Privacy Policy
Template — not yet reviewed by a lawyer. Replace bracketed fields and have this reviewed before publishing.
This Privacy Policy explains how ParseFlow ("we", "us", "our") collects, uses, and protects information when you use ParseFlow (the "Service").
1. Information we collect
- Account information — email address and password (handled by our authentication provider) when you sign up.
- Document content — the images/PDFs you send to our API for extraction, and the structured text/data we return.
- Usage data — number of pages processed, which features were used, and timestamps, for billing and service improvement.
- Billing information — handled by our payment processor, Razorpay; we do not store your card or bank details ourselves.
2. How we use your document content
Documents you submit are sent to a third-party AI vision model provider (e.g. Google Gemini, OpenAI, or another provider we configure — see [list your actual provider(s) here]) for the sole purpose of extracting text, form fields, and tables. We do not use your document content to train our own models. [State here whether/how long document content and extracted results are retained on our servers, and confirm your actual retention practice — this must match what your code and infrastructure actually do, not just what this template assumes.]
3. Third-party processors
We rely on the following categories of third-party services to operate ParseFlow:
- Vision/AI provider(s) — process document images to extract data. Gemini (Google) — ai.google.dev/privacy
- Database/infrastructure provider — Supabase, for account and usage data storage.
- Payment processor — Razorpay, for invoicing and payment collection.
- Hosting provider — Render (render.com).
Each of these providers has its own privacy policy governing how they handle data passed to them.
4. Data retention
Uploaded documents and extracted results are retained for 30 days for reprocessing purposes, after which they are permanently deleted. Usage logs are retained for 12 months for billing and analytics. Customers may request earlier deletion by contacting us.
5. Your rights
Depending on your location, you may have rights to access, correct, delete, or export your personal data, and to object to or restrict certain processing. To exercise these rights, contact us using the details on our Contact page.
6. Security
We use industry-standard measures to protect data in transit (HTTPS/TLS) and at rest, including hashed API keys and access-controlled databases. No system is completely secure, and we cannot guarantee absolute security of information you transmit to us.
7. Sensitive documents
Some documents processed through this Service (e.g. ID cards, health records, financial statements) may contain sensitive personal data. You are responsible for ensuring you have the right to submit such documents for processing, and for complying with any applicable law governing that data (e.g. health data regulations) in your use of the Service.
8. Children's privacy
This Service is not directed at children, and we do not knowingly collect personal data from children.
9. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated effective date.
10. Contact
Questions about this Privacy Policy can be sent via our Contact page or to [support email address].