Privacy Policy

1. Introduction

This Privacy Policy describes how FileXtractor ("we," "us," or "our") collects, uses, and protects your personal information when you use our AI-powered file extraction service ("Service").

We are committed to protecting your privacy and handling your data with care and transparency. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

When you register for an account, we collect:

• Email address: Used for account authentication, email verification, password reset, and important service communications
• Password: Securely hashed and stored (we never store passwords in plain text)
• Company name: Used for account organization and identification

2.2 File and Extraction Data

When you use our extraction service, we process and may store:

• Uploaded files: Documents you upload for extraction (PDF, images, Word documents, spreadsheets, text files)
• File URLs: Publicly accessible URLs you provide for processing
• File metadata: File name, size, format, number of pages, processing timestamps
• Extraction schemas: Custom field definitions you create for data extraction
• Extraction results: Structured data extracted from your files in JSON format
• Converted content: Markdown versions of your documents
• Processing status: Job status, error messages, credits consumed

2.3 Usage and Account Data

• Credit transactions: Purchase history, credit balance, usage records
• Payment information: Processed through Stripe (we do not store full credit card numbers)
• API tokens: Tokens you create, their names, expiration dates, and last used timestamps
• Account activity: Login history, email verification status, password reset requests

2.4 Technical Information

• Authentication tokens: Stored in your browser's localStorage for session management
• API requests: Request timestamps, endpoints accessed, response status
• Error logs: Technical error information for debugging and service improvement

2.5 Information We Do NOT Collect

We value your privacy and do not collect:

• Cookies for tracking or advertising purposes
• Analytics or behavioral tracking data
• Social media profile information
• Location data or device fingerprints
• Information from third-party advertising networks

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Delivery

• Process your files using OCR and AI technologies
• Extract structured data according to your defined schemas
• Store and provide access to extraction results
• Authenticate your account and manage sessions
• Track credit balance and usage
• Provide API access for programmatic usage

3.2 Account Management

• Create and maintain your user account
• Verify email addresses and reset passwords
• Organize data by company/organization
• Process account deletion requests

3.3 Payment Processing

• Process credit purchases through Stripe
• Maintain payment history and transaction records
• Calculate credit consumption for extractions
• Issue receipts and billing information

3.4 Service Improvement

• Monitor service performance and reliability
• Debug and fix technical issues
• Improve extraction accuracy and speed
• Analyze usage patterns with aggregated, anonymized data
• Develop new features and capabilities

3.5 Communication

• Send email verification codes
• Provide password reset functionality
• Notify you of important service changes or updates
• Respond to support inquiries
• Send critical security notifications

We do NOT use your information for advertising, marketing emails (unless you explicitly opt-in), or selling to third parties.

4. Data Retention

We retain your information for different periods depending on the type of data:

4.1 Account Information

• Account data: Retained until you request account deletion
• Email and company info: Deleted within 30 days of account deletion request
• Authentication tokens: Valid until logout, password reset, or account deletion

4.2 File and Extraction Data

4.3 Payment and Transaction Data

• Payment records: Retained for 7 years for tax and legal compliance
• Credit transactions: Retained for the lifetime of your account for billing purposes
• Stripe payment data: Managed by Stripe according to their retention policies

4.4 Logs and Technical Data

• Error logs: Retained for 90 days for debugging purposes
• API logs: Retained for 30 days for security and monitoring
• Aggregated analytics: Anonymized data may be retained indefinitely

5. Data Sharing and Third-Party Services

5.1 Third-Party Service Providers

We share limited information with the following third-party service provider:

• Stripe: Payment processing for credit purchases. Stripe receives your payment information, name, and email address. Stripe is PCI-DSS compliant and maintains robust security standards. View Stripe's privacy policy at stripe.com/privacy.

5.2 We Do NOT Share Data With

• Advertising networks or data brokers
• Social media platforms
• Analytics companies
• Marketing services
• Any other third parties for their own purposes

5.3 Legal Disclosure

We may disclose your information if required to:

• Comply with legal obligations, court orders, or government requests
• Enforce our Terms of Service or investigate violations
• Protect our rights, property, or safety
• Prevent fraud, security threats, or illegal activity
• Protect the rights and safety of our users or the public

5.4 Business Transfers

If FileXtractor is involved in a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.

6. Data Storage and Security

6.1 Data Location

Your data is stored and processed on servers located in the United States. By using the Service, you consent to the transfer and processing of your information in the United States.

