Privacy Policy

Account Information, which includes:

• Your name, email address, and contact details;
• Encrypted password;
• Billing and payment information, including payment card details.

Usage Data, which includes:

• Information about how you access and use our Platform;
• Features and services you use and your interactions with our Platform;
• Content you upload, create, modify, or share through our Services;
• Search queries and commands you enter;
• Time, frequency, and duration of your activities on our Platform.

Technical Data, which includes anonymous, aggregate information collected through privacy-friendly, cookieless analytics:

• Aggregate page view and visitor statistics (not tied to individual users);
• Referring websites and general geographic regions;
• Browser and device type information (collected in aggregate, without unique identifiers);
• Server-side access logs from our hosting provider.

Communication Records, which includes:

• Records of your communications with us, including support requests and feedback;
• Survey responses and feedback you provide;
• Marketing communications preferences;
• Records of your participation in events, webinars, or training sessions.

Direct Collection: We collect Personal Data directly from you when you:

• Create an account or register for our Services;
• Use our Platform or Services;
• Contact us through email, support tickets, or other communication channels;
• Subscribe to newsletters or marketing communications;
• Participate in surveys, feedback requests, or other research activities;
• Attend webinars, events, or training sessions we organize.

Automated Collection: We automatically collect certain Personal Data when you access or use our Platform through:

• Privacy-friendly, cookieless analytics tools that collect only anonymous aggregate data;
• Server logs that record Technical Data about your interactions with our Platform;
• Analytics tools that monitor usage patterns and Platform performance;
• Security monitoring systems that detect and prevent unauthorized access.

Third-Party Sources: We may collect Personal Data about you from third-party sources, including:

• Business partners or resellers who refer you to our Services;
• Public databases and directories where information is lawfully available;
• Social media platforms when you interact with our content or use social login features;
• Payment processors and billing providers necessary for transaction processing.

We process your Personal Data only where we have a lawful basis to do so under Data Protection Laws. The lawful bases we rely on include:

• Consent: Where you have given clear consent for us to process your Personal Data for specific purposes.
• Contract: Where processing is necessary for the performance of our contract with you or to take steps at your request prior to entering into a contract.
• Legal obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.
• Legitimate interests: Where processing is necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests.
• Vital interests: Where processing is necessary to protect your vital interests or those of another natural person.
• Public task: Where processing is necessary for the performance of a task carried out in the public interest.

Where we rely on legitimate interests as our lawful basis, we have conducted a legitimate interests assessment (LIA) to ensure that our interests do not override your fundamental rights and freedoms. In each case, we have identified our legitimate interest, assessed whether processing is necessary to achieve it, and balanced our interests against the potential impact on you. Our legitimate interests include:

• Providing, maintaining, and improving our Services. Specifically, this includes: (i) ensuring the technical functionality and availability of our Platform; (ii) fixing bugs and resolving technical issues reported by users; (iii) developing and testing new features based on user feedback and usage patterns; and (iv) optimising Platform performance and user experience. We have assessed that this processing is necessary to fulfil our core business purpose and deliver value to our users. The balancing test outcome is that processing is proportionate because: the data used is limited to service delivery requirements; users reasonably expect us to maintain and improve the services they pay for; and processing has minimal privacy impact as we do not use personal data for purposes unrelated to service delivery.
• Ensuring the security and integrity of our Platform. Specifically, this includes: (i) monitoring for and preventing unauthorised access attempts; (ii) detecting and responding to security incidents and vulnerabilities; (iii) implementing and maintaining security controls such as encryption and access management; and (iv) conducting security audits and assessments. We have assessed that this processing is necessary to protect both our systems and our users from security threats. The balancing test outcome is that processing is proportionate because: security processing directly benefits users by protecting their data and accounts; the potential harm from security breaches significantly outweighs any privacy impact; we limit security monitoring to what is necessary and do not use security data for unrelated purposes; and users reasonably expect us to take measures to protect their information.
• Conducting analytics to understand how our Services are used. Specifically, this includes: (i) analysing aggregate usage patterns to identify popular features and areas for improvement; (ii) understanding user journeys to optimise Platform navigation and usability; (iii) measuring Platform performance and identifying technical bottlenecks; and (iv) generating anonymised reports on service usage trends. We have assessed that this processing is necessary to make informed decisions about Platform development. The balancing test outcome is that processing is proportionate because: we use privacy-friendly, cookieless analytics (Plausible Analytics) that collect only anonymous aggregate data; no individual users are tracked or identified; the analytics cannot be linked back to specific individuals; and the minimal data collected poses negligible privacy risk while enabling us to improve the service for all users.
• Communicating with you about our Services and responding to your inquiries. We have a legitimate interest in maintaining effective communication with our users. This processing is limited to communications you would reasonably expect and you can opt out of non-essential communications at any time.
• Preventing fraud and maintaining the safety of our users. We have a legitimate interest in protecting our business and users from fraudulent activity. This processing is necessary and proportionate given the potential harm that fraud could cause to both us and our users.
• Complying with regulatory requirements and industry standards. We have a legitimate interest in meeting our regulatory and compliance obligations. This processing is necessary to operate lawfully and maintains trust in our Services.

Service Provision and Platform Operations

• To provide, operate, and maintain our SaaS platform and deliver the Services to you.
• To process your transactions and manage billing, payments, and subscription services.
• To authenticate your identity and manage your access to the Platform.
• To enable the core functionality of our Services as described in our Terms of Service.

Account Management

• To create, maintain, and administer your user account.
• To verify your identity and eligibility to use our Services.
• To manage your account settings, preferences, and subscription details.
• To process account-related requests, including password resets and account modifications.

Communication

• To send you service-related communications, including account notifications, security alerts, and system updates.
• To respond to your inquiries, support requests, and feedback.
• To send marketing communications, product updates, and announcements where you have provided your explicit consent. This includes communications sent to waitlist subscribers and newsletter subscribers. We rely on consent (not legitimate interests) as the lawful basis for all direct marketing communications. Your consent is obtained through a clear affirmative action, such as ticking an unchecked opt-in box or actively submitting your email address through a signup form. Before obtaining your consent, we inform you of the types of communications you will receive and the identity of the data controller. We maintain timestamped records of your consent, including when and how it was given, the information provided to you at the time, and the specific purposes for which consent was obtained. You can withdraw your consent at any time by: (i) clicking the unsubscribe link in any marketing email; (ii) updating your communication preferences in your account settings; or (iii) contacting us at inbox@redactr.io. Upon receiving your withdrawal request, we will stop sending you marketing communications within 48 hours and update our records accordingly. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
• To notify you of changes to our Services, Terms of Service, or this Privacy Policy.

Redaction Suggestions and Document Processing

Our Platform provides two types of redaction suggestions to help you identify sensitive data in your documents:

Standard suggestions: These are processed entirely on Redactr's own infrastructure using a combination of pattern matching (regular expressions), natural language processing (NLP), and machine learning-based named entity recognition to identify common sensitive data types (such as names, addresses, dates, and identification numbers). The NLP component uses statistical models to analyse text context and improve detection accuracy. Document content is processed in real-time and is not retained or logged after processing is complete.

Agentic suggestions: These are powered by large language model (LLM) AI technology hosted on AWS Bedrock. The AI analyses the text content of your documents to identify potentially sensitive information that may require redaction, such as personal names, addresses, financial information, and other personally identifiable information. When you use agentic suggestions, only the content of your documents is sent to AWS Bedrock for processing. No metadata, filenames, creator information, or other identifying data is transmitted. AWS Bedrock does not store or log prompts and completions, and does not use customer data to train any models. Document content is processed in real-time and is not retained after processing. Important: The AI provides suggestions only—you retain full control over which redactions to apply. No automated decisions are made on your behalf, and you must actively review and confirm any suggested redactions before they are applied to your documents.

For both types of redaction suggestions, we do not retain or log any sensitive data from your documents, including document content or metadata. For documents uploaded directly to our Platform, we do not retain or log filenames. All directly uploaded documents are processed entirely in-memory and are not stored in our persistent storage systems. The redaction suggestions are generated in real-time and no document content is stored by Redactr or AWS Bedrock after processing is complete. We implement the following safeguards for AI-assisted processing: (i) encryption of all data in transit using TLS 1.2 or higher; (ii) processing occurs in isolated, secure environments with no persistent storage; (iii) strict access controls limiting access to AI processing systems to authorised personnel only; (iv) contractual commitments from AWS prohibiting the use of customer data for model training; (v) regular security assessments and monitoring of our AI processing pipeline; and (vi) human oversight is maintained at all times—the AI provides suggestions only, and you make the final decision on all redactions.

We maintain operational logs for service delivery and security purposes, but these logs do not contain sensitive document data such as document content or metadata. For documents uploaded directly to our Platform, our logs do not contain filenames. When you process a document, you receive a unique document identifier. The only way to correlate a log entry to a specific document is by matching this identifier with the original filename, which only you possess. This identifier is not linked to any document content, metadata, or user account information in our systems.

Suggestion Result Caching: To improve performance and reduce redundant processing, we cache redaction suggestion results (such as annotation coordinates and redaction box positions) for a period of 24 hours. This cache is keyed by a cryptographic hash (SHA-256) of the document bytes. Importantly, the cache contains only suggestion metadata (coordinates and positions)—not the actual document content, text, filenames, or any sensitive data extracted from your documents. The hash itself does not reveal any document content, though it could theoretically be used to confirm whether a specific document was processed through our system during the cache retention period. After 24 hours, cached suggestion results are automatically deleted.

Verification Tool

• Our Platform includes a verification tool (accessible at /verify) that allows you to process files for verification purposes.
• The verification tool processes files entirely within your browser. No file data, content, or metadata is uploaded to our servers or any third-party servers.
• Because all processing occurs locally on your device, we do not collect, access, store, or have visibility into any files you process using the verification tool.
• The only data collected in connection with the verification tool is anonymous usage metrics via Plausible Analytics, such as page views and general usage statistics. These metrics cannot identify you or be linked to any files you process.

Customer Cloud Storage Integration (Bring Your Own Storage)

