Privacy Policy

Redacto ("we," "us," or "our") is a document redaction service that values your privacy and is committed to protecting your information. This Privacy Policy describes how we handle information when you use our website, application, and API services.

By using our API and services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use our Services.

1. Information We Collect

• Account Information: When you register, we collect your email address and the basic account and billing details needed to provide the Services.
• Documents and Content You Submit: To perform redaction, we process the documents you upload and the text and data extracted from them. These documents and their derived content are stored securely and encrypted within our United States-based infrastructure so that we can deliver, review, and return your redacted results. We retain them only as long as needed to provide the Services, and we delete them on request (see "Data Security and Retention" below). We do not use the contents of your documents to train, fine-tune, or improve any AI model.
• Automatically Collected Information: When you use our service, we collect basic usage information through cookies and similar technologies to operate and improve service quality. This may include your IP address and API usage patterns.

2. How We Use Your Information

We use the information we collect to:

• Provide and maintain our document redaction service,
• Process your API requests and deliver redacted documents,
• Communicate with you about our Services, including updates and support,
• Operate, maintain, and improve the quality and reliability of our Services,
• Comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information, and we do not use the contents of your documents to train, fine-tune, or improve any artificial intelligence model.

3. Sharing of Information

• With Service Providers and Subprocessors: We share information with the cloud infrastructure, hosting, and email providers that operate our Services, and we transmit document content to enterprise AI and optical-character-recognition providers solely to perform redaction. Our primary AI subprocessors operate under enterprise agreements that prohibit retaining your content beyond the processing request or using it to train any model; any optional providers are identified in our subprocessor list and can be excluded on request. A current list of subprocessors is available on request.
• Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request.

4. Cookies and Tracking Technologies

We use cookies and similar technologies, including the privacy-focused product analytics platform PostHog, to understand traffic and usage and to improve our service. You can manage your cookie preferences in your browser settings, but please note that disabling cookies may affect the functionality of our service.

5. Data Security and Retention

We implement industry-standard security measures to protect your information from unauthorized access, use, and disclosure, including encryption in transit (TLS 1.2+) and at rest (AES-256), access controls and tenant isolation, and hosting with reputable United States-based cloud providers. Redacto's security program is built to SOC 2 standards; additional detail is available in our Security and Compliance Overview on request. No internet transmission or electronic storage method is completely secure, however, and we cannot guarantee absolute security.

We retain the documents you submit and their derived content for as long as needed to provide the Services and in accordance with any retention period agreed with you. You may delete your documents at any time, and we will permanently delete them and their derived content on request or upon termination of your account, subject to limited legal retention obligations.

6. Your Rights and Choices

• Access and Correction: You may access, correct, or update your personal information by logging into your account or contacting us directly.
• Deletion: You may request that we delete your personal information, subject to certain legal requirements.
• Opt-Out: You may opt out of receiving promotional communications from us by following the unsubscribe instructions in those communications or contacting us directly.

7. Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these third-party sites, and we encourage you to review their privacy policies.

8. Data Location and International Users

Redacto stores and processes data in the United States. If you access the Services from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction, and you consent to that processing.

9. Children's Privacy

Our Services are not directed at children under 13, and we do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last Updated" date. Your continued use of our Services after such changes constitutes acceptance of the new Privacy Policy.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at security@getredacto.com.