Privacy Policy

1. Introduction

ProcessMyDocs, operated by NovaVantix, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered document processing platform.

By using ProcessMyDocs, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you register for ProcessMyDocs, we collect:

• Email Address: Used for account identification, login, and communication
• Password: Stored as a cryptographic hash using bcrypt (we never store plain-text passwords)
• Name: Optional display name for personalization
• Account Creation Date: Timestamp of registration

2.2 Document Data

When you upload documents to our platform, we collect and store:

• Uploaded Files: Your documents (PDF, Word, Excel, CSV, text files) stored securely in Supabase Storage with encryption at rest
• File Metadata: Filename, file size, MIME type, upload timestamp
• Extracted Entities: Data extracted from your documents by our AI models (companies, dates, amounts, people, etc.)
• Processing Status: Document processing state, completion timestamps, error logs
• Extracted Text: OCR results from scanned documents
• Quality Metrics: Validation scores and quality assessments generated by our AI
• User Edits: Modifications you make to extracted entities

2.3 Chat History

When you use our AI chat feature, we store:

• Chat Messages: Your questions and AI responses
• Chat Sessions: Organized conversation threads
• Document Context: Links between chat messages and specific documents
• Timestamps: When messages were sent and received

2.4 Usage Data

To manage your subscription limits and improve our service, we track:

• Document Count: Number of documents processed in your current billing period
• Chat Query Count: Number of AI chat queries used
• Feature Usage: Which features you access (exports, analytics, validation, etc.)
• Login Activity: Authentication timestamps and session duration

2.5 Payment Information

For subscription management, we collect:

• Subscription Plan: Your selected plan (Go, Plus, or Pro)
• Billing Dates: Subscription start date, next billing date, billing period length
• Payoneer Customer ID: Your unique identifier in Payoneer's payment system
• Payoneer Subscription ID: Reference to your subscription in Payoneer
• Payment Status: Active, cancelled, or expired status
• Cancellation Date: If applicable, when you cancelled your subscription

Important: We do NOT store credit card numbers, CVV codes, or full payment details. All payment processing is handled securely by Payoneer, our payment processor.

2.6 Technical Data

To maintain security and service functionality, we collect:

• IP Addresses: For authentication rate limiting and fraud prevention
• Session Tokens: Secure authentication cookies managed by NextAuth.js
• Browser Information: User agent string for compatibility
• Device Information: Device type (desktop/mobile) for responsive design
• Error Logs: Technical errors for debugging and service improvement

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Delivery

• Process and analyze your documents using AI/ML models
• Extract entities and structured data from documents
• Generate quality assessments and validation reports
• Provide AI-powered chat capabilities
• Enable data export in multiple formats
• Display analytics and insights about your documents

3.2 Account Management

• Authenticate your identity and maintain secure sessions
• Manage your subscription and billing
• Track usage against plan limits
• Send payment reminders 7 days before billing date
• Process account cancellations and renewals

3.3 Communication

• Send transactional emails (account verification, password resets, payment reminders)
• Provide customer support and respond to inquiries
• Notify you of service updates, new features, or policy changes

3.4 Security and Fraud Prevention

• Detect and prevent fraudulent activity
• Enforce rate limits to prevent abuse
• Monitor for suspicious account behavior
• Comply with legal obligations and law enforcement requests

3.5 Service Improvement

• Analyze usage patterns to improve features and performance
• Debug technical issues and optimize processing speed
• Understand which features are most valuable to users

We do NOT:

• Use your documents to train our AI models
• Share your content with third parties for their marketing
• Sell your personal information or data
• Send marketing emails without your consent

4. Third-Party Services

ProcessMyDocs integrates with the following third-party services to provide functionality:

These third-party services have their own privacy policies and data practices. We carefully select partners who maintain high security and privacy standards, but we are not responsible for their practices. We recommend reviewing their privacy policies.

5. Data Storage and Security

5.1 Storage Location

All data is stored in Supabase cloud infrastructure, which uses enterprise-grade security measures:

• Encryption at Rest: All documents and data are encrypted when stored
• Encryption in Transit: All connections use TLS/SSL encryption
• Access Controls: Row-level security policies ensure users can only access their own data
• Signed URLs: Document access uses time-limited, cryptographically signed URLs

5.2 Security Measures

• Password Security: Passwords are hashed using bcrypt with salt
• Session Management: Secure JWT tokens with configurable expiration
• Rate Limiting: Maximum 5 login attempts per 15 minutes per email
• Authentication: Secure authentication provided by NextAuth.js
• Infrastructure Security: Regular security updates and monitoring

5.3 Data Retention

We retain your data according to the following schedule:

• Active Accounts: Data is retained indefinitely while your subscription is active
• Expired Accounts: Data is retained for 30 days after subscription expiration
• After 30 Days: All documents and data may be permanently deleted
• Backup Retention: Encrypted backups may be retained for up to 90 days for disaster recovery
• Legal Requirements: We may retain data longer if required by law or legal proceedings

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We only share data in the following limited circumstances:

6.1 Service Providers

We share data with third-party service providers (Supabase, OpenRouter, Payoneer) only as necessary to operate the Service, as described in Section 4.

6.2 Legal Requirements

We may disclose your information if required by law, such as:

• In response to valid subpoenas, court orders, or legal processes
• To comply with legal obligations or regulations
• To protect our rights, property, or safety, or that of our users or the public
• To detect, prevent, or address fraud, security, or technical issues

6.3 Business Transfers

If NovaVantix is acquired, merged, or undergoes a business restructuring, your information may be transferred to the successor entity. We will notify you before your information is transferred and becomes subject to a different privacy policy.

6.4 With Your Consent

We may share your information with other parties if you provide explicit consent.

7. Your Privacy Rights

7.1 Access and Portability

You have the right to:

• Access and download all your documents and extracted data through the platform
• Export your data in machine-readable formats (Excel, CSV, JSON)
• Request a complete copy of your personal data we hold

7.2 Correction and Update

You can:

• Update your account information in Settings
• Edit extracted entities directly in the platform
• Correct inaccurate personal information

7.3 Deletion

You have the right to:

• Delete individual documents at any time
• Request complete account deletion (contact support)
• Have all your data permanently removed from our systems

Note: Account deletion is permanent and cannot be undone. Some information may be retained in backups for up to 90 days or longer if required by law.

7.4 Opt-Out

You can opt out of:

• Marketing communications (if any) via unsubscribe links
• Non-essential cookies (though we only use essential cookies)

8. International Data Transfers

ProcessMyDocs is operated globally, and your data may be transferred to, stored, and processed in countries other than your own. These countries may have different data protection laws than your jurisdiction.

By using ProcessMyDocs, you consent to the transfer of your information to other countries. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

9. GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Legal Basis: We process your data based on consent, contract performance, and legitimate interests
• Right to Object: You can object to certain processing activities
• Right to Restriction: You can request we limit how we use your data
• Right to Lodge a Complaint: You can file a complaint with your local data protection authority
• Data Protection Officer: Contact us for DPO information

10. CCPA Compliance (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request disclosure of the personal information we collect
• Right to Delete: You can request deletion of your personal information
• Right to Opt-Out: You can opt-out of the "sale" of personal information (we don't sell data)
• Non-Discrimination: We will not discriminate against you for exercising your rights

11. Children's Privacy

ProcessMyDocs is not intended for users under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Updating the "Last Updated" date at the top of this page
• Sending an email notification to your registered email address
• Displaying an in-app notification

Your continued use of ProcessMyDocs after changes take effect constitutes acceptance of the updated policy. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us: