Privacy Policy

StructOCR is committed to safeguarding the digital privacy of its global Users. We implement a “Privacy by Design” and “Privacy by Default” philosophy. All Personal Data and User Content are hosted and processed on high-security infrastructure located exclusively within the United States.

StructOCR processes Personal Data collected via the Website or Platform for the following specific purposes:

• 1.Service Delivery & Performance: To create and manage User accounts, authenticate access to the API, and deliver the Services on a “Pay-as-you-go” basis. This is necessary for the performance of the agreement between the Parties.
• 2.Transaction Management: To facilitate billing and subscription management through our Merchant of Record, Paddle. This processing is based on the performance of the service agreement.
• 3.Quality Assurance (QA) & Service Continuity: To monitor the technical execution of OCR tasks and resolve processing exceptions. We temporarily retain document data to ensure that any API failures can be diagnosed and remediated. This is based on our legitimate interest in providing a robust, functional service.
• 4.Security & Abuse Detection: Technical administration of the Platform, including monitoring for unauthorized access, preventing API abuse, and ensuring the integrity of our infrastructure, based on our legitimate interests.
• 5.Platform Optimization: Drawing up aggregated usage statistics and measuring service performance via specialized tools (Google Analytics & PostHog) to improve our product features, based on our legitimate interest in business development.

StructOCR processes the following categories of data:

• User Identification Data: Full name, professional email address, company affiliation, and account credentials (User ID and hashed passwords).
• Connection & Telemetry Data: IP addresses, login logs, browser metadata, API request formats, timestamp data, and endpoint usage patterns.
• Payment Data: Billing details and transaction history. Please note that credit card processing is handled by Paddle. StructOCR does not store sensitive PCI-compliant financial data on its primary servers.
• Transient Content Data: The images or documents uploaded for processing. Important: These files are retained for a maximum window of twenty-four (24) hours to facilitate technical support and quality monitoring, after which they are permanently purged from our active buffers.

For the purposes mentioned above, StructOCR may disclose Personal Data to the following trusted technical processors:

• Cloud Infrastructure: Google Cloud Platform (GCP). All data is stored in US-East/West regions to ensure high availability and low latency.
• Payment & Revenue Infrastructure: Paddle, acting as our Merchant of Record, handles payments, taxes, and financial compliance.
• Analytics & Product Insights: PostHog (Product analytics) and Google Analytics (Traffic analysis).
• Legal Compliance: We may disclose data if required by law or by a valid judicial or administrative request from US authorities.

StructOCR applies a strict data minimization policy:

• Account Data: Stored for the duration of your active use of the Platform and for a period of three (3) years following the last account activity, unless a longer retention period is required for legal or tax purposes.
• Processed Documents: Automatically deleted after 24 hours.
• Technical Logs: Retained for 12 months for security auditing and debugging purposes.
• Anonymized Statistics: Aggregated reports that do not identify individuals may be kept indefinitely for historical performance analysis.

The Website and Platform use cookies to enhance navigation and measure audience engagement.

• Strictly Necessary Cookies: Essential for the functioning of the account dashboard and API authentication.
• Performance & Analytics Cookies: Deployed via Google Analytics and PostHog to understand user flows and optimize the UI. You can manage or disable cookies through your browser settings; however, certain features of the Platform may not function correctly without them.

Regardless of your location, StructOCR provides the following rights to all Users:

• Right to Access & Rectification: You may request a copy of your data or update incorrect information.
• Right to Erasure: You may request the deletion of your account and associated personal data at any time.
• Right to Object: You may object to the processing of your data based on legitimate interests.
• Right to Data Portability: You may request an export of your account data in a structured, machine-readable format.

Taking into account the state of the art and the nature of document processing, StructOCR implements rigorous technical and organizational measures:

• Encryption: Data is encrypted using TLS 1.2+ during transit and AES-256 at rest.
• Access Control: Strict "Least Privilege" access policies for StructOCR personnel.
• Infrastructure: Our US-based data centers comply with SOC2 and ISO 27001 standards.