# Privacy Policy

**Effective Date: June 22, 2025**

## 1. Introduction

PDF Table AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered document processing service ("Service").

## 2. Information We Collect

### 2.1 Personal Information
When you create an account, we collect:
- **Google Account Information**: Name, email address, and profile information via Google OAuth
- **Payment Information**: Billing details processed securely through Stripe (we do not store credit card numbers)
- **Account Data**: User preferences, subscription tier, and credit usage

### 2.2 Document Information
When you use our Service, we process:
- **Uploaded Documents**: PDF files you submit for table extraction
- **Extracted Data**: Tables and structured data extracted from your documents
- **Processing Metadata**: File names, upload timestamps, and processing status

### 2.3 Technical Information
We automatically collect:
- **Usage Data**: How you interact with our Service, pages visited, features used
- **Device Information**: Browser type, operating system, IP address
- **Log Data**: Server logs, error reports, and performance metrics
- **Cookies**: Session management and user preference storage

### 2.4 Guest User Information
For non-registered users, we collect:
- **IP Address**: To manage credit limits and prevent abuse
- **Uploaded Documents**: Temporarily stored for processing
- **Usage Patterns**: To maintain service quality and security

## 3. How We Use Your Information

### 3.1 Service Delivery
- Process your documents using AI and OCR technology
- Extract tables and convert them to structured data formats
- Manage your account and subscription
- Provide customer support and technical assistance

### 3.2 Service Improvement
- Analyze usage patterns to improve our algorithms
- Optimize processing speed and accuracy
- Develop new features and capabilities
- Monitor service performance and reliability

### 3.3 Business Operations
- Process payments and manage subscriptions
- Send important service updates and notifications
- Ensure platform security and prevent fraud
- Comply with legal obligations and resolve disputes

### 3.4 Communication
- Send account-related notifications
- Provide customer support responses
- Share important service updates or changes
- Respond to your inquiries and requests

## 4. How We Share Your Information

### 4.1 Service Providers
We share information with trusted third parties who assist in operating our Service:
- **Google**: For authentication services
- **Stripe**: For secure payment processing
- **Cloud Infrastructure**: For hosting and data storage
- **Analytics Providers**: For service improvement (data is anonymized)

### 4.2 Legal Requirements
We may disclose information when required by law:
- Comply with legal process or court orders
- Protect our rights, property, or safety
- Investigate potential violations of our Terms
- Respond to government requests or regulatory inquiries

### 4.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to this Privacy Policy.

### 4.4 What We Don't Share
- We never sell your personal information to third parties
- We don't share your document content with unauthorized parties
- We don't use your data for advertising purposes

## 5. Data Security

### 5.1 Security Measures
We implement industry-standard security practices:
- **Encryption**: Data is encrypted in transit and at rest
- **Access Controls**: Limited access based on job requirements
- **Secure Infrastructure**: Cloud services with enterprise-grade security
- **Regular Audits**: Security assessments and vulnerability testing

### 5.2 Data Processing Security
- Documents are processed in secure, isolated environments
- Processing servers are regularly updated and monitored
- Access to your documents is strictly limited to processing systems
- All processing is automated with minimal human access

### 5.3 Incident Response
- We monitor for security incidents continuously
- In case of a breach, affected users will be notified promptly
- We maintain incident response procedures and regular backups
- We cooperate with law enforcement when necessary

## 6. Data Retention

### 6.1 Account Data
- User accounts and preferences are retained while your account is active
- After account deletion, personal data is removed within 30 days
- Some data may be retained longer for legal or business purposes

### 6.2 Document Data
- **Registered Users**: Documents and extracted data are retained for account management
- **Guest Users**: Documents are typically deleted within 30 days
- **Processing Data**: Temporary files are deleted after processing completion

### 6.3 Legal Retention
Some information may be retained longer to:
- Comply with legal obligations
- Resolve disputes or enforce agreements
- Maintain business records as required by law

