← Back to SchemaSpace

Privacy Policy

Last updated: April 8, 2026

NorthSchema ("we," "us," or "the Company") operates SchemaSpace at schemaspace.co (the "Platform"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

1. Information We Collect

Information You Provide

  • Account information: Email address, display name, username, and password (or Google OAuth credentials). Avatar image if uploaded.
  • Profile information: Bio, self-declared work experience, education, certifications, and external links. All profile information beyond email and display name is optional.
  • User Content: Posts, comments, notes, and other content you create in community spaces or your personal vault.
  • Source preferences: The sources, topics, and workspaces you create and follow.
  • Payment information: Processed and stored by Stripe. We do not store credit card numbers or full payment details on our servers. We store your Stripe customer ID for subscription management.

Information Generated Through Platform Use

  • Voting activity: When you cast Like, Trust, or Flag votes on community posts. Individual votes are recorded to prevent duplicate voting and to calculate Community Standing. Your specific votes are not publicly displayed with your identity — only aggregated counts are shown publicly.
  • Community Standing data: Trust scores, tier assignments, and reputation metrics calculated from aggregated community voting activity. These are displayed on your public profile.
  • Vault data: Items you save to your personal vault and any notes you attach to them.
  • AI interaction data: Queries you make to the AI assistant feature.

Information Collected Automatically

  • Usage data: Pages visited, features used, and general interaction patterns to improve the Platform.
  • Device information: Browser type, operating system, and device type for compatibility and performance purposes.
  • Log data: IP addresses, access times, and referring URLs for security and diagnostic purposes.

2. How We Use Your Information

We use your information to:

  • Operate, maintain, and improve the Platform.
  • Personalize your feed based on your selected sources and workspaces.
  • Calculate and display Community Standing metrics based on aggregated community voting.
  • Generate AI summaries and analysis of content from your selected sources.
  • Detect convergence events across your tracked sources.
  • Process subscription payments through Stripe.
  • Detect and prevent spam, abuse, coordinated inauthentic behavior, and violations of our Terms of Service.
  • Send service-related communications (account verification, security alerts, subscription updates).
  • Respond to your requests and provide customer support.

We do not sell your personal information to third parties. We do not use your data for advertising purposes. We do not share your individual voting activity publicly.

3. AI Processing

The Platform uses artificial intelligence (currently OpenAI's models) to generate content summaries, extract entities, detect convergence, and power the AI assistant. When AI processes content:

  • Third-party content (YouTube transcripts, RSS content, etc.) is sent to AI providers for summarization.
  • Your AI assistant queries may be sent to AI providers to generate responses.
  • AI providers process data according to their own privacy policies and data handling agreements.

We use API-based AI services with data processing agreements that restrict the use of submitted data for training purposes.

4. Third-Party Services

The Platform uses the following third-party services that may receive or process your data:

Supabase — Database hosting, authentication, and file storage. Stores account data, content, and vault items. Privacy Policy
Vercel — Web hosting and edge functions. Processes web requests. Privacy Policy
Stripe — Payment processing. Handles all payment data. Privacy Policy
OpenAI — AI processing for content summaries and assistant. Privacy Policy
Google — OAuth authentication (if you sign in with Google). Privacy Policy
Cloudflare — DNS and domain services. Privacy Policy

5. Community Standing & Voting Privacy

The Community Standing system involves the following data practices:

  • Votes are recorded to prevent duplicates and calculate standings, but individual vote records (who voted how on which post) are not publicly displayed.
  • Aggregated metrics are public: Your Community Standing tier, trust score, and trust accuracy percentage are visible on your profile.
  • Flag reasons are visible in moderation and appeal contexts, but the identity of individual flaggers is anonymized.
  • Appeal proceedings display the original content and anonymized voting reasons, but not the identities of individual voters.

6. Data Retention

We retain your data as follows:

  • Account data: Retained as long as your account is active. Deleted upon account deletion request.
  • User Content: Retained until you delete it or delete your account. Community posts that have been interacted with by others may be anonymized rather than fully deleted.
  • Voting records: Retained for the integrity of Community Standing calculations. Anonymized upon account deletion.
  • Log data: Retained for up to 90 days for security and diagnostic purposes.
  • Payment records: Retained as required by tax and financial regulations.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your account and associated personal data.
  • Data portability: Request an export of your data in a machine-readable format.
  • Opt-out of sale: We do not sell personal data. No opt-out is necessary.

To exercise any of these rights, contact us at privacy@schemaspace.co. We will respond within 30 days.

California Residents (CCPA)

Under the California Consumer Privacy Act (CCPA), California residents have additional rights regarding their personal information. We do not sell personal information as defined by the CCPA. You may request disclosure of the categories and specific pieces of personal information we have collected, and request deletion of your personal information. To make a request, contact privacy@schemaspace.co.

European Economic Area Residents (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for processing your personal data includes: your consent (account creation, optional profile information), contractual necessity (providing Platform services), and legitimate interests (security, fraud prevention, Platform improvement). You have the right to withdraw consent at any time, lodge a complaint with a supervisory authority, and request restriction of processing.

8. Data Security

We implement industry-standard security measures to protect your data, including encrypted connections (HTTPS/TLS), secure authentication through Supabase, row-level security on database tables, and secure payment processing through Stripe. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

9. Cookies & Local Storage

SchemaSpace uses essential cookies for authentication and session management. We use localStorage to store your theme preference and cookie consent status. We do not use advertising cookies or tracking pixels. No cookie data is shared with third parties.

Essential cookies are necessary for the Platform to function and cannot be disabled.

10. Data Export & Deletion

You can download a copy of all your data or permanently delete your account at any time from your Settings page. Upon account deletion, all personal data, posts, votes, and associated content will be permanently removed.

11. Content Safety

SchemaSpace prohibits content that promotes self-harm, suicide, or violence. Users can report concerning content using the in-platform flag system. SchemaSpace may remove content and suspend accounts that violate content safety policies.

12. Children's Privacy

The Platform is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected information from a child under 18, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@schemaspace.co.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or Platform notification at least 14 days before taking effect. The "Last updated" date at the top of this page reflects the most recent revision.

14. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at:

NorthSchema
Email: privacy@schemaspace.co
Website: schemaspace.co

By using SchemaSpace, you acknowledge that you have read and understood this Privacy Policy.