Privacy Policy

1. Introduction

This Privacy Policy explains how RedactProof (operated by Popsall Ltd) ("we", "us", or "our") collects, uses, and protects your personal data when you use RedactProof ("the Service").

2. Our Privacy-First Approach

RedactProof is designed with privacy at its core. Our standard AI detection runs entirely within your browser - your documents and text never leave your device. Pro and Team subscribers can optionally enable the Pro Detection Engine, which sends extracted text (not your files) to Cloudflare for enhanced detection. Your files never leave your device. See Pro Detection Engine processing details below.

What this means for you:

• Your documents never leave your device
• Standard Engine processes everything in your browser's volatile memory - nothing is written to disk, local storage, or cache. Data exists only for the duration of your browser session.
• Pro Detection Engine sends only extracted text (not files) to Cloudflare for inference - it is not stored as document content and is not used for training
• Tamper-evident certificates store a cryptographic hash of your redacted document on our servers - this hash cannot reveal document content but can verify the document has not been altered

Pro Detection Engine processing details: When Pro Detection Engine is enabled, extracted text from your document is transmitted over TLS to Cloudflare Workers AI, which acts as a sub-processor on our behalf for the purpose of inference processing. To the best of our knowledge and based on Cloudflare's published commitments, the text is processed in memory for inference only, with no persistent storage of your content by Cloudflare. Inference inputs are not retained after the response is returned and are not used for model training. We do not log, cache, or store the text content transmitted for inference on our infrastructure. Cloudflare's handling of inference data is governed by their Workers AI data handling commitments.

Pro Detection Engine inference processing may occur on Cloudflare infrastructure located outside the UK and EEA. This transfer is covered by the safeguards described in Section 10 (International Data Transfers), including Standard Contractual Clauses and the UK International Data Transfer Agreement.

We reserve the right to change the provider used for AI inference processing. Any such change will be reflected in this Privacy Policy, and we will notify you of material changes via the email address associated with your account and, where practicable, by notice within the Service.

Data Protection Status: We are the data controller for account data, billing information, and verification certificate metadata. Your document files stay on your device. When Pro Detection Engine is enabled, extracted text is sent to Cloudflare for inference only - it is not stored as document content and not used for training. We do not access or retain your document content.

3. Data We Collect

3.1 Account Information

When you create an account, we collect:

• Email address: For account authentication and communication
• Account preferences: Settings you configure in the Service
• Subscription information: Plan type, billing period, payment status

3.2 Verification Data

When you create verification certificates, we store:

• Document hashes: Cryptographic fingerprints (SHA-256) of your documents - these cannot be reversed to reveal document content
• Certificate metadata: Timestamp, entity counts, certificate ID
• Attribution: Your email or reference ID (depending on your settings)

3.3 Usage Data

We collect anonymous usage statistics to improve the Service:

• Feature usage patterns
• Error reports
• Performance metrics

3.4 Consent Records

When you subscribe, we record:

• Consent timestamp and version
• IP address and user agent (for fraud prevention)
• Which consents you provided (terms acceptance, auto-renewal, immediate access)

4. How We Use Your Data

We process your personal data for the following purposes:

• Providing the Service: Contract performance
• Processing payments: Contract performance
• Sending transactional emails: Contract performance / Legitimate interest
• Fraud prevention: Legitimate interest
• Service improvements: Legitimate interest
• Marketing communications: Consent (opt-in only)
• Legal compliance: Legal obligation

5. Consent Records and Retention

Important: Consent Record Retention

We retain records of your consent for 3 years from the date of consent. This includes records of your acceptance of terms, auto-renewal consent, and immediate access consent. After 3 years, these records are automatically deleted.

This retention period ensures we can demonstrate valid consent for any subscription that was active within the standard limitation period for contract disputes in the UK (6 years) while minimising data retention.

6. Data Sharing

We share your data only with:

• Stripe: Payment processing (see Stripe Privacy Policy)
• Resend: Transactional email delivery
• Cloudflare: Infrastructure, security, and AI-powered detection processing (Pro/Team). See Cloudflare Workers AI Privacy and Data Processing Addendum

We do not sell your personal data. We do not share your data for advertising purposes.

Sub-processors

The third parties listed above act as sub-processors (processors acting on our behalf as data controller) under UK GDPR Article 28. We maintain data processing agreements or equivalent contractual terms with each sub-processor that address their data protection obligations, including restrictions on processing personal data beyond the purposes for which it was disclosed.

Where sub-processors are located outside the UK or EEA, transfers are governed by the mechanisms described in Section 10 (International Data Transfers), including Standard Contractual Clauses (Module Two: Controller to Processor) and, where applicable, the UK International Data Transfer Agreement (IDTA).

If you require a Data Processing Agreement (DPA) for your organisation's compliance purposes, please contact us at privacy@redactproof.com.

We will notify you of material changes to our sub-processors by updating this Privacy Policy and, where practicable, by notice within the Service or via the email address associated with your account. A list of current sub-processors is maintained above.