## 7. Your Privacy Rights

### 7.1 Access and Control
You have the right to:
- **Access**: Request copies of your personal information
- **Correct**: Update or correct inaccurate information
- **Delete**: Request deletion of your personal data
- **Port**: Export your data in a machine-readable format

### 7.2 Communication Preferences
- Opt out of non-essential communications
- Update your email preferences
- Control notification settings

### 7.3 Account Management
- Delete your account and associated data
- Download your processed documents
- Manage your subscription and billing information

## 8. Cookies and Tracking

### 8.1 Essential Cookies
We use cookies for:
- User authentication and session management
- Remembering your preferences and settings
- Ensuring service security and functionality

### 8.2 Analytics Cookies
With your consent, we use analytics cookies to:
- Understand how users interact with our Service
- Identify areas for improvement
- Monitor service performance

### 8.3 Cookie Control
- You can control cookies through your browser settings
- Disabling cookies may affect Service functionality
- We respect "Do Not Track" signals where technically feasible

## 9. International Data Transfers

### 9.1 Data Location
- Your data may be processed in countries outside your residence
- We ensure appropriate safeguards for international transfers
- Data processing complies with applicable privacy laws

### 9.2 Adequacy Decisions
We rely on:
- Adequacy decisions by relevant privacy authorities
- Standard contractual clauses for data protection
- Certified frameworks for international transfers

## 10. Children's Privacy

### 10.1 Age Restrictions
- Our Service is not intended for children under 13
- We do not knowingly collect information from children
- If we learn we have collected child data, we will delete it promptly

### 10.2 Parental Rights
- Parents may request access to their child's information
- Parents can request deletion of their child's data
- We encourage parents to monitor their children's online activities

## 11. Privacy by Design

### 11.1 Data Minimization
- We collect only the information necessary for our Service
- Processing is limited to stated purposes
- Data is deleted when no longer needed

### 11.2 Purpose Limitation
- Information is used only for the purposes disclosed
- We obtain consent for any new uses of your data
- Processing is transparent and fair

## 12. Third-Party Services

### 12.1 Google Services
- We use Google OAuth for authentication
- Google's privacy policy applies to their services
- You can manage Google permissions in your Google account

### 12.2 Stripe Payment Processing
- Stripe processes payments according to their privacy policy
- We do not store credit card information
- Payment data is encrypted and securely handled

## 13. Updates to This Privacy Policy

### 13.1 Policy Changes
- We may update this Privacy Policy periodically
- Material changes will be communicated via email or Service notification
- The effective date will be updated to reflect changes

### 13.2 Your Continued Use
- Continued use after changes constitutes acceptance
- If you disagree with changes, please discontinue use
- We encourage regular review of this Privacy Policy

## 14. Regional Privacy Rights

### 14.1 European Union (GDPR)
If you are in the EU, you have additional rights:
- Right to data portability
- Right to restrict processing
- Right to object to processing
- Right to lodge complaints with supervisory authorities

### 14.2 California (CCPA)
If you are a California resident, you have rights to:
- Know what personal information is collected
- Delete personal information
- Opt-out of the sale of personal information (we don't sell data)
- Non-discrimination for exercising privacy rights

## 15. Contact Information

### 15.1 Privacy Questions
For privacy-related inquiries, contact us at:
- **Email**: contact@pdftableai.com
- **Address**: 14 Rue d'OURDY, 77550, REAU, FRANCE

### 15.2 Data Protection Officer
For GDPR-related inquiries:
- **Email**: contact@pdftableai.com

### 15.3 Response Time
- We respond to privacy requests within 30 days
- Complex requests may require additional time
- We will communicate any delays promptly

---

**Last Updated: June 22, 2025**

This Privacy Policy is designed to help you understand how PDF Table AI collects, uses, and protects your information. We are committed to maintaining your trust and protecting your privacy.