• Our Platform offers a "Bring Your Own Storage" (BYOS) feature that allows you to connect your own third-party cloud storage accounts (such as AWS S3, Google Cloud Storage, or Microsoft Azure Blob Storage) to our Platform, enabling us to read and write files directly from your storage.
• Credential Collection and Storage: To enable this feature, you provide us with API keys, access tokens, or other authentication credentials for your cloud storage accounts. We collect these credentials solely for the purpose of accessing your cloud storage on your behalf. Your credentials are encrypted using industry-standard encryption (AES-256) both in transit and at rest, and are stored securely on our infrastructure with strict access controls limiting access to authorised systems and personnel only.
• Scope of Access: We access your cloud storage solely for the purposes of: (i) reading files that you direct us to process through our Services; and (ii) writing processed files back to your storage as instructed by you. We do not access, browse, index, or copy files beyond what is necessary to fulfil your specific processing requests.
• File Processing: Files accessed from your cloud storage are processed in the same manner as directly uploaded files, as described in Section 6.5. All processing occurs entirely in-memory with zero data retention. We do not store file content or document metadata in our persistent storage systems, except for the storage path retained for operational purposes as described in Section 6.7(k). The same safeguards for AI-assisted processing, secure logging, and data protection apply to files accessed via BYOS.
• Data Location and Responsibility: Files accessed through BYOS remain stored in your own cloud storage account and in the geographic region(s) you have configured with your cloud storage provider. You remain the data controller for all files stored in your cloud storage, and you are responsible for: (i) ensuring your cloud storage account is configured securely and in compliance with applicable laws; (ii) the lawfulness of any personal data contained within files you direct us to process; (iii) maintaining appropriate access controls and security settings on your cloud storage account; and (iv) any data protection obligations arising from your choice of cloud storage provider and storage location.
• Legal Basis: We process your cloud storage credentials and access your files based on contract performance (processing is necessary to provide the BYOS feature you have requested) and your consent (provided through the affirmative action of connecting your storage account and providing credentials).
• Credential Management and Revocation: You may update or revoke your cloud storage credentials at any time through your account settings or by contacting us at inbox@redactr.io. Upon revocation, we will delete your stored credentials from our systems within 48 hours. You may also revoke access by regenerating or invalidating your API keys directly through your cloud storage provider, which will immediately prevent our Platform from accessing your storage.
• Credential Retention: We retain your cloud storage credentials only for as long as the BYOS feature remains active on your account. Upon account closure or termination of the BYOS feature, your credentials will be securely deleted within 30 days.
• Recommended Access Permissions: You are strongly advised to configure your cloud storage API keys with the minimum permissions necessary for the BYOS feature to function. Specifically, we recommend: (i) granting read and write access only to a specific directory, bucket, or storage location designated for use with our Platform, rather than your entire storage account; (ii) not granting permissions to delete files, directories, or storage containers; (iii) not granting permissions to modify access controls, policies, or account settings; and (iv) regularly rotating your API keys in accordance with your organisation's security policies. Providing credentials with excessive permissions increases your security risk and potential exposure in the event of a security incident.
• Limitation of Liability: We shall not be liable for any loss, damage, or unauthorised access arising from: (i) your failure to configure appropriate access permissions on your cloud storage credentials as recommended above; (ii) your provision of credentials with broader access than necessary for the BYOS feature; (iii) security incidents or breaches affecting your cloud storage account that are outside our reasonable control; (iv) any actions taken by your cloud storage provider; (v) your failure to promptly revoke or update credentials when required; or (vi) any misconfiguration of your cloud storage account or its security settings. You acknowledge that you are solely responsible for the security of your cloud storage account and for ensuring that the credentials you provide to us are appropriately scoped and secured.
• Storage Path Retention: For jobs processed via cloud storage connectors (BYOS), we retain the storage path you provide in your API request for operational purposes, including file retrieval, result delivery, and job status reporting. This path is not linked to document content and is subject to the same retention and deletion policies as other Usage Data (see Section 14).

Analytics and Service Improvement

• To analyze how users interact with our Platform to improve our Services and user experience.
• To conduct research and analytics to develop new features and enhance existing functionality.
• To generate anonymized or pseudonymized statistics and reports about Platform usage.
• To monitor and analyze trends, usage patterns, and performance metrics.

Security and Fraud Prevention

• To protect the security and integrity of our Platform and Services.
• To detect, prevent, and investigate fraud, abuse, security incidents, and other harmful activities.
• To monitor compliance with our Terms of Service and other policies.
• To maintain audit trails and logs for security and compliance purposes.

Legal Compliance

• To comply with applicable laws, regulations, and legal obligations.
• To respond to lawful requests from government authorities, courts, or law enforcement agencies.
• To establish, exercise, or defend legal claims and protect our rights and interests.

Business Operations

• To manage our business operations, including customer relationship management and business analytics.
• To conduct due diligence in connection with potential business transactions.
• To maintain records required for business and regulatory purposes.

Service Providers and Processors

We share your Personal Data with the following trusted third-party service providers who assist us in operating our Platform and delivering our Services: Buttondown (email newsletter and subscriber management for waitlist signups); Plausible Analytics (privacy-friendly, cookieless website analytics); Static.app (website hosting with server-side analytics); AWS Bedrock (AI infrastructure for agentic redaction suggestions, as further described in Section 6.5); and Stripe (payment processing). We may also use other providers including cloud hosting providers and customer support tools. We maintain ongoing oversight of all processors through regular compliance reviews conducted at least annually, continuous monitoring of processor performance against contractual obligations, and documented assessment of any material changes to processor services or sub-processors.

