Privacy Policy

This Privacy Policy applies to personal information we collect:

• through our website and online properties;
• when you sign up for, access, or use the Services;
• when you communicate with us;
• when you submit information to us in the course of receiving support, demos, onboarding, billing, or other business interactions; and
• when customer users upload, submit, or otherwise provide documents, images, text, spreadsheets, or other content to the Services.

This Privacy Policy does not apply to third-party websites, products, or services that we do not control, even if they are linked from or integrated with our Services.

2.1 Contact and Account Information

We may collect names, email addresses, phone numbers, company names, job titles, mailing addresses, usernames, and account credentials.

2.2 Billing and Transaction Information

We may collect billing addresses, subscription details, payment-related information, invoicing information, and records of purchases or transactions. Payment card information may be processed by third-party payment processors rather than stored directly by us.

2.3 Customer-Submitted Content

We may process documents, images, PDFs, spreadsheets, text, metadata, prompts, uploads, and other content submitted to the Services. This information may contain personal information, financial data, tax records, confidential information, or other sensitive information, depending on what our customers choose to submit.

2.4 Usage and Technical Information

We may collect information about how users access and use the Services, including IP address, device information, browser type, operating system, approximate location derived from IP address, access times, log data, feature usage, page views, clickstream data, error reports, and performance metrics.

2.5 Communications Information

We may collect information contained in emails, chat messages, support tickets, meeting notes, sales discussions, survey responses, and other communications with us.

2.6 Authentication and Security Information

We may collect account access history, login activity, security logs, audit records, account permissions, and related information used to secure the Services and investigate misuse or incidents.

2.7 Cookies and Similar Technologies

We may use cookies, pixels, local storage, analytics tools, and similar technologies to operate the website and Services, remember preferences, understand usage, improve performance, and support security and business operations.

We may collect personal information:

• directly from you;
• from your employer or organization if they provision access to the Services for you;
• from documents, uploads, and content submitted through the Services;
• automatically through your use of the website or Services;
• from service providers and vendors that help us operate the Services; and
• from public or business sources in connection with sales, onboarding, support, or account management.

4.1 To Provide the Services

To create and manage accounts, authenticate users, provide requested functionality, process uploaded content, perform OCR, apply automated best-efforts redaction, generate outputs, and otherwise operate the Services.

4.2 To Support and Improve the Services

To troubleshoot issues, monitor performance, develop and improve features, analyze usage trends, maintain service quality, and support product development.

4.3 To Communicate With You

To send administrative messages, onboarding materials, support communications, billing notices, service announcements, updates, and responses to inquiries.

4.4 To Maintain Security and Integrity

To detect, prevent, investigate, and respond to fraud, abuse, unauthorized access, security incidents, and other harmful, unlawful, or prohibited activity.

4.5 To Comply With Legal Obligations

To comply with applicable laws, regulations, legal process, contractual obligations, and enforcement requests.

4.6 To Protect Rights and Interests

To protect our rights, property, safety, systems, users, customers, and business operations, and those of others.

4.7 For Business Operations

To administer subscriptions, payments, renewals, account management, customer relationship management, vendor management, and general business administration.

Our Services may involve automated and software-assisted processing of uploaded content, including OCR, analysis, transformation, classification, extraction, and best-efforts redaction of sensitive information.

We use commercially reasonable, best-efforts technical measures designed to identify and redact sensitive information before certain downstream processing steps. However, automated detection and redaction technologies are inherently imperfect and may fail to identify, remove, or fully redact all sensitive information in all cases.

As a result:

• personal information, confidential information, financial information, tax information, or other sensitive data may remain partially or fully unredacted in some cases;
• users should not rely on the Services as a guaranteed or infallible method of removing all sensitive information; and
• customers are responsible for determining whether their use of the Services is appropriate under their legal, contractual, professional, and regulatory obligations.

6.1 To Service Providers and Subprocessors

We may disclose personal information to vendors, contractors, service providers, and subprocessors that help us provide, secure, support, and improve the Services. These may include hosting providers, infrastructure providers, analytics providers, communication providers, payment processors, customer support tools, and AI service providers.

