Privacy Policy

1. Introduction

This Privacy Policy explains how Maciej Marek ("we", "us", "our"), operating as RedactRocket, collects, uses, and protects your personal information when you use our AI-powered document redaction service ("Service"). We are committed to protecting your privacy and handling your data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

2. Data Controller

The data controller responsible for your personal data is:
Maciej Marek
Operating as: RedactRocket
Contact: via the contact form on our website

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

• Email address
• Password (stored in encrypted form)
• Subscription and billing information

3.2 Document Data

When you use our redaction service:

• Documents are processed in memory and are not permanently stored on our servers
• Document content is transmitted to our AI processing services solely for the purpose of identifying text to redact
• After you download the redacted version or close the session, documents are immediately removed from our systems
• Our third-party AI providers may retain data temporarily in accordance with their data retention policies (see Section 8 for details)

3.3 Usage Data

We automatically collect certain information about how you use the Service:

• Pages visited and features used
• Browser type and version
• Device information
• IP address (anonymized where possible)
• Referral source

4. How We Use Your Information

We use your information to:

• Provide and maintain the Service
• Process your subscription and payments
• Communicate with you about your account and the Service
• Improve and optimize the Service
• Ensure security and prevent fraud
• Comply with legal obligations

5. Legal Basis for Processing (GDPR)

We process your personal data based on:

• Contract: Processing necessary to provide the Service you requested
• Legitimate interests: Improving our Service, ensuring security, and preventing fraud
• Legal obligation: When required by law
• Consent: For optional features like marketing communications (when applicable)

6. Data Sharing and Third Parties

We share your data with the following categories of service providers to operate our Service:

• AI processing providers: For document analysis and text recognition
• Cloud infrastructure providers: For hosting and data processing
• Payment processors: For subscription billing
• Analytics providers: For understanding usage patterns

All third-party providers are bound by data processing agreements and are required to protect your data in accordance with applicable laws.

We do not sell your personal data to third parties.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), unless stated otherwise in the context of a specific service or subscription plan. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or adequacy decisions.

8. Data Retention

We retain your data as follows:

• Account data: Until you delete your account, plus a reasonable period for backup and legal purposes
• Document data: Not retained on our servers; processed in memory only and discarded from our systems immediately after your session ends
• Usage data: Typically retained for up to 26 months for analytics purposes
• Billing records: As required by tax and accounting laws (typically 7 years)

Third-party providers: While we do not store your documents, our AI and cloud service providers may retain data in their systems for a limited period in accordance with their own data retention policies. This may include temporary storage in encrypted backups for up to 6 months. After this period, data is permanently deleted from their systems.

9. Your Rights

Under GDPR and applicable data protection laws, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Request limitation of processing
• Portability: Receive your data in a machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw consent: Where processing is based on consent

To exercise these rights, please contact us via the contact form.

10. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption in transit (HTTPS), secure authentication, and security reviews.

11. Cookies

We use essential cookies required for the Service to function. We may also use analytics cookies to understand how the Service is used. You can manage cookie preferences through your browser settings.

12. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time if allowed or required by law. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date.

14. Complaints

If you have concerns about how we handle your personal data, please contact us first. You also have the right to lodge a complaint with a supervisory authority, such as the Polish Data Protection Authority (UODO) if you are in Poland, or your local data protection authority.