Loading…
Last updated: 20 May 2026
Gramavec is an AI handwriting-analysis platform. This policy explains what data we collect, how we use it, and the choices you have. We aim to collect as little as possible and to be honest about what we do.
Account data: your email address and authentication details (or the identifier from a social login provider if you use one).
Content you upload: handwriting and signature images you submit for analysis, and the analysis results we generate from them.
Morphological features derived from your uploads: quantitative measurements our calibrated engine produces from each image (pressure, slant, letter height, proportion, connection structure). These are derived measurements, not raw biometric identifiers; we treat them with biometric-grade care anyway and only process them under your explicit consent.
Basic technical data needed to run the service (e.g. session tokens, rate-limiting counters, and error logs).
To provide the analysis you request, to operate your account, to enforce usage limits, and to keep the service secure.
Three distinct usage lanes — please understand which one your action triggers:
• Discovery (personality style, learning style, handwriting wellness, partner compatibility) — entertainment and self-discovery only. NOT a diagnosis, identity, hiring, or decision tool.
• Documents & Signature — an expert pre-screening assistant. A certified expert has the final say; our output is a measurement aid, not a verdict.
• Enterprise — organisational management data (members, audit log, branding, SSO).
Your handwriting data is never used to train AI models, and we do not sell your data.
Images are transmitted over TLS 1.3. When stored on Google Cloud Storage, they benefit from Google-managed server-side encryption. When the MongoDB blob fallback path is used (development or single-tenant deployments), raw image bytes are Fernet-encrypted (AES-128-CBC with HMAC authentication) before they reach the database — at-rest protection is in line with the GCS path.
Uploaded raw images are retained for the duration of your subscription tier's retention window (Free: 24 hours, Professional: 90 days, Business: 1 year, Enterprise: per-organisation policy) and then automatically purged by a scheduled cleanup task. The structured analysis report remains associated with your account so you can revisit it.
Our analysis workflow runs on our own calibrated measurement engine — the quantitative core (pressure, slant, proportion, connection structure, and the forensic ROC/EER-calibrated comparisons) is computed in-house.
For some language-understanding and visual-interpretation steps we use **Google's Gemini API as a data processor**. During those calls, the uploaded image is transferred to Gemini's infrastructure under Google's processor terms; per Gemini's commitment, those call-time inputs are not retained for model training.
If you make a payment, the transaction is handled by our payment processor; we do not store full card details.
We keep account data while your account is active and structured analysis reports until you delete them or close your account. Raw uploaded images follow the tier-based retention window described in Section 3 (Free: 24 hours, Professional: 90 days, Business: 1 year, Enterprise: per-organisation policy). You can request deletion at any time.
You can access, correct, export, or delete your personal data, and you can object to or restrict certain processing. To exercise these rights, contact us using the details below.
If you are in Türkiye, please also see our KVKK notice; if you are in the EU/EEA, the GDPR applies to your data.
Questions or requests: reach us at the contact address published on our website.
We may update this policy; we will post the new version here and update the date above.