Privacy Policy

Effective date: [Insert date]. This policy explains how Obscura Document Redaction ("we", "us") handles information when you use the Service.

1. Information you provide

When you use the Service, you may upload documents or images for redaction. We process this content solely to provide the Service.

2. Data handling and storage

Browser processing: PDF rendering and OCR may run in your browser.
Server processing: DOC/DOCX or certain image formats may be uploaded to the server for conversion.
Account history: when you are signed in, we store project history (document name, metadata, redactions, and a copy of the document) on our servers so you can access it across devices.
History availability: history is provided as a convenience and may be unavailable, delayed, or removed. Keep your own backups.
Retention: Uploaded content is retained only as long as needed to complete processing unless you configure longer retention.

3. Legal bases for processing (GDPR/UK GDPR)

Where GDPR or UK GDPR applies, we process personal data based on one or more legal bases:

Contract: to provide the Service you request.
Legitimate interests: to secure, maintain, and improve the Service.
Consent: for optional features where required.
Legal obligation: to comply with applicable laws.

4. Logs and analytics

We may collect minimal service logs (such as timestamps, IP addresses, and error messages) to keep the Service reliable and secure. We do not sell personal information.

5. Sharing

We do not share your content with third parties except to comply with law, protect rights and safety, to use vetted service providers, or with your consent.

6. Security

We use reasonable safeguards to protect data in transit and at rest. No method of transmission or storage is 100% secure.

7. International data transfers

If you access the Service from outside your hosting region, your data may be processed where our servers are located. When required, we use appropriate safeguards for cross-border transfers.

8. Your privacy rights

Depending on your location, you may have rights to access, correct, delete, or export your personal data, object to or restrict processing, or withdraw consent.

EU/UK residents: you may also lodge a complaint with your local supervisory authority. California residents: you have rights under the CCPA/CPRA, including the right to know and delete. We do not sell or share personal information for cross-context behavioral advertising.

9. Data processing addendum

If you are a business customer and require a data processing addendum (DPA), contact us at [Insert DPA contact email].

10. Changes

We may update this policy from time to time. The effective date will be updated, and continued use of the Service constitutes acceptance of the new policy.

11. Contact

Questions about privacy? Contact us at support@useobscura.com.