All such service providers are engaged as data processors under written data processing agreements that comply with Article 28 of the UK GDPR. These agreements include the mandatory clauses required by Article 28, including obligations to: process personal data only on our documented instructions; ensure that personnel processing the data are subject to confidentiality obligations; implement appropriate technical and organisational security measures; obtain our prior written authorisation before engaging sub-processors and ensure equivalent contractual protections are imposed on any sub-processors; assist us in responding to data subject rights requests and in meeting our obligations under Articles 32 to 36 of the UK GDPR; delete or return all personal data at the end of the service relationship; and make available all information necessary to demonstrate compliance and allow for audits. Our agreements include comprehensive audit rights that permit us to conduct or commission audits of processor compliance, including the right to: request and review processor security certifications, audit reports (such as SOC 2 reports), and compliance documentation; conduct on-site or remote audits with reasonable notice; and require processors to promptly remediate any identified deficiencies. We exercise these audit rights on a risk-based approach, with higher-risk processors subject to more frequent review.

Before engaging any new data processor, we conduct due diligence to assess their ability to provide sufficient guarantees regarding their technical and organisational measures, their compliance with Data Protection Laws, and their track record in data protection. We maintain a register of all processors we engage and regularly review their compliance with our data processing agreements. Our processor oversight programme includes the following ongoing monitoring procedures: (i) annual compliance reviews assessing each processor's adherence to contractual and regulatory requirements; (ii) review of processor security certifications and audit reports; (iii) monitoring of processor incident reports and security advisories; (iv) assessment of any changes to processor sub-processors or processing locations; and (v) periodic review of processor privacy policies and terms of service. All processors are contractually required to notify us of any personal data breach without undue delay and in any event within 24 hours of becoming aware of the breach, providing sufficient information to enable us to meet our own breach notification obligations under Articles 33 and 34 of the UK GDPR. We document all compliance monitoring activities and maintain records of processor assessments, audit findings, and remediation actions taken.

Business Transfers

• In the event of a merger, acquisition, corporate divestiture, or dissolution, your Personal Data may be transferred to the relevant third party, provided that such party agrees to honour the commitments made in this Privacy Policy.
• We will provide you with notice of any such transfer and inform you of your rights regarding the continued processing of your Personal Data.

Legal Compliance and Protection

• We may disclose your Personal Data where we are legally required to do so to comply with applicable laws, regulations, legal processes, or governmental requests.
• We may also disclose your Personal Data where necessary to protect our rights, property, or safety, or the rights, property, or safety of our users or others, including fraud prevention and security purposes.

Consent-Based Sharing

• We may share your Personal Data with third parties where you have provided your explicit consent to such sharing for specific purposes.
• You may withdraw such consent at any time by contacting us using the details provided in Section 17 of this Privacy Policy.

Anonymised and Aggregated Data

• We may share anonymised or aggregated data that cannot identify you personally with third parties for business, research, or analytical purposes.
• Such data sharing does not constitute sharing of Personal Data and is not subject to the restrictions set out in this section.

No Selling or Renting of Personal Data

• We do not sell, rent, or trade your Personal Data to third parties for their marketing purposes.
• We will never share your email address or other contact information with third parties for their own promotional use without your explicit consent.

We implement appropriate technical and organisational measures to protect your Personal Data against unauthorised access, alteration, disclosure, or destruction, including but not limited to:

• encryption of data in transit and at rest using industry-standard protocols;
• regular security assessments and penetration testing;
• access controls and authentication mechanisms limiting access to authorised personnel only;
• regular backup procedures and disaster recovery protocols;
• staff training on data protection and security best practices;
• monitoring systems to detect and respond to security incidents.

