Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address
• Name (optional)
• Authentication data (via Clerk)
• Billing information (via Stripe, if you subscribe)

1.2 Usage Data

We collect anonymized, aggregate usage metrics:

• Number of documents processed (count only)
• File types used (e.g., "PDF", not content)
• Feature usage (e.g., "custom patterns enabled")
• Error reports (without document content)

1.3 What We Do NOT Collect

2. How Your Data is Processed

3. How We Use Information

We use collected information to:

• Provide and maintain the service
• Process payments and manage subscriptions
• Send service updates and security alerts
• Improve our detection patterns and accuracy
• Respond to support requests

4. Data Sharing

We share data only with:

• Clerk - Authentication services
• Stripe - Payment processing
• Vercel - Web hosting (control plane only)
• AI Providers - When you use AI features (OpenAI, Anthropic, Google via Vercel AI Gateway)
• Have I Been Pwned - When you use breach checking features

We never sell your data. We never share your original document contents—only redacted versions when you explicitly use AI features.

4.5 AI-Powered Features

When you use AI features, redacted content (not your original data) is transmitted to third-party AI providers:

AI Assistant

• What's sent: Your redacted text (e.g., "[EMAIL_1] sent a report to [NAME_2]")
• Where it goes: OpenAI, Anthropic, or Google (depending on model selection) via Vercel AI Gateway
• What's NOT sent: Your original sensitive data, redaction mappings, or raw documents

Email Breach Checker

• What's sent: Full email address
• Where it goes: Have I Been Pwned API
• Consent: Explicit consent required before first use

Password Breach Checker

• What's sent: First 5 characters of SHA-1 hash only (k-anonymity)
• Where it goes: Have I Been Pwned API
• Privacy protection: Your actual password is never transmitted

5. Data Retention

• Account data: Retained while your account is active
• Usage metrics: Anonymized and retained for 2 years
• Local redaction mappings: Stored on your device, you control deletion
• Billing records: Retained as required by law (typically 7 years)

6. Your Rights

You have the right to:

• Access your account data
• Correct inaccurate data
• Delete your account
• Export your data
• Opt out of marketing communications

To exercise these rights, email us at privacy@redactorr.com

7. Security

We implement industry-standard security measures:

• HTTPS encryption for all communications
• AES-256 encryption for local storage
• Egress guard to prevent data exfiltration
• Regular security audits
• Content Security Policy (CSP) headers

8. Cookies

We use essential cookies for:

• Authentication session management
• Security tokens

We do not use tracking cookies or third-party analytics that track individual users.

9. Children's Privacy

Redactorr is not intended for users under 16. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this policy. Significant changes will be communicated via email or in-app notification.

11. Contact Us

Questions about this policy? Contact us at: