Privacy Policy

Last updated: March 29, 2026

Who we are

szum is a chart rendering service operated by Bartosz Prusinowski, based in Zürich, Switzerland. You can reach us at contact@szum.io.

What data we collect

We collect only what we need to run the service.

  • Account information – name, email address, and hashed password when you sign up with email. If you sign in with GitHub, we receive your name, email, and profile image from the provider.
  • Payment information – handled entirely by Stripe. We never see or store your card number. We store your Stripe customer ID and subscription status.
  • API usage – we track the number of chart renders per month to enforce plan limits. Usage counts are stored per user, not per request.
  • API keys – stored as SHA-256 hashes. We cannot recover the original key.

Unauthenticated GET requests are rate-limited by IP address. We do not store IP addresses beyond the duration of the rate limit window.

Chart data

When you render a chart – via the API, the Figma plugin, or an embed – your chart configuration and data are sent to our servers, processed in memory, and returned as an image. We do not store chart configurations or rendered images in our database. No request payloads are logged.

Rendered responses may be cached on Vercel's edge network for up to seven days to improve performance. Cached responses are not accessible to us and expire automatically.

How we use your data

  • To provide and maintain the service
  • To authenticate you and manage your account
  • To process payments and manage subscriptions
  • To enforce rate limits and usage quotas
  • To send transactional emails (verification, password reset)

We do not sell your data. We do not use your data for advertising. We do not send marketing emails.

Third-party services

We use the following services to operate szum:

  • Vercel – hosting and edge network
  • Turso – database for accounts and API keys
  • Upstash – Redis for rate limiting and usage tracking
  • Stripe – payment processing
  • Resend – transactional email delivery
  • Vercel Analytics – privacy-friendly, cookieless web analytics
  • Figma– the szum Figma plugin runs inside Figma's environment. Local storage (API key, last config) is managed by Figma's client storage API on your device.

Each service has its own privacy policy. We choose providers that handle data responsibly.

Cookies

We use a single session cookie to keep you signed in. It is HTTP-only and essential to the service. We do not use tracking cookies or third-party advertising cookies.

Data retention

  • Account data is kept until you delete your account. You can do this from the account settings page.
  • Usage data (render counts) expires automatically at the end of each billing month.
  • Rate limit data expires within seconds to minutes, depending on the limit type.
  • Chart configurations and rendered images are not stored. Edge cache entries expire within seven days.

Your rights

Under Swiss data protection law (FADP) and the EU General Data Protection Regulation (GDPR), you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your account and all associated data
  • Export your data
  • Object to processing

You can delete your account and revoke API keys directly from your dashboard. For any other requests, email contact@szum.io.

Children

szum is not intended for children under 16. We do not knowingly collect data from children.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email to registered users. The latest version is always available at this URL.

Contact

Questions about this policy? Email contact@szum.io.