6.2 Security Measures

We implement industry-standard security measures to protect your information:

• Encryption: Data transmitted between your browser and our servers is encrypted using HTTPS/TLS
• Password protection: Passwords are hashed using strong cryptographic algorithms and never stored in plain text
• Access controls: Strict authentication and authorization systems to prevent unauthorized access
• Token-based authentication: Secure Bearer token system for API access
• Automatic logout: Sessions are invalidated on unauthorized access attempts (401 errors)
• API timeout protection: 30-second request timeouts to prevent hanging connections

6.3 Your Responsibilities

You are responsible for:

• Maintaining the confidentiality of your password and API tokens
• Using strong, unique passwords
• Logging out from shared or public devices
• Notifying us immediately of any unauthorized access
• Revoking compromised API tokens

6.4 Limitations

While we implement strong security measures, no system is completely secure. We cannot guarantee absolute security of your data. You use the Service at your own risk and should not upload highly sensitive or confidential information unless you accept this risk.

7. Your Privacy Rights

You have the following rights regarding your personal information:

7.1 Right to Access

You can access your personal information at any time through your account dashboard, including:

• Account details (email, company name)
• Extraction history and results
• Credit balance and transaction history
• Payment records
• API tokens

7.2 Right to Correction

You can update or correct your personal information through your account settings or by contacting us at filextractor.dev@gmail.com. We will process correction requests within 30 days.

7.3 Right to Data Export

You have the right to request a copy of all your data in a portable format (JSON). To request a data export, contact us at filextractor.dev@gmail.com with the subject line "Data Export Request." We will provide your data within 30 days.

7.4 Right to Deletion

You can request deletion of your account and associated data at any time. Upon receiving a deletion request:

• Your account will be permanently deactivated
• Personal information (email, company name) will be deleted within 30 days
• Uploaded files and extraction results will be deleted
• API tokens will be revoked
• Payment records will be retained for 7 years for legal and tax compliance
• Aggregated, anonymized data may be retained for analytics
• Any remaining credits will be forfeited without refund

To request account deletion, contact us at filextractor.dev@gmail.com with the subject line "Account Deletion Request" from your registered email address.

7.5 Right to Object

You have the right to object to certain data processing activities. If you object to how we use your data, please contact us to discuss your concerns.

7.6 Right to Withdraw Consent

Where we process data based on your consent, you may withdraw consent at any time. However, this will not affect the lawfulness of processing before withdrawal.

8. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If we discover that we have collected information from a child under 18, we will delete that information immediately. If you believe we have collected information from a child, please contact us at filextractor.dev@gmail.com.

9. International Users

The Service is operated from the United States. If you are located outside the United States, please be aware that information you provide will be transferred to, stored, and processed in the United States.

By using the Service, you consent to the transfer of your information to the United States and acknowledge that:

• US privacy laws may differ from those in your jurisdiction
• US government authorities may have access to your data under certain circumstances
• We will handle your data in accordance with this Privacy Policy regardless of where it is processed

9.1 European Users (GDPR)

If you are located in the European Economic Area (EEA), UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to be informed about data collection and use
• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

Our legal basis for processing your data includes:

• Contract performance: Processing necessary to provide the Service
• Consent: You have given explicit consent for specific processing
• Legitimate interests: Service improvement, security, and fraud prevention
• Legal obligations: Compliance with applicable laws and regulations

9.2 California Users (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to access your personal information
• Right to delete personal information
• Right to opt-out of sale of personal information (we do not sell data)
• Right to non-discrimination for exercising CCPA rights

We do not sell your personal information to third parties.

10. Cookies and Tracking Technologies

We do not use cookies for tracking, advertising, or analytics purposes. However, we do use browser localStorage for essential functionality:

10.1 localStorage Usage

• Authentication tokens: Stored to maintain your logged-in session
• User data cache: Temporarily stores your email, user ID, and company information for improved performance
• Company data cache: Stores company-related information to reduce server requests

10.2 Clearing Stored Data

You can clear all stored data by logging out or clearing your browser's localStorage. Note that clearing this data will log you out of your session.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Send an email notification to your registered email address
• Display a prominent notice on the Service
• Provide a summary of key changes

For minor updates (typos, clarifications, formatting), we will update the "Last Updated" date without additional notification.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes indicates acceptance of the updated Privacy Policy.

12. Data Breach Notification

In the event of a data breach that may compromise your personal information, we will:

• Investigate the breach promptly and thoroughly
• Notify affected users via email within 72 hours of discovery
• Describe the nature of the breach and data affected
• Provide guidance on protective measures you can take
• Report the breach to relevant authorities as required by law
• Take steps to prevent future breaches

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

We aim to respond to all privacy-related inquiries within 3-5 business days. For data export and deletion requests, we will complete the process within 30 days.