Privacy Policy
Last updated: March 2026
1. Who We Are
PeterParser ("we", "us", "our") operates the document parsing API and related services at peterparser.com. This policy explains what personal data we collect, how we use it, and the choices you have.
2. Why We Process Your Data
We process your personal data for the following purposes:
- Providing the service: processing necessary to provide our API services, manage your account, and process billing.
- Security and improvement: security monitoring, fraud prevention, and service improvement.
- Optional communications: email notifications (parse completion, marketing) that you opt into. You may withdraw at any time.
- Legal obligations: tax records and other obligations we are required to meet.
3. Data We Collect
- Account data: email address, name, company (optional) when you sign up via Firebase Authentication.
- API usage data: API key identifiers, request timestamps, document types, page counts, IP addresses for rate limiting and security.
- Document data: files you upload are processed transiently. We do not store your documents after processing unless caching is enabled (configurable TTL, max 7 days). Cached data is automatically purged.
- Payment data: handled exclusively by Stripe. We never see or store full card numbers. We store only the Stripe customer ID and last-4 card digits for display.
- Technical data: browser type, OS, referring URL — collected only for security and not shared with third parties.
4. How We Use Your Data
- Provide and operate our document parsing services.
- Bill for usage, process payments, and prevent abuse.
- Send transactional emails (welcome, parse completion) — only when you opt in.
- Enforce rate limits and detect fraudulent activity.
- Comply with legal obligations.
We do not sell, rent, or trade your personal data. We do not use your data for profiling, automated decision-making, or advertising.
5. Regional Processing
We operate in two regions: US (Iowa, us-central1) and EU (Frankfurt, Germany, europe-west3). Your API key is assigned to a region, and all data processing for that key occurs within the corresponding region's data centers.
6. Data Retention
- Documents: deleted immediately after processing (or after cache TTL expires, max 7 days).
- Account data: retained while your account is active. Permanently deleted upon account deletion.
- Transaction records: retained for 7 years for tax and accounting purposes, then deleted.
- API access logs: retained for 90 days for security and debugging, then purged.
- Webhook logs: auto-deleted after 72 hours.
7. Your Choices
You can:
- Access your data: view your account information and usage from your dashboard.
- Correct your data: update inaccurate account details.
- Delete your data: delete your account from your dashboard Settings tab — the process is immediate and irreversible.
- Export your data: request a machine-readable copy of your data.
- Withdraw consent: opt out of optional communications at any time.
To exercise any of these, use the self-service tools in your dashboard or email privacy@peterparser.com. We aim to respond within 30 days.
8. Sub-processors
We use the following sub-processors, each bound by a data processing agreement:
| Sub-processor | Purpose | Location |
|---|---|---|
| Google Cloud Platform | Infrastructure, AI document processing | US (Iowa) / EU (Frankfurt, DE) |
| MongoDB Atlas | Database | US / EU (Frankfurt, DE) |
| Redis Cloud | Caching, job queue | US / EU |
| Stripe | Payment processing | US |
| Firebase | Authentication, frontend hosting | US |
| Cloudflare | DNS, CDN, DDoS protection | Global (edge) |
| AWS SES | Transactional email delivery | US |
9. Security Measures
We implement appropriate technical and organizational measures:
- All data encrypted in transit (TLS 1.3) and at rest (AES-256).
- API keys use cryptographically secure random generation (32-byte entropy).
- Webhook payloads signed with HMAC-SHA256.
- Role-based access control (RBAC) with Firebase Auth + superAdmