PrivacyPolicy

1. Introduction

Welcome to Redacting.ai ("Service"), operated by Lunera AS ("Company", "we", "us", or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our document redaction service.

We are committed to protecting your privacy. Given that our service handles sensitive documents, we have implemented strict data protection measures that go beyond industry standards.

2. Information We Collect

Account Information

When you create an account, we collect:

• Email address
• Name (if provided)
• Password (securely hashed, never stored in plain text)
• Authentication tokens from third-party login providers (Google, Microsoft) if used

Document Data

When you upload documents for redaction:

• We temporarily store your uploaded documents to perform the redaction service
• Documents are processed in isolated, secure environments
• We do not read, analyze, or access your document content for any purpose other than providing the redaction service
• Original and redacted documents are automatically deleted based on your plan retention period (7 days free, 30 days paid)

Usage Information

We automatically collect:

• Page counts and document metadata (file size, format)
• Processing timestamps and job status
• IP address and browser information for security purposes
• Feature usage patterns to improve our service

3. Third-Party Login Services

We offer authentication through Google and Microsoft accounts for your convenience. When you choose to sign in with these services:

• Google Sign-In: We receive your email address, name, and profile picture from Google. We do not receive or store your Google password.
• Microsoft Sign-In: We receive your email address and name from Microsoft. We do not receive or store your Microsoft password.

These third-party services have their own privacy policies, and we encourage you to review them. We only use the information received to create and manage your Redacting.ai account.

4. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the redaction service
• Process your documents and deliver redacted files
• Manage your account and subscription
• Send transactional emails (receipts, password resets, service updates)
• Respond to your inquiries and support requests
• Detect, prevent, and address technical issues or fraud
• Comply with legal obligations

5. AI Processing (Optional)

If you enable AI-based detection, portions of document content may be sent to our AI providers solely to identify sensitive information. We do not permit our providers to use your content to train their models. AI processing is used only to deliver the redaction service.

6. Legal Bases for Processing (EEA/UK)

When applicable, we process personal data on the following legal bases:

• Contract: To provide the Service you requested
• Legitimate Interests: To secure and improve our Service
• Legal Obligations: To comply with laws, tax, and accounting requirements
• Consent: For optional features or communications where required

7. Data Retention

8. Data Security

We implement robust security measures:

• Encryption: All data is encrypted using AES-256 at rest and TLS 1.3 in transit
• Isolation: Each document is processed in an isolated environment
• Access Control: Strict access controls limit who can access systems
• Monitoring: Continuous monitoring for security threats
• No Logging of Content: We never log the actual content of your documents

9. Data Sharing

We do not sell your personal information. We may share data only:

• With Service Providers: Third parties that help us operate our service (payment processing via Paddle, cloud infrastructure)
• For Legal Compliance: When required by law, court order, or governmental authority
• To Protect Rights: When necessary to protect our rights, safety, or property

10. Payment Processing

Payments are processed by Paddle, our Merchant of Record. When you subscribe to a paid plan:

• Paddle collects and processes your payment information directly
• We never see or store your full credit card number
• Paddle handles all billing, taxes, and compliance as the seller of record
• Paddle's privacy policy applies to payment data: paddle.com/legal/privacy

11. Your Rights

You have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your account and associated data
• Portability: Receive your data in a portable format
• Object: Object to certain processing of your data
• Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at [email protected].

12. Cookies and Tracking

We use minimal cookies:

• Essential Cookies: Required for authentication and security
• Analytics: Anonymous usage statistics to improve our service

We do not use advertising cookies or sell data to advertisers.

13. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us immediately.

14. International Data Transfers

We and our service providers may process data in the United States, the European Union, and other jurisdictions where we operate. If you access our service from outside these regions, your information may be transferred to and processed in these locations. We use appropriate safeguards for international transfers where required.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. For significant changes, we will also send an email notification.

16. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: [email protected]

Company: Lunera AS
Address: Sigurd Hoels Vei 8, 0655 Oslo, Norway
Organization Number: 936863590
D-U-N-S Number: 348347157