Privacy policy.
Line9 is a rendering tool, not a data business. We collect the personal data the product structurally needs and almost nothing else. This page lists what we hold, why, how long, and what you can do about it.
Last updated · 2026-05-21
Line9 is operated by Moverve Limited (the controller, in GDPR terms). Reach the controller at privacy@line9.ai.
The web viewer renders your diagrams in your browser. The CLI renders on your machine. The Mermaid source you type, all node and edge labels, your node IDs, your comments, your colours, and any other free-form content never leave your device unless you explicitly publish a diagram or save one to a workspace. The wire format for telemetry structurally cannot carry source text — there is no source field, no labels field, no free-text error message.
| What | Why | Retention |
|---|---|---|
| Email address | Sign-in, magic-link delivery, invoice receipts, dunning emails. | For the life of your account. Anonymised on account deletion. |
| GitHub username and primary email (when you sign in with GitHub) | OAuth identity binding. Nothing else from your GitHub account is read or stored. | For the life of your account. |
| Workspace membership and role | Authorisation: which workspace you belong to, owner or member. | For the life of the membership. Anonymised on account deletion. |
| Subscription metadata (Stripe customer + subscription IDs, billing-primary) | Run the subscription. Card numbers never touch Line9 — Stripe holds them. | For the life of the subscription, plus the period required for tax and dispute records. |
| CLI credentials and active devices | Authenticate the CLI; let you revoke individual machines from /app/account. | Until you revoke them or delete your account. |
| Published diagrams (only what you explicitly publish) | Serve your line9.ai/d/<slug> pages. | Until you delete the diagram or close the workspace. |
| Anonymous render telemetry | Operate the rendering engine. No source text, no labels, no per-user identifiers. | See the dedicated diagram-capture page below for the field list and an opt-out switch. |
| Server logs and Cloudflare-edge access metadata | Operate and secure the service. IPs are not retained beyond standard CDN windows. | Cloudflare default rolling window; not retained by Line9 beyond that. |
We rely on three legal bases under GDPR Art. 6: contract for the data needed to deliver your subscription and workspace; legitimate interests for security logs, anti-abuse, and operating the rendering engine; and legal obligation for tax, billing, and audit records we are required to retain. We do not process special categories of personal data and do not run advertising or profiling pipelines.
- Cloudflare — hosting, DNS, CDN, edge runtime, D1 database, R2 object storage, KV, Queues, Analytics Engine.
- Stripe — subscription billing, payment processing, Stripe Tax. Card numbers and tax-residency data live with Stripe; Line9 holds only the identifiers and the derived subscription state.
- Resend — transactional email (magic-link sign-in, invoices, dunning, deletion notices).
- GitHub — OAuth identity provider, when you choose "Continue with GitHub". We read your primary email and username; nothing else.
You may request access to the personal data we hold about you, correction of inaccurate data, deletion, restriction, or portability. The simplest path is the self-serve account deletion at /app/account: it anonymises your PII, removes you from every workspace, and follows the billing-continuity rules in our EULA. Audit and billing records remain for compliance, pointing at an anonymised tombstone rather than your name and email. For any other request, email privacy@line9.ai. EEA and UK residents have the additional right to lodge a complaint with their local supervisory authority.
A separate diagram-capture transparency page lists every field that leaves your browser, what the canonical fingerprint is and is not, and provides a switch to opt out. We keep that detail on its own page because it is the most surprising thing the renderer does, and we want it to be auditable rather than buried.
Line9 runs on Cloudflare's global network and on Stripe's payment infrastructure. Personal data may be processed in countries other than your own. Our sub-processors operate under Standard Contractual Clauses or equivalent transfer mechanisms where required.
When we change this policy, the last updated date at the top of the page changes too. Material changes that affect the data we collect or how we use it will be announced via email to the billing-primary address on file at least thirty days before they take effect.