Skip links

Privacy Policy

Welcome to Extract.Ai (“we,” “our,” or “us”). As stewards of your privacy, we’ve crafted this Privacy Policy to provide you with clarity on how we handle your personal information when you engage with our website. This document outlines the processes involved in the collection, utilization, disclosure, and protection of your personal data. By utilizing our website, you signify your acceptance of the terms and conditions set forth in this Privacy Policy. Your continued use of our website indicates your agreement with these terms. If you do not agree with any aspect of this Privacy Policy, we kindly ask that you refrain from accessing or utilizing our website. Your privacy and trust are of utmost importance to us, and we are committed to ensuring that your personal information is handled with care and in accordance with this Privacy Policy.
 
1. Personal Information Collection:
 
a) Personal Data: Several channels are used during the process of gathering personal data in order to guarantee authenticity and promote user engagement on the platform. First, users are required to identify with their Google account or personal email address and password during platform authentication. This requires them to provide vital personal information such name, preferred language, email address, and profile photo for identification. Furthermore, individuals can enhance their profile by providing additional information such as their phone number and name in the account section. In addition, the site has a contact form that users must fill out with their name and email address in order to initiate correspondence. When consumers use the chatbot feature on the site to request support, email addresses may be asked for offline questions, guaranteeing smooth giving assistance. It is important to note that submitted documents may contain personal data by default. This emphasizes the requirement of exercising caution and adhering to privacy protocols when transmitting and processing documents on the platform. Article 4 of the General Data Protection Regulation defines personal data, which includes the information that has been gathered (GDPR).   The platform prioritizes data security and privacy while attempting to collect relevant user information through these many routes.
 
b) Information We Generate When You Use Our Services: When you interact with our website, we actively gather particular data points to improve and optimize the services we provide in addition to your surfing experience. Standard web log data, which offers insights into your interactions with our platform, is included in this extensive information. This includes, but is not limited to, your IP address, which enables us to determine where you are in order to serve information that is specifically customized to you and comply with regulations. We also record information like the type of browser you are using, which helps us guarantee functioning and compatibility across different browser platforms. In addition, we examine your departure and referring pages to better understand how you navigate, which helps us refine the structure and design of our website to make it more user-friendly. Additionally recorded is the timestamp of your visit, which gives useful information about times of peak usage that enables us to enhance server performance for more seamless browsing. We constantly work to improve your online experiences with our platform by painstakingly collecting and evaluating these data points. This guarantees smooth navigation, customized content delivery, and general user pleasure.
 
2. Usage and Sharing:
The information provided by users, including their names and email addresses, serves solely for authentication purposes within our platform and is never shared with third parties. We uphold strict confidentiality measures to safeguard this sensitive data, ensuring its exclusive use for user identification and access control. Furthermore, any documents uploaded by users undergo processing by a select group of trusted API providers, including Microsoft Azure, Amazon AWS, OpenAI, Claude.ai, and Eden.ai. These reputable entities adhere to stringent data protection protocols, guaranteeing the secure handling and processing of uploaded documents while maintaining user privacy and confidentiality. Through these measures, we prioritize the protection of user data and maintain the highest standards of security and integrity across all platform operations.
 
3. User rights under GDPR
a) Subject Access Request (Article 15): This provision grants you the right to inquire about any personal data we are processing about you. This includes confirmation of whether we hold your data, a copy of your personal data, and details about how we use it, which should be outlined in our Privacy Policy. It empowers you to understand and verify the lawfulness of our data processing activities.
b) Right to Rectification (Article 16): You hold the right to request the correction of any inaccuracies or incompleteness in the personal data we possess about you. This ensures that the information we maintain is accurate and up-to-date, reflecting your true and current circumstances.
c) Right to Erasure (Article 17): Commonly referred to as the “right to be forgotten,” this right enables you to request the deletion or removal of your personal data when there is no compelling reason for its continued processing. This empowers you to have control over your personal information and its retention by data controllers.
d) Right to Restrict Processing (Article 18): You have the right to request the limitation or restriction of the processing of your personal data under certain circumstances. This might apply, for instance, if you contest the accuracy of your data or if the processing is unlawful, giving you more control over how your data is handled.
f) Right to Data Portability (Article 20): This right grants you the ability to obtain and reuse your personal data across different services in a commonly used and machine-readable format. It empowers you to move, copy, or transfer your data easily between different IT environments, enhancing your data control and mobility.
g) Right to Object (Article 21): You possess the right to object to the processing of your personal data, including profiling activities and direct marketing. This enables you to challenge the processing of your data for specific purposes, giving you the opportunity to have your interests and freedoms considered in the balance with data controllers’ interests.
h) Processing of Children Data: WE pledge to abide by the guidelines outlined in Article 8 of the General Data Protection Regulation (GDPR). As a result, we acknowledge that getting parental consent is crucial for processing a child’s personal information. The default age for parental consent under GDPR regulations is sixteen; member states, however, have the option to reduce this age to thirteen. As a result, before processing any personal data pertaining to children under the age of sixteen for whom our services are intended, we will take careful steps to get parental consent. Parents or legal guardians will be given explicit information about the nature of the data during this consent-seeking process, which will be carried out in an open and transparent manner.
 
