Privacy Policy

1. Data Collection

In the context of using the DataScribe service, we collect the following data:

• Identification data: first name, last name, email address
• Billing data: billing address, payment information (processed by Stripe)
• Usage data: API usage logs, processing statistics
• Technical data: IP address, browser type, access date and time

2. Purpose of Processing

Your personal data is processed for the following purposes:

• Account creation and management
• Provision of OCR services
• Billing and payment processing
• Technical support
• Service improvement and analytics
• Communication about updates and new features

3. Legal Basis

The processing of your data is based on:

• Contract execution: for service provision and billing
• Legitimate interest: for service improvement and security
• Legal obligation: for accounting and tax requirements
• Consent: for marketing communications (optional)

4. Data Sharing

We may share your data with:

• Stripe: for secure payment processing
• Cloud providers: for hosting and infrastructure (AWS, Google Cloud)
• Analytics services: for usage statistics and service improvement
• Legal authorities: when required by law

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

5. Document Processing

Regarding documents you submit for OCR processing:

• Documents are processed in real-time and are not stored permanently
• Temporary copies may be kept for up to 24 hours for quality control
• All documents are automatically deleted after processing
• We use enterprise-grade encryption for all data in transit and at rest

6. Data Retention

We retain your data for the following periods:

• Account data: for the duration of your account plus 3 years
• Billing data: 7 years for accounting purposes
• Usage logs: 2 years for service improvement
• Support data: 3 years for reference

7. Your Rights

Under GDPR and other applicable laws, you have the right to:

• Access: request a copy of your personal data
• Rectification: correct inaccurate or incomplete data
• Erasure: request deletion of your data
• Portability: receive your data in a structured format
• Restriction: limit processing of your data
• Objection: object to processing based on legitimate interest
• Withdraw consent: for optional communications

To exercise these rights, contact us via our form

8. Security

We implement appropriate technical and organizational measures to protect your data:

• End-to-end encryption for data transmission
• Encrypted storage of all data at rest
• Regular security audits and penetration testing
• SOC 2 Type II compliance
• Access controls and employee training
• Incident response procedures

9. International Transfers

Your data may be transferred and processed in countries outside the European Economic Area (EEA). We ensure adequate protection through:

• European Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• Appropriate safeguards and certifications

10. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date below.