6.2 To AI Subprocessors

Where applicable to the Services, we may disclose uploaded content and related personal information to AI subprocessors, including OpenAI and Anthropic, in connection with the functionality requested by our customers.

6.3 To Affiliates and Advisors

We may disclose personal information to our affiliates and professional advisors, such as lawyers, accountants, insurers, auditors, and consultants, where reasonably necessary for business operations or legal compliance.

6.4 For Legal and Protection Purposes

We may disclose personal information when we believe doing so is reasonably necessary to comply with applicable law, regulation, subpoena, court order, or legal process; respond to lawful requests from public authorities; enforce our contracts or policies; detect, prevent, or address fraud, security, or technical issues; or protect the rights, property, safety, or operations of Conselent, our customers, users, or others.

6.5 Business Transfers

We may disclose personal information in connection with a merger, acquisition, financing, diligence process, corporate reorganization, sale of assets, bankruptcy, or similar transaction.

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain security, comply with legal obligations, resolve disputes, enforce agreements, and support legitimate business operations.

Unless expressly agreed otherwise in writing, Conselent does not provide a long-term system of record for customer documents. However, we may retain limited metadata, logs, request traces, billing records, audit records, security telemetry, technical artifacts, and backup data in the ordinary course of operating the Services.

We may also retain information where required by law or where reasonably necessary for security, compliance, backup integrity, fraud prevention, billing support, or dispute resolution.

We use commercially reasonable administrative, technical, and organizational measures designed to protect personal information against unauthorized access, use, alteration, and disclosure.

However, no system, network, storage environment, transmission method, detection workflow, OCR process, or redaction process can be guaranteed fully secure, uninterrupted, error-free, or fully effective. We therefore cannot guarantee that personal information will never be accessed, disclosed, altered, or destroyed in an unauthorized manner.

We may process personal information in the United States and in other jurisdictions where we or our service providers operate. By using the Services or providing information to us, you understand that your information may be transferred to and processed in jurisdictions that may have different data protection laws than your home jurisdiction.

Where required by applicable law, we use appropriate measures intended to support lawful cross-border transfers.

Depending on your relationship with us and your location, you may have certain rights regarding your personal information, subject to applicable law. These may include the right to:

• request access to personal information;
• request correction of inaccurate personal information;
• request deletion of personal information;
• object to or restrict certain processing;
• request portability of personal information; and
• withdraw consent where processing is based on consent.

To exercise privacy rights, please contact us using the contact information below. We may need to verify your identity before responding.

If we process personal information on behalf of one of our customers, we may direct your request to that customer, because they may be the party best positioned to respond.

If you are a resident of a U.S. state with applicable privacy rights, you may have additional rights under state law, subject to exceptions and limitations. We do not sell personal information for money. We also do not share personal information for cross-context behavioral advertising in connection with our role as a service provider or processor for customer-submitted content.

If required by applicable law, you may have the right to know, access, delete, or correct certain personal information, and to appeal our decision where your request is denied.

We may use cookies and similar technologies to:

• operate and secure the website and Services;
• remember user preferences;
• understand and improve performance and usage;
• support analytics and diagnostics; and
• support communications and business operations.

You may be able to control cookies through your browser settings or device settings. Blocking some cookies may affect the functionality of the website or Services.

If we use analytics, advertising, retargeting, or similar tracking technologies that require additional disclosures or consent under applicable law, we may provide those disclosures separately through a cookie notice, banner, or consent tool.

The Services are designed for business use and are not directed to children. We do not knowingly collect personal information directly from children in a manner requiring parental consent under applicable law.

The Services may integrate with or rely on third-party tools, platforms, APIs, and vendors. Personal information processed through those integrations may also be subject to the privacy policies or terms of the relevant third parties. We are not responsible for the privacy practices of third-party services we do not control.

We may update this Privacy Policy from time to time to reflect changes in our Services, technology, legal requirements, or business practices. When we do, we will post the updated version and update the Effective Date above. If required by law, we will provide additional notice or obtain consent.

If you have questions or requests regarding this Privacy Policy or our privacy practices, you may contact us at:

Conselent Inc.

support@conselent.com