggregate statistics) to a third-party AI service to determine the most appropriate chart configuration. Raw row-level data from your files is processed locally on our servers and is not transmitted to the AI provider. You should avoid uploading files that contain sensitive personal information unrelated to your charting needs.

We share data with trusted third-party providers solely to operate the service. These providers are contractually obligated to protect your data and may only use it to perform services on our behalf:

• Authentication & storage provider: stores your account credentials and uploaded files.
• AI processing provider: receives column-level metadata from your datasets to generate chart configurations.
• Analytics provider: collects anonymised usage events to help us understand how the product is used.
• Error monitoring provider: receives diagnostic data when application errors occur.
• Payment processor: handles billing for paid subscriptions. See Section 5 for details.

Paid subscriptions are handled by a third-party payment processor acting as the Merchant of Record. When you purchase a plan, you are transacting directly with that processor — Ploto never receives or stores your payment card details. The processor's own privacy policy governs the handling of your billing information. We receive only a confirmation of your subscription status.

We retain your account data and uploaded content for as long as your account remains active. If you delete your account, your personal data and uploaded files are permanently deleted within 30 days, except where retention is required by law. You may request deletion at any time by contacting us at info@heyploto.com.

Depending on where you are located, you may have certain rights regarding your personal data:

• Access & portability: request a copy of the personal data we hold about you.
• Correction: ask us to correct inaccurate or incomplete data.
• Deletion: request that we delete your personal data.
• Restriction & objection: ask us to restrict processing or object to certain uses of your data.
• Withdrawal of consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

These rights apply under the Bahrain Personal Data Protection Law (PDPL), the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and equivalent laws in other jurisdictions. To exercise any of these rights, contact us at info@heyploto.com. We will respond within 30 days.

Ploto uses cookies and similar technologies to keep you signed in and to collect anonymised usage analytics. Analytics data is processed in the EU and is not used to identify you personally. You can disable cookies in your browser settings, but doing so may affect the functionality of the service.

We implement industry-standard security measures including encryption in transit (TLS), encrypted storage, and row-level access controls that ensure your data is never visible to other users. However, no method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at info@heyploto.com.

Ploto is not directed at individuals under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

Ploto is based in Bahrain. By using the service, you acknowledge that your data may be transferred to and processed in countries outside your own, including countries that may have different data protection standards. Where required, we rely on appropriate safeguards (such as standard contractual clauses) to protect your data during such transfers.

We may update this policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. If changes are material, we will notify you by email or by a prominent notice within the app. Your continued use of Ploto after changes take effect constitutes your acceptance of the revised policy.

If you have questions or concerns about this Privacy Policy or how we handle your data, please contact us at info@heyploto.com.