Privacy Policy

1. What Data We Collect

1.1 Information You Provide

• Email address - Optional for free tier, required for paid tiers and account features
• Uploaded PDF documents - Service contracts and invoices you submit for auditing
• Contact form submissions - Name, email, subject, and message when you contact support

1.2 Data We Extract from Your Documents

• Structured data extracted from your PDFs: service rates, fee names, amounts, dates
• Audit results: flags, overcharge calculations, comparison data
• This extracted data is stored separately from your original PDFs

1.3 Technical Data

• IP address (for rate limiting and fraud prevention)
• Browser type and operating system (standard server logs)
• Pages visited and time spent (aggregate analytics only, no personal tracking)

2. How We Use Your Data

• To process your audit requests and generate results
• To send audit result notifications (if email provided)
• To respond to support inquiries
• To prevent abuse and enforce rate limits
• To improve the accuracy of our extraction models (aggregate patterns only - no individual document content is used for training)

We do not use your data for advertising, marketing to third parties, or any purpose not directly related to providing the Service.

3. Data Retention

• Uploaded PDFs: Automatically deleted 30 days after upload, regardless of account status
• Extracted audit data (JSON): Retained for 1 year after your last login, then deleted
• Email addresses: Retained while your account is active; deleted within 30 days of account deletion request
• Server logs: Retained for 90 days for security purposes

4. Third Parties

We share data with the following third parties only to the extent necessary to provide the Service:

• Cloudflare - Cloud infrastructure (storage, edge computing, CDN). Documents are stored in their R2 service. See Cloudflare's privacy policy at cloudflare.com/privacypolicy.
• Anthropic - AI model provider (Claude API). Document text is sent to Anthropic's API for extraction. Anthropic's API privacy terms apply. Anthropic does not use API inputs to train their models.
• Stripe - Payment processing (paid tiers). Payment card data is never stored by us; Stripe handles all payment processing.

We do not sell, rent, or license your personal data or document data to any other party.

5. Data Security

• All data transmitted using TLS 1.3 encryption
• Document storage isolated in private, access-controlled buckets
• Access to production systems limited to essential personnel
• API keys and secrets stored in secure environment variables, not in code

6. Your Rights (CCPA / GDPR)

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Deletion: Request deletion of your account and all associated data
• Portability: Request your audit data in a machine-readable format
• Correction: Request correction of inaccurate personal data
• Opt-out: Opt out of any email communications (note: transactional emails cannot be opted out of)

To exercise any of these rights, email privacy@thedumpsterauditor.com with your request and email address. We will respond within 30 days.

California Residents (CCPA): We do not sell personal information. We do not use personal information for cross-context behavioral advertising.

7. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us for immediate deletion.

8. Changes to This Policy

We may update this Privacy Policy. Material changes will be communicated by email (if you have an account) or by posting a notice on the Service. The "last updated" date at the top reflects the most recent revision.

9. Contact

Privacy questions: privacy@thedumpsterauditor.com

General inquiries: Contact page