Our standard data retention periods are as follows:

• Account Information: retained for the duration of your account plus 2 years after account closure to allow for account reactivation, dispute resolution, and compliance with applicable legal obligations;
• Usage Data and Technical Data: retained for 3 years from collection;
• Communication records: retained for 3 years from the date of communication;
• Marketing communications data: retained until you withdraw consent or 3 years from last engagement, whichever is earlier;
• Waitlist and newsletter email addresses: retained while you remain subscribed and deleted promptly upon unsubscribe;
• AI-processed document content: processed in-memory only and not stored in persistent storage by Redactr or AWS Bedrock; operational logs are maintained but do not contain document content, filenames, or metadata.

We have implemented internal procedures to detect, investigate, and respond to any suspected or actual Personal Data Breach. Upon becoming aware of a potential breach, we will:

• immediately assess the nature and scope of the breach, including the categories and approximate number of data subjects and personal data records concerned;
• identify the likely consequences of the breach for affected data subjects;
• take immediate steps to contain the breach and mitigate any adverse effects; and
• document all facts relating to the breach, its effects, and the remedial actions taken.

Internal Escalation Procedures: Upon discovery or notification of a suspected Personal Data Breach, the following escalation procedures will be followed:

• The individual who discovers or receives notification of the suspected breach must immediately report it to their line manager and to inbox@redactr.io, providing all available details about the incident;
• The incident must be escalated to senior management within two (2) hours of initial discovery;
• A preliminary assessment of the breach must be completed within four (4) hours of discovery to determine severity and potential impact;
• Where the preliminary assessment indicates a notifiable breach, the ICO notification process must be initiated within twenty-four (24) hours to allow sufficient time for preparation of the notification within the statutory 72-hour window.

Roles and Responsibilities: The following roles and responsibilities apply during breach response:

• Incident Lead: A senior manager will be designated as Incident Lead for each breach, with overall responsibility for coordinating the response, making key decisions, and serving as the primary point of contact;
• Technical Response Team: Responsible for containing the breach, preserving evidence, conducting technical investigation, and implementing remediation measures;
• Communications Lead: Responsible for preparing and coordinating all internal and external communications, including notifications to the ICO and affected data subjects;
• Legal/Compliance Advisor: Responsible for advising on regulatory obligations, documenting the breach for compliance purposes, and liaising with external legal counsel where necessary.

Notification to the Information Commissioner's Office (ICO): Where a Personal Data Breach is likely to result in a risk to the rights and freedoms of natural persons, we will notify the ICO without undue delay and, where feasible, not later than 72 hours after having become aware of the breach. Where notification is not made within 72 hours, we will provide reasons for the delay. Our notification to the ICO will include:

• a description of the nature of the breach, including the categories and approximate number of data subjects and personal data records concerned;
• the name and contact details of our data protection contact point;
• a description of the likely consequences of the breach; and
• a description of the measures taken or proposed to address the breach, including measures to mitigate its possible adverse effects.

Notification to Data Subjects: Where a Personal Data Breach is likely to result in a high risk to the rights and freedoms of natural persons, we will communicate the breach to affected data subjects without undue delay. In determining whether a breach is likely to result in a high risk, we will assess:

• the type and sensitivity of the personal data involved (with breaches involving special category data, financial information, or identity documents being presumed high risk);
• the volume of personal data and number of individuals affected;
• the ease with which individuals can be identified from the breached data;
• the severity of potential consequences for affected individuals, including risk of identity theft, financial loss, reputational damage, or discrimination;
• whether the data was encrypted or otherwise protected, and whether encryption keys were also compromised;
• the nature of the breach (e.g., whether data was accessed by malicious actors versus accidental disclosure);
• any special characteristics of affected individuals that may increase their vulnerability (e.g., children or vulnerable adults).

This communication will:

• describe the nature of the breach in clear and plain language;
• provide the name and contact details of our data protection contact point;
• describe the likely consequences of the breach; and
• describe the measures taken or proposed to address the breach, including measures to mitigate its possible adverse effects and any steps data subjects can take to protect themselves.

We are not required to notify data subjects directly where:

• we have implemented appropriate technical and organisational protection measures that render the personal data unintelligible to any person not authorised to access it, such as encryption;
• we have taken subsequent measures that ensure the high risk to data subjects' rights and freedoms is no longer likely to materialise; or
• direct notification would involve disproportionate effort, in which case we will make a public communication or similar measure to inform data subjects equally effectively.

