Privacy Policy

Last updated: January 2025
Version: 2.1

Your Privacy is Our Priority
We are committed to protecting your personal information and your right to privacy. This policy explains how we collect, use, and safeguard your data in compliance with GDPR, CCPA, and other privacy regulations.

1. Overview

ApplyOCR is a product of Axcess Lab LLC, Series ApplyOCR ("we", "our", or "us"), a Delaware protected series. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Key Points:

  • We do not store your document contents after processing
  • We collect minimal personal information (email, username)
  • We use industry-standard encryption for data in transit
  • You have full control over your data with GDPR-compliant rights
  • We never sell your personal information to third parties

2. Data We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address: For account identification and communication
  • Username: Your chosen account identifier
  • Password: Stored using bcrypt hashing (never plain text)
  • Full name: Optional, for personalization

2.2 Usage Data

We automatically collect certain information when you use our service:

  • API request logs: Endpoint, timestamp, response status, response time
  • Document metadata: Filename, file size, page count, processing time
  • IP address: For security and fraud prevention
  • User agent: Browser/client information
Important: We do NOT store the actual content of documents you process. Text extracted from your documents is returned to you in the API response and immediately deleted from our servers.

2.3 Payment Information

For paid plans:

  • Payment processing is handled by Stripe (a PCI-compliant third party)
  • We do not store your full credit card number
  • We store only the last 4 digits and card brand for reference

3. How We Use Your Data

We use collected information for the following purposes:

3.1 Service Delivery

  • Authenticate you and provide access to your account
  • Process OCR requests and return results
  • Track API usage and enforce rate limits
  • Generate usage reports and analytics

3.2 Communication

  • Send service-related notifications (e.g., usage alerts, outages)
  • Respond to support requests
  • Send optional marketing communications (you can opt out)

3.3 Improvement & Security

  • Analyze usage patterns to improve our service
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

4. Data Sharing and Disclosure

We Do Not Sell Your Personal Information
CCPA Notice: We do not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration. We have not sold personal information in the past 12 months and do not plan to do so in the future.

We may share data only in these limited circumstances:

4.1 Service Providers

We work with trusted third-party providers who help us deliver our service:

  • Cloud hosting: Oracle Cloud Infrastructure (OCI) for secure, enterprise-grade infrastructure
  • Payment processing: Stripe for billing
  • Email delivery: SendGrid/Mailgun for transactional emails
  • Analytics: Anonymized usage statistics

All providers are contractually bound to protect your data and use it only for specified purposes.

4.2 Legal Requirements

We may disclose your information if required by law or to:

  • Comply with legal processes (subpoenas, court orders)
  • Enforce our Terms of Service
  • Protect our rights, property, or safety
  • Prevent fraud or illegal activities

5. Data Security

We implement industry-standard security measures to protect your data:

5.1 Technical Measures

  • Encryption in transit: All API communication uses TLS 1.2+ (HTTPS)
  • Encryption at rest: Database encryption for stored data (AES-256)
  • Password security: Passwords hashed with bcrypt (never stored in plain text)
  • API key security: Cryptographically secure random generation

5.2 Operational Measures

  • Regular security audits and penetration testing
  • Access controls and principle of least privilege
  • Automated monitoring for suspicious activity
  • Incident response procedures

5.3 Data Retention

  • Document content: Immediately deleted after OCR processing (never stored)
  • Metadata logs: Retained for the duration of your account for billing, analytics, and security purposes
  • Account data: Retained while your account is active
  • After account deletion: Personal data deleted within 30 days (metadata logs may be retained for up to 30 additional days for final billing and fraud prevention)

6. Your Rights (GDPR & CCPA)

You have the following rights regarding your personal data:

Data Subject Rights

  • Right to access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure ("right to be forgotten"): Request deletion of your data
  • Right to data portability: Receive your data in a machine-readable format
  • Right to restrict processing: Limit how we use your data
  • Right to object: Object to certain types of processing
  • Right to withdraw consent: Opt out of marketing communications

How to Exercise Your Rights

To exercise any of these rights:

  1. Email us at privacy@applyocr.com
  2. Include your registered email address and specify your request
  3. We will respond within 30 days
  4. We may need to verify your identity before processing requests

For account deletion, you can also delete your account directly from your dashboard settings.

7. Cookies and Tracking

We use cookies and similar technologies to improve your experience:

7.1 Essential Cookies

Required for the service to function:

  • Authentication cookies: Secure httpOnly cookies to keep you logged in (not accessible via JavaScript for security)
  • Session management: Maintain your session state
  • Security: CSRF protection and fraud detection

7.2 Analytics Cookies

Help us understand how you use our service (optional, you can opt out):

  • Page views and navigation patterns
  • Feature usage statistics
  • Performance metrics

We use anonymized analytics only and do not track users across other websites.

7.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect service functionality.

8. International Data Transfers

Our service is hosted in the United States. If you access our service from outside the US, your data may be transferred to and stored in the US.

We ensure appropriate safeguards for international transfers:

  • Standard Contractual Clauses (SCCs) approved by the EU Commission
  • Compliance with GDPR requirements for third-country transfers
  • Enterprise customers can request data residency in specific regions

9. Children's Privacy

Our service is not intended for children under 13 years old. We do not knowingly collect personal information from children under 13.

If you believe we have inadvertently collected information from a child under 13, please contact us immediately at privacy@applyocr.com so we can delete it.

10. Data Breach Notification

In the event of a data breach that affects your personal information, we are committed to transparency and prompt notification:

10.1 Our Response

  • Immediate action: We will immediately investigate and contain any breach
  • Authority notification: Notify relevant authorities within 72 hours (as required by GDPR)
  • User notification: Notify affected users without undue delay via email
  • Documentation: Maintain records of all security incidents

10.2 What We Will Tell You

If you are affected by a breach, our notification will include:

  • Nature of the breach and data types affected
  • Likely consequences of the breach
  • Measures we have taken to address the breach
  • Recommended actions you should take to protect yourself
  • Contact information for further questions
Important: Since we do not store document content, the most sensitive data (your actual documents and extracted text) cannot be compromised in a breach. Only metadata such as filenames, processing times, and account information could potentially be affected.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date.

For material changes, we will:

  • Send email notification to registered users
  • Display a prominent notice on our website
  • Give you 30 days to review before changes take effect

Continued use of our service after changes indicates your acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data:

Contact Information

Email: privacy@applyocr.com

Response time: Within 30 days

Mailing address:
Axcess Lab LLC, Series ApplyOCR
8 The Green STE A
Dover, DE 19901
United States