4. How We Share Information
We may share your personal information in the following circumstances:
a) With Your Consent: Your privacy matters to us, and we respect your control over your personal information. If there’s a specific reason we need to share your information with someone else, we’ll always ask for your permission first. This means we’ll only share your information when you explicitly agree to it.
b) With Service Providers: To provide you with the best possible service, we sometimes need to work with other companies or individuals who help us operate our website, run our business, or assist in servicing you. These are our trusted service providers, and they may need access to your information to perform their duties effectively. Rest assured, we only share the information they need, and we make sure they’re committed to keeping your data safe and secure.
c) For Legal Purposes: While we prioritize your privacy, there are rare instances where we may be required by law to disclose your information. This could happen if we receive a subpoena, court order, or other governmental request that legally obligates us to share your information. In such cases, we’ll carefully review the request and only disclose your information if it’s necessary to comply with the law and protect our rights, your rights, or the rights of others.
 
5. Data Protection and Breach Handling:
We use strong encryption techniques to protect user data both in transit and in storage. Data is rendered unreadable via encryption, preventing unwanted parties from accessing it. This guarantees that private data is shielded from eavesdropping and unwanted access. In order to use the platform, users must authenticate themselves using personal accounts, such as Google account authentication or email and password. By limiting unwanted access and ensuring that only authorized users can access their accounts and the data they are associated with, this authentication procedure improves security. As part of our dedication to safeguarding the privacy of user data, we have put in place strict non-disclosure processes to prevent unauthorized disclosure or sharing of personal information with third parties. The privacy of user data is guaranteed by this commitment.c) Non-disclosure Commitment: To avoid unauthorized disclosure or sharing of personal information with third parties, we have put in place stringent non-disclosure procedures as part of our commitment to protecting the privacy of user data. This promise guarantees the privacy of user data and restricts access to only authorized individuals for appropriate purposes For data processing jobs, we collaborate with respectable API providers such as Microsoft Azure, Amazon AWS, OpenAI, Claude.ai, and Eden.ai. These providers adhere to data protection standards and employ advanced security measures to ensure the secure handling and processing of user data. By engaging with trusted API providers, we enhance the security and integrity of our data processing operations, minimizing the risk of data breaches. While we have implemented security measures to prevent data breaches, it is important to acknowledge that no system is completely immune to breaches. In the event of a data breach, we will promptly investigate the incident to assess the extent of the breach and identify affected users. We will then take immediate steps to mitigate the impact of the breach, such as notifying affected users and regulatory authorities as required by law. Additionally, we will implement measures to prevent similar breaches in the future, such as updating security protocols and enhancing monitoring systems. Our priority is to minimize the impact of data breaches on users and maintain transparency throughout the breach handling process.
 
6. Updates to the Cookie Policy and Privacy Policy:
a) Desire to Update rules without Notifying Users in Advance: We try to notify users of changes to our privacy rules, but sometimes revisions happen without anyone knowing. Usually, this is done to make sure that industry standards and changing regulatory requirements are met, or to improve user experience and data security protocols. You can be confident, though, that any modifications to our privacy policies will be reflected in the most recent version that is accessible on our website. Users are also urged to routinely examine these policies in order to remain aware about their rights and responsibilities.
b) Separate Cookie Policy Explaning Cookie Usage: We offer a separate cookie policy that describes in detail how cookies are used in addition to our privacy policy. We constantly work to improve your online experiences with our platform by painstakingly collecting and evaluating these data points. This guarantees smooth navigation, customized content delivery, and general user pleasure.
 
7. Right under CCPA:
Under the California Consumer Privacy Act (CCPA), users are afforded specific rights outlined within the legislation. These rights are derived from various sections of the CCPA:
• Right to Notice: Users are entitled to receive notifications regarding the collection of their personal information, as per CCPA sections 1798.100 and 1798.120.
• Right to Access: Users have the ability to request access to specific details about the personal information collected by a business. This includes categories of data, sources, purposes, and third-party disclosures, as stipulated in CCPA sections 1798.100, 1798.110, and 1798.115.
• Right to Opt-Out: Users possess the right to opt out of the sale of their personal information to third parties at any time, outlined in CCPA section 1798.120.
• Right to Request Deletion: Users can request the deletion of personal information collected from them, subject to certain exceptions detailed in CCPA section 1798.105.
• Right to Equal Services and Prices: Businesses are prohibited from discriminating against users based on their exercise of CCPA rights, as stated in CCPA section 1798.125.
• We’ll ensure compliance with CCPA section 1798.120 by obtaining parental consent for any form of data processing involving children under 13 years old.
Contact Information:
office@extracta.ai