True RedactTrue Redact

Privacy Policy

Last updated: July 19, 2025

1. Information We Collect

Account Information

When you create an account, we collect your email address and Google account information through OAuth authentication.

Document Processing

We temporarily process PDF documents you upload to detect and redact personally identifiable information (PII). Documents are processed in memory and are not permanently stored on our servers.

Usage Data

We track usage metrics including the number of pages processed to enforce subscription limits and improve our service.

2. How We Use Your Information

  • • Provide and maintain the document redaction service
  • • Process payments and manage subscriptions
  • • Authenticate and secure your account
  • • Enforce usage limits and subscription terms
  • • Communicate with you about service updates
  • • Improve and optimize our service

3. Data Processing and Storage

Ephemeral Processing

PDF documents are processed temporarily in memory and are automatically deleted after processing. We do not store your original documents or the redacted versions.

Third-Party Services

We use trusted third-party services: Supabase for database management, OpenAI for PII detection, Google Cloud Vision for OCR, and Stripe for payment processing. All services are SOC 2 compliant.

4. Data Sharing and Disclosure

We do not sell, rent, or share your personal information except:

  • • With service providers necessary for operation (Supabase, OpenAI, Google Cloud, Stripe)
  • • When required by law or to protect our rights
  • • In case of business transfer or merger
  • • With your explicit consent

5. Your Rights

GDPR Rights (EU Users)

  • • Access your personal data
  • • Correct inaccurate data
  • • Delete your account and data
  • • Export your data
  • • Object to processing
  • • Withdraw consent

How to Exercise Rights

You can manage your account settings, export data, or delete your account through your account page. For other requests, contact us at contact@trueredact.com.

6. Security

We implement appropriate technical and organizational measures to protect your data:

  • • Encryption in transit and at rest
  • • OAuth authentication
  • • Row-level security in database
  • • Regular security updates
  • • Limited access controls

7. Data Retention

  • • Account data: Retained until account deletion
  • • Usage data: Retained for billing and analytics purposes
  • • Uploaded documents: Immediately deleted after processing
  • • Payment data: Managed by Stripe per their retention policy

8. International Transfers

Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

10. Contact Us

If you have questions about this privacy policy or our data practices, contact us at:

Email: contact@trueredact.com

Address: [Your Business Address]

← Back to Home