ValidGraph

Semantic Intelligence

Get started

Privacy Policy

Last updated: April 1, 2026 Codedication (“we”, “us”, or “our”) operates ValidGraph, available at validgraph.com. This Privacy Policy explains how we collect, use, disclose, and…

Last updated: April 1, 2026

Codedication (“we”, “us”, or “our”) operates ValidGraph, available at validgraph.com. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our service.

By using ValidGraph, you agree to the collection and use of information as described in this policy. If you do not agree, please discontinue use of the service.

1. Who We Are

ValidGraph is a schema validation and semantic intelligence platform developed and operated by Codedication. For any privacy-related matters, you can reach us at:

[email protected]

2. Data We Collect

2.1 Account Data

When you create an account, we collect:

  • Name and email address — used for authentication, account management, and transactional emails.
  • Password — stored as a one-way hash (bcrypt via WordPress). We never store or transmit your plain-text password.
  • Account preferences — plan tier, email notification preferences, two-factor authentication status.

2.2 Validation and Usage Data

When you validate a URL or paste schema markup, we collect and store:

  • The URL submitted — so we can fetch and analyze the page’s structured data.
  • The full validation result — including the parsed JSON-LD, detected schema types, errors, completeness score, AI Discoverability Score, and rich snippet eligibility. This is stored in our database to power your validation history, change detection, and monitoring features.
  • Usage counters — number of validations performed per period, to enforce your plan’s quota.
  • Timestamps — when each validation was performed.

We do not crawl or store the full HTML content of validated pages. We only extract and store the structured data (JSON-LD, Microdata, RDFa) found on those pages.

2.3 Billing and Payment Data

ValidGraph uses Stripe to process all payments. We do not store your credit card number, CVC, or banking details on our servers. When you subscribe to a paid plan:

  • Stripe creates a Customer ID and Subscription ID linked to your account.
  • We store those identifiers in our database to manage your subscription status.
  • Stripe’s own privacy policy governs how Stripe processes your payment information. You can review it at stripe.com/privacy.

2.4 Team and Collaboration Data

If you invite team members to your account (Agency and Enterprise plans), we store:

  • The email addresses of invited users.
  • Their role within your account (admin, editor, viewer).
  • The projects each member has access to.

2.5 Technical and Log Data

Like most web services, we automatically collect certain technical data when you interact with ValidGraph:

  • IP address — used for rate limiting (to prevent abuse), not stored permanently beyond the duration of the rate limit window (15 minutes to 1 hour depending on the action).
  • Session data — stored in a secure WordPress session cookie to keep you logged in.
  • API request logs — request type, timestamp, and response status, retained for up to 30 days for debugging purposes.

3. How We Use Your Data

We use the data we collect for the following purposes:

  • Providing the service — running validations, displaying your history, powering monitoring and alerts, and generating reports.
  • Account management — authentication, password reset, two-factor authentication, email verification.
  • Billing — processing payments, managing your subscription, sending invoices.
  • Communication — transactional emails (welcome, alerts, reports, plan changes) and, with your consent, product updates. You can manage your email preferences at any time from your account settings.
  • Security and abuse prevention — rate limiting, detecting fraudulent activity, protecting the integrity of the service.
  • Service improvement — understanding which features are used and how, to prioritize product development. We use aggregated, anonymized data for this purpose.

We do not sell your personal data. We do not use your validation results to train machine learning models. We do not share your data with third parties for advertising purposes.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data on the following legal bases:

  • Contract performance — processing necessary to deliver the service you have subscribed to (Art. 6(1)(b) GDPR).
  • Legitimate interests — security, fraud prevention, service improvement (Art. 6(1)(f) GDPR).
  • Legal obligation — retaining billing records as required by applicable tax law (Art. 6(1)(c) GDPR).
  • Consent — for optional marketing communications (Art. 6(1)(a) GDPR). You can withdraw consent at any time.

5. Data Retention

We retain your data as follows:

  • Account data — retained for as long as your account is active, plus 30 days after deletion.
  • Validation history — retained according to your plan tier (Pro: 12 months of history; Agency and Enterprise: unlimited). Deleted immediately upon account deletion.
  • Billing records — retained for 7 years to comply with tax and accounting obligations, even after account deletion.
  • IP-based rate limit data — automatically purged after the rate limit window expires (15 minutes to 1 hour).
  • API request logs — retained for 30 days.

6. Third-Party Services

ValidGraph uses a limited number of trusted third-party services to operate:

  • Stripe (payment processing) — your payment data is processed by Stripe. See stripe.com/privacy.
  • Email delivery provider — we use an SMTP provider to deliver transactional emails. Email content is encrypted in transit (TLS).
  • Google Search Console API (optional) — if you connect your Google account via the Integrations tab, we access your GSC data using OAuth. We only read the data necessary to display it within ValidGraph and do not store your Google credentials.

We do not use Google Analytics, Facebook Pixel, or any behavioral advertising trackers.

7. Your Rights (GDPR / LOPD)

If you are located in the EEA or Spain, you have the following rights regarding your personal data:

  • Right of access — request a copy of all personal data we hold about you.
  • Right to rectification — correct inaccurate or incomplete data.
  • Right to erasure — request deletion of your personal data (“right to be forgotten”). You can do this directly from your Account settings (“Delete account”) or by contacting us.
  • Right to data portability — export your validation data in JSON format from your Account settings at any time.
  • Right to object — object to processing based on legitimate interests.
  • Right to withdraw consent — for marketing emails, unsubscribe at any time using the link in any email or from Account > Email Preferences.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with your national data protection authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD).

8. Security

We take reasonable technical and organizational measures to protect your data:

  • All data in transit is encrypted via HTTPS/TLS.
  • Passwords are hashed and salted; we never store them in plain text.
  • Optional two-factor authentication (TOTP) is available for all accounts.
  • API keys are hashed before storage.
  • Access to production data is restricted to authorized personnel only.

No system is 100% secure. In the event of a data breach that affects your rights and freedoms, we will notify you and the relevant supervisory authority within the timeframes required by applicable law.

9. Cookies

ValidGraph uses cookies strictly necessary for the operation of the service (session authentication, CSRF protection). We do not use advertising or tracking cookies. For full details, please see our Cookie Policy.

10. Children’s Privacy

ValidGraph is not directed at children under the age of 16. We do not knowingly collect personal data from minors. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email and/or a notice on the dashboard at least 14 days before the changes take effect. Continued use of the service after that date constitutes acceptance of the updated policy.

12. Contact

For any questions about this Privacy Policy or your personal data, contact us at:

[email protected]
validgraph.com