The safeguards we use for international data transfers include:

• Standard contractual clauses approved by the UK government or European Commission;
• Binding corporate rules where the recipient is part of a multinational group with approved binding corporate rules;
• Certification schemes recognised under UK GDPR; or
• Codes of conduct recognised under UK GDPR.

In limited circumstances, we may transfer personal data without adequacy decisions or appropriate safeguards where:

• You have explicitly consented to the proposed transfer after being informed of the possible risks;
• The transfer is necessary for the performance of our contract with you;
• The transfer is necessary for important reasons of public interest;
• The transfer is necessary for the establishment, exercise or defence of legal claims; or
• The transfer is necessary to protect your vital interests where you are physically or legally incapable of giving consent.

Right to Erasure ('Right to be Forgotten'): You have the right to request deletion of your Personal Data in certain circumstances, including where:

• the Personal Data is no longer necessary for the purposes for which it was collected;
• you withdraw consent and there is no other legal basis for processing;
• you object to processing and there are no overriding legitimate grounds for processing;
• the Personal Data has been unlawfully processed; or
• erasure is required for compliance with a legal obligation.

Parents and guardians have the right to:

• request access to their child's Personal Data held by us;
• request correction or deletion of their child's Personal Data;
• withdraw consent for the Processing of their child's Personal Data; and
• lodge a complaint with the ICO regarding the Processing of their child's Personal Data.

We may retain personal data for longer periods where:

• Required by law or regulation;
• Necessary for the establishment, exercise, or defence of legal claims;
• Required for compliance with regulatory obligations; or
• Necessary for archiving purposes in the public interest, scientific or historical research, or statistical purposes.

The Third-Party Services we currently use to operate our Platform and deliver our Services include:

• Buttondown — an email newsletter and subscriber management service used to manage waitlist signups and send communications. Buttondown processes your email address when you sign up for our waitlist or subscribe to our newsletter.
• Plausible Analytics — a privacy-friendly, cookieless website analytics service that is fully compliant with GDPR, CCPA, and PECR. Plausible collects only anonymous, aggregate usage data and does not track individual users or collect personal data.
• Static.app — our website hosting provider, which collects server-side analytics that are cookieless and privacy-respecting. Static.app does not use cookies or collect personal data.
• AWS Bedrock — the AI infrastructure powering our agentic redaction suggestions. When you use our agentic redaction features, only document content is sent to AWS Bedrock for processing. AWS Bedrock processes data in AWS data centres located in Ireland (within the European Economic Area), which benefits from an adequacy decision under UK GDPR. AWS Bedrock does not store or log prompts and completions, and does not use customer data to train models. Data is processed in real-time and is not retained after processing.
• Stripe — our payment processor, which handles all payment transactions and billing. When you make a payment, Stripe collects and processes your payment card details, billing address, and transaction information. Stripe is PCI-DSS compliant and processes payment data in accordance with its own privacy policy. We do not store your full payment card details on our servers.

We may receive personal data about you from Third-Party Services when you authorise such sharing, including but not limited to:

• authentication and account information when you log in using third-party credentials;
• contact information and profile data from integrated business applications;
• usage analytics and performance data from third-party tools.

When we make material changes to this Privacy Policy, we will notify you by:

• sending an email notification to the email address associated with your account at least thirty (30) days before the changes take effect;
• posting a prominent notice on our Platform; and
• updating the "Last Updated" date at the top of this Privacy Policy.

Material changes include, but are not limited to:

• changes to the types of Personal Data we collect or the purposes for which we process it;
• changes to our data sharing practices with Third Parties;
• changes that reduce your rights under Data Protection Laws; or
• changes to our data retention periods that extend how long we keep your Personal Data.

You can contact the ICO through:

• Website: ico.org.uk
• Telephone: 0303 123 1113
• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF