Privacy & Data Policy

1. What this policy covers

This policy explains what data we process, how document processing works, what we store and what we explicitly do not store, and how we handle accounts, authentication, and subscriptions.

2. In-memory document processing

Uploaded documents are processed entirely in memory within an isolated execution environment. Documents are never written to disk as part of normal processing.

• Documents are never stored on disk
• No document backups are created
• Documents exist only for the lifetime of the request

Once processing finishes and the result is returned to you, the in-memory data is released automatically. We cannot retrieve your document after processing.

3. Data retention

Privacy by design means we don't use, let alone store your documents. We process requests in memory only and only store the minimal data needed to run the service. Here's how we handle different types of data:

Documents

• Original files: never stored
• Processed output: returned to the user and immediately discarded
• Retention time: limited to the lifetime of the request (typically seconds)

Logs

We keep minimal technical logs for reliability and security. Logs may include timestamps, request identifiers, status codes, and performance metrics.

Logs never contain document contents, extracted text, filenames, redaction areas, or processed output.

Authentication tokens (JWT)

We use JSON Web Tokens (JWTs) for authentication and authorization.

• JWTs keep users authenticated between requests
• Tokens contain only the minimum information required to identify the user and their permissions (like user ID's, roles, permission ID's)
• JWTs do not contain document contents or document metadata
• Tokens are time-limited and expire automatically

4. Account & subscription data

We maintain a database for account-related functionality only, such as login, subscriptions, and access control.

This database may contain:

• User identifiers (for example email or user ID)
• Authentication references
• Subscription status and plan information
• Authorization and access control data

This database does not contain:

• Uploaded documents
• Documents contents
• Extracted texts
• Processed outputs

5. Payments (Mollie)

Payments are handled by Mollie. We share only the necessary information to process payments like user ID, email, and subscription details.

We do not store payment details, card information or any related information.

Payment details are processed by Mollie. We do not store card details on our servers. For more information,refer to Mollie's documentation and privacy information.

6. Third parties & subprocessors

Our service is hosted with Strato, and our domain is managed through Strato. Payments are processed by Mollie.

We do not share document contents with third parties. Documents are processed in memory and are not persisted to storage as part of normal operation.

7. Security measures

We apply appropriate technical and organizational measures to protect the service and the data we process.

These measures includes:

• Encrypted connections (TLS)
• Isolated processing environments
• Role-based and least-privilege access controls
• Regular security updates and maintenance

Security measures are designed to support our core principles of data minimization and confidentiality.

8. Your rights

Because we do not store documents, there is no document data to access, export, or delete after processing. For account and subscription data, you may request access, correction, or deletion where legally possible.

9. Contact

If you have questions about privacy or data handling, contact contact@dataedge.nl.