Privacy Policy

Last updated: May 24, 2026

1. Introduction

This Privacy Policy explains how Maciej Marek ("we", "us", "our"), operating as RedactRocket, collects, uses, and protects your personal information when you use our AI-powered document redaction service ("Service"). We are committed to protecting your privacy and handling your data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

2. Data Controller

The data controller responsible for your personal data is:
Maciej Marek
Operating as: RedactRocket
Contact: via the contact form on our website

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

  • Email address
  • Password (stored in encrypted form)
  • Subscription and billing information

3.2 Document Data

When you use our redaction service:

  • Uploaded PDFs and redacted PDFs are processed transiently and are not stored by RedactRocket
  • Document content and redaction instructions are processed only to provide the redaction workflow and are not stored by RedactRocket
  • Document content may be transmitted to OCR and AI processing providers solely to provide the Service
  • Our AI provider path is configured so customer document content is not used for model training or provider human review
  • We do not store original file names in our server-side processing logs

3.3 Usage and Operational Data

We automatically collect limited information about how you use the Service:

  • Pages visited and features used
  • Browser type and version
  • Device information
  • IP address
  • Referral source
  • Limited document-processing metadata, such as page count, file size, processing time, operation status, and diagnostics needed to maintain the Service

4. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Process your subscription and payments
  • Communicate with you about your account and the Service
  • Improve and optimize the Service
  • Ensure security and prevent fraud
  • Comply with legal obligations

5. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract: Processing necessary to provide the Service you requested
  • Legitimate interests: Improving our Service, ensuring security, and preventing fraud
  • Legal obligation: When required by law
  • Consent: For optional features like marketing communications (when applicable)

6. Data Sharing and Third Parties

We share your data with the following categories of service providers to operate our Service:

  • AI and OCR processing providers: For document analysis and text recognition
  • Cloud infrastructure providers: For hosting and data processing
  • Payment processors: For subscription billing
  • Analytics providers: For understanding usage patterns

All third-party providers are bound by data processing agreements and are required to protect your data in accordance with applicable laws.

We do not sell your personal data to third parties.

7. International Data Transfers

Your document content is processed on secure enterprise cloud infrastructure, which may involve transfers outside the European Economic Area (EEA). EU- or US-based processing can be discussed for customers with data residency requirements. For ancillary services such as payment processing and analytics, data may also be transferred outside the EEA. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or adequacy decisions.

8. Data Retention

We retain your data as follows:

  • Account data: Until you delete your account, plus a reasonable period for backup and legal purposes
  • Document content: Uploaded and redacted document content is processed transiently and not stored by RedactRocket
  • Document-processing operational metadata: Typically retained for up to 60 days for reliability, billing, abuse prevention, and service monitoring
  • Website analytics and marketing data: Retained according to the relevant provider settings and your cookie choices
  • Billing records: As required by tax and accounting laws (typically 7 years)

Third-party providers: We configure our AI processing path so customer document content is not retained for model training or provider review. Infrastructure, payment, analytics, and hosting providers may process limited account, billing, technical, or request metadata according to their roles and applicable data processing terms.

9. Your Rights

Under GDPR and applicable data protection laws, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request limitation of processing
  • Portability: Receive your data in a machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent

To exercise these rights, please contact us via the contact form.

10. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption in transit (HTTPS), secure authentication, and security reviews.

11. Cookies

We use essential cookies required for the Service to function. We may also use analytics cookies to understand how the Service is used. You can manage cookie preferences through your browser settings.

12. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time if allowed or required by law. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date.

14. Complaints

If you have concerns about how we handle your personal data, please contact us first. You also have the right to lodge a complaint with a supervisory authority, such as the Polish Data Protection Authority (UODO) if you are in Poland, or your local data protection authority.

15. Contact

For any questions about this Privacy Policy or our data practices, please contact us through the contact form on our website.