7. Data Retention

We retain your data for the following periods:

• Account information: Duration of account + 2 years
• Consent records: 3 years from consent date
• Verification certificates: Indefinite (publicly verifiable)
• Audit logs (Pro/Team): Duration of subscription + 1 year
• Payment records: 7 years (legal requirement)
• Email logs: 1 year

Upon account termination, we delete your account data within 30 days, subject to the retention periods specified above and any statutory retention obligations. We may also retain server logs (up to 90 days), billing records (up to 7 years), and records necessary to resolve pending disputes, chargebacks, or legal claims for the duration of such proceedings. Full details are set out in our Terms of Service (Section 5A.3).

8. Your Rights

Under the UK GDPR and Data Protection Act 2018, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a machine-readable format
• Objection: Object to certain processing activities
• Withdraw consent: Withdraw marketing consent at any time

To exercise these rights, contact us at privacy@redactproof.com. We will acknowledge your request within 5 business days and respond substantively within one calendar month, as required by UK GDPR Article 12. If we need to extend this period (by up to two further months due to complexity or volume), we will inform you within the initial one-month period and explain the reasons for the delay.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk

EU Users: If you are located in the EU, you may also lodge a complaint with your local data protection supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu.

9. Automated Decision-Making and Profiling

The Service uses automated processing (AI-powered detection) to identify potentially sensitive information in your documents. This processing:

• Operates as an assistive tool - it highlights potential matches for your review, but does not make final decisions about what to redact
• Does not produce legal effects or similarly significant effects on you as defined by UK GDPR Article 22
• Does not involve profiling that produces legal or similarly significant effects
• Relies on your manual review and confirmation before any redaction is applied

Because the AI detection functions as a recommendation tool subject to human oversight, it does not constitute automated individual decision-making or profiling under UK GDPR Article 22. You always retain full control over which items are redacted.

10. International Data Transfers

We use service providers located outside the UK/EEA. When we transfer your personal data to these providers, we ensure appropriate safeguards:

• Stripe: United States - Standard Contractual Clauses (SCCs) + supplementary measures
• Resend: United States - Standard Contractual Clauses (SCCs)
• Cloudflare: Global (including US) - Standard Contractual Clauses (SCCs); UK Addendum; EU-US Data Privacy Framework; data processed in volatile memory only

You may request a copy of the relevant SCCs by contacting us at privacy@redactproof.com.

11. Security Measures

We implement technical and organisational measures that are reasonable and appropriate to the risk to protect your data, including:

• Encryption in transit: All data transmitted between your browser and our infrastructure is protected by industry-standard TLS encryption
• Encryption at rest: Stored data (account information, billing records, verification certificates) is encrypted at rest using industry-standard encryption
• Client-side processing: Your document files are processed within your browser and are never transmitted to or stored on our servers (except for extracted text sent to Cloudflare Workers AI under Pro Detection Engine, as described in Section 2)
• Access controls: Administrative access to our infrastructure is protected by access controls and authentication measures, including multi-factor authentication where supported by the platform
• Infrastructure security: The Service runs on Cloudflare's global network, which provides DDoS protection, Web Application Firewall, and edge-level security
• Payment security: We do not store credit card numbers or payment method details. All payment processing is handled by Stripe, which is PCI DSS Level 1 certified
• Backup and non-content data: Account data, billing records, and system logs stored outside of your browser are protected by encryption and access controls consistent with the measures described above
• Incident response: We maintain procedures for identifying, assessing, and responding to security incidents affecting personal data
• Vulnerability management: We monitor for known vulnerabilities in our dependencies and infrastructure and apply patches and updates on an ongoing basis

We review our infrastructure and application security on an ongoing basis. While no system can guarantee absolute security, our client-side processing architecture significantly reduces risk by ensuring your document content does not transit or reside on our servers.

12. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the Information Commissioner's Office (ICO) and any other competent supervisory authority where applicable, without undue delay and, where required by UK GDPR Article 33, within 72 hours of becoming aware of the breach
• Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms, as required by UK GDPR Article 34
• Document all breaches, including those that do not meet the notification threshold, in an internal breach register

Notification will be sent to the email address associated with your account and will include: the nature of the breach, the categories of data affected, the likely consequences, and the measures taken or proposed to address it.

13. Cookies and Tracking

We use minimal, strictly necessary cookies:

• Authentication: Session tokens to keep you logged in
• Tier preferences: A cookie on app.redactproof.com stores your plan tier to display the correct feature set. This does not track you across websites.
• Preferences: Your settings and UI preferences

All cookies we use are strictly necessary for the Service to function. We do not use advertising cookies, analytics cookies, or third-party tracking pixels. No cookie consent banner is required because all our cookies fall under the "strictly necessary" exemption.

14. US Users

If you are a resident of California or another US state with applicable consumer privacy legislation, you may have additional rights. Please see our US Privacy Policy for state-specific rights including CCPA/CPRA.

15. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

16. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

17. Contact Us

For privacy-related questions or to exercise your data rights:

Email: privacy@redactproof.com

Data controller: RedactProof (operated by Popsall Ltd) 3rd Floor, 86-90 Paul Street, London, England, EC2A 4NE Company No. 16953262, registered in England and Wales