Privacy Policy
Last updated: 27 December 2024
1. Introduction
Text Redact ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our text redaction service. We comply with the UK Data Protection Act 2018, the General Data Protection Regulation (GDPR), and other applicable data protection laws.
2. Data Controller
Text Redact operates as the data controller for the personal information collected through this service. For any data protection queries, please contact us at the details provided at the end of this policy.
3. Your Text Data - Our Core Promise
🔒 We do NOT store your text data
- Text you submit for redaction is processed in real-time and immediately discarded
- We do not log, save, or retain any of your input or output text
- Your text is never used to train AI models
- Processing occurs in secure, isolated environments
4. Information We Collect
4.1 Account Information (Registered Users)
- Email address (for account creation and communication)
- User ID (system-generated identifier)
- Account creation and update timestamps
4.2 Usage Data
- Credit balance and usage count (to manage your free daily credits)
- Credit transaction history (purchases, usage)
- Last credit reset date
4.3 Cookie Data (Anonymous Users)
- Daily usage count stored in browser cookies
- Last reset date for daily credit calculation
- Cookie consent preferences
4.4 Optional Feedback Data
- Satisfaction ratings you voluntarily provide
- Feedback text and contact email (if provided)
- Browser/device information for debugging purposes
4.5 Payment Information
Payment processing is handled by Paddle (our payment processor). We receive only transaction confirmations and do not store your payment card details. Please refer to Paddle's Privacy Policy for information on how they handle your payment data.
5. How We Use Your Information
- To provide and maintain our text redaction service
- To manage your account and credit balance
- To process payments and deliver purchased credits
- To respond to your enquiries and support requests
- To improve our service based on aggregated usage patterns
- To send important service updates (with your consent for marketing)
- To detect and prevent fraud or abuse
6. Legal Basis for Processing (GDPR)
- Contract: Processing necessary to provide the service you requested
- Legitimate Interests: Service improvement, fraud prevention, and security
- Consent: Marketing communications and optional feedback collection
- Legal Obligation: Compliance with applicable laws and regulations
7. Data Sharing and Third Parties
We do not sell your personal data. We share information only with:
- Infrastructure Providers: For hosting and database services (data processed within secure environments)
- AI Processing: For text redaction (no data retained after processing)
- Paddle: For payment processing
- Legal Authorities: When required by law or to protect our rights
8. Data Retention
- Text Data: Not retained - processed and immediately discarded
- Account Data: Retained until account deletion or 2 years of inactivity
- Transaction Records: Retained for 7 years for legal/accounting purposes
- Cookies: Session cookies expire on browser close; persistent cookies up to 1 year
9. Your Rights
Under GDPR and UK data protection law, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate personal data
- Erasure: Request deletion of your personal data ("right to be forgotten")
- Portability: Receive your data in a machine-readable format
- Restriction: Limit how we process your data
- Object: Object to processing based on legitimate interests
- Withdraw Consent: Where processing is based on consent
To exercise these rights, please contact us using the details below.
10. International Data Transfers
Your data may be processed in countries outside the UK/EEA. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission or UK ICO.
11. Security
We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (HTTPS), secure data storage, access controls, and regular security assessments.
12. Children's Privacy
Our service is not intended for children under 16. We do not knowingly collect personal information from children. If you believe we have collected such information, please contact us immediately.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.
14. Contact Us
For privacy-related enquiries or to exercise your data rights:
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you are unhappy with how we handle your data.