Privacy Policy
Privacy Policy – Extracta.ai
Last updated: October 2024
Introduction
Welcome to Extracta.ai, owned by FASTAPP DEVELOPMENT SRL. We respect your privacy and are committed to protecting your personal data. This Privacy Policy outlines the types of data we collect, how we process it, the legal bases for processing, the third-party service providers involved, and your rights under the General Data Protection Regulation (GDPR).
- Data Controller
FASTAPP DEVELOPMENT SRL is the controller of your personal data. You can contact us at office@extracta.ai for any data protection queries.
- Data We Collect
We collect the following data:
- Contact Information: Full name, company name, email address, phone number.
- Usage Data: Technical information such as IP address, browser type, pages visited, and timestamps (automatically collected).
- Payment Data: Processed via Stripe as per Stripe’s privacy policy; we do not store card details.
- Analytics: Google Analytics collects data on site usage through cookies.
- Registration Data: Email and password and/ or Google account details, if used to sign in (basic profile information, such as name and email), also processed by Google as per Google’s privacy policy.
- Social media or other online platforms interactions: Full name, account details (username, photo, bio, link), social media message content, reviews, ratings, location data).
- Contact form data: Full name, email address, message content.
- Legal Basis for Processing
We process your data under the following lawful bases:
- Legitimate Interest: We process your data to provide, improve, and secure our services, respond to inquiries, manage accounts, prevent fraud, send service-related communications and marketing communications (where legally applicable).
- Contract: To fulfill our obligations if you sign up for or purchase our services.
- Legal Obligation: For compliance with applicable laws, such as accounting or reporting requirements.
Where processing is based on consent (e.g., marketing), you may withdraw your consent at any time.
- How We Use Your Data
We use your personal data for the following purposes:
- To provide the services
- To facilitate registration and manage accounts.
- To process payments for services.
- To improve user experience and troubleshoot issues.
- To send important updates (e.g., security alerts, service notices).
- For marketing purposes (with your consent or based on our legitimate interests).
- To detect and prevent fraud or unauthorized activities.
- To comply with legal obligations.
- Our Role as a Data Processor
Our company, as the provider of the automated data extraction platform, acts solely as a data processor for our clients in accordance with the General Data Protection Regulation (GDPR). “Client” refers to the individual, entity, or organization that enters into an agreement with us, the service provider, to access and use the platform’s services, such as optical character recognition (OCR), data extraction, and other related functionalities.
In this capacity, all data and information provided through the documents uploaded on the platform are processed only on behalf of and according to the instructions of our clients (the data controllers). We do not use this data for any other purposes than those specified by the client.
Purpose and Processing Method
The personal data extracted from documents uploaded by clients is used solely to provide our automated extraction services and to deliver the extracted information in the requested format. We do not retain or use the data for other purposes. The data processing is performed automatically by our platform and is limited to what is necessary for the provision of the agreed services.
Client Instructions
As a data processor, we process client data strictly according to the instructions received from them. Any action related to data processing (such as storage, organization, modification, or deletion) is carried out in accordance with our contractual agreements and the client’s requirements. In the absence of specific instructions, we comply with applicable data protection laws.
Client Responsibility
As the data controller, the client is responsible for ensuring the compliance of the personal data processing that they provide to us. They must inform the data subjects and obtain consent, if necessary, for the processing of the data within our platform.
- Data Transfers to Third Parties
We do not transfer personal data to third parties unless it is necessary to fulfill our obligations to the client (e.g., using infrastructure service providers) or if we are required by law. All our third parties involved in data processing are contracted as sub-processors and comply with the same data protection obligations under GDPR. The third-party services we use process personal data to perform their functions but cannot use it for other purposes. The data will be handled according to their privacy policies.
- OCR Service Providers:
- Azure via the Azure AI Document Intelligence API. (Privacy Policy)
- Amazon via the Amazon Textract API. (Data Protection for Amazon Textract; Security for Amazon Textract)
- Data Extraction Service Providers:
- OpenAI via the OpenAI API for document processing and data extraction. (Policies; Privacy Policy)
- Azure via the Azure OpenAI service for document processing and data extraction. (Privacy Policy)
- OpenRouter via Anthropic’s Claude 3.5 Sonnet for document processing and data extraction. (Privacy Policy)
- Cloud and Storage Providers:
- Skystark: Provides servers for running large language models (LLMs) in case of applications that require them. (Privacy Policy)
- Hetzner: Provides cloud services for the main server that processes extractions, interacts with the interface, the database, and other APIs. (Privacy Policy)
- Firebase Realtime Database: Used for storing customer and extraction-related data. (Privacy Policy)
- Firebase Storage: Used for storing files uploaded to the platform. (Privacy Policy)
- Firebase Authentication: Used for securely managing and authenticating user identities on the platform. (Privacy Policy)
Data Processed by Social Media Plugins: Please note that third parties may collect data about you through the social media plugins integrated into our site, such as the “Like” and “Share” buttons, even if you do not click on them or are not a member of those social networks. Our organization is not involved in the data processing by these platforms, apart from the automatic collection and transmission, which occur without our access or control. For more information, please review the privacy policies of the social media platforms (Discord, LinkedIn).
- Data Retention
We retain your personal data for as long as necessary to fulfill the purposes for which it was collected or as required by law. If you close your account, your data will be deleted unless required for legal reasons.
The data contained in the documents you process through our platform will be retained only for the time necessary to provide the services. After the processing is completed or at your request, the data will be deleted.
- Data Security
Our company implements appropriate technical and organizational measures to ensure the security of the personal data we process. These measures include, but are not limited to, encryption technologies, access control, and protection against unauthorized access, loss, or disclosure of data. We ensure that all employees and partners who have access to this data strictly adhere to confidentiality and the legal obligations imposed by GDPR.
- Marketing and remarketing
We may use your personal data for marketing and remarketing activities to inform you about our services, events, or relevant topics. This may include sending emails, SMS, calls, push notifications, and displaying personalized recommendations.
When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email or online profiles. We (or service providers on our behalf) may then send communications and marketing to these emails or profiles. You may opt out of receiving this advertising by visiting https://app.retention.com/optout.
You can withdraw your consent for marketing at any time by using the unsubscribe link in our messages or emailing office@extracta.ai.
For remarketing, you can opt out via:
– Google: https://support.google.com/ads/answer/2662922?hl=en
– Facebook: https://www.facebook.com/settings/?tab=ads
– Managing cookie preferences on our website.
We may rely on legitimate interest for marketing in some cases, ensuring your rights are protected. You can request to stop data processing for marketing purposes at any time.
We may also use your data for important communications related to our website, policies, or contracts, which are not considered direct marketing but essential for managing our relationship with you. We may repost content related to our company or events that you have shared.
- Profiling and Automated Decision-Making
We may use profiling to enhance remarketing campaigns by analyzing your website behavior to personalize your experience. This process respects your rights and does not produce legal or significant effects on you. If you wish to opt out of remarketing, you can do so as outlined in Paragraph 9.
- Data Breaches
In the event of a data breach that may affect your privacy, we will notify you and the relevant supervisory authority in accordance with GDPR.
- International Data Transfers
To conduct our business or for the processing purposes listed here, especially when a foreign element is involved, we may need to transfer your personal data outside the European Economic Area. Before doing so, we will ensure that either an adequacy decision is in place or that the operator or processor in that jurisdiction provides appropriate safeguards.
- Children’s Privacy
We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child, please contact us, and we will delete the information.
- Your Rights
As a data subject under GDPR, you have the following rights:
- Access: You can request a copy of your personal data that we hold to understand how and why it’s being used, ensuring it’s processed lawfully.
- Rectification: If your data is inaccurate or incomplete, you can request that we update it to ensure its accuracy for processing purposes.
- Erasure: You can ask us to delete your data in specific circumstances, such as when it’s no longer needed or if you withdraw consent. However, we may need to retain some data due to legal obligations.
- Restriction: You can request that we limit the use of your data in certain situations, such as when you dispute its accuracy or if it was processed unlawfully. We’ll continue to store it but won’t use it until the issue is resolved.
- Objection: You can object to our processing of your data if it’s based on legitimate interests. We will stop processing unless we can demonstrate a strong legal basis that overrides your rights.
- Portability: You can request that your data be provided in a structured, machine-readable format, allowing you to transfer it to another service provider. This applies when processing is based on consent or a contract and is automated.
To exercise any of these rights, contact us at office@extracta.ai. We will respond within 30 days.
- Data Subject Rights
Our clients, as data controllers, are responsible for handling requests regarding data subject rights under GDPR (rights of access, rectification, erasure, restriction, portability, and objection). If we receive such requests, we will promptly forward them to the client to be handled in accordance with their legal obligations.
- Changes to the Privacy Policy
We may update this policy from time to time. Any changes will be posted on our website, and significant changes will be communicated via email.
- Contact Us
For questions or concerns regarding this Privacy Policy, please contact us at:
FASTAPP DEVELOPMENT SRL
Email: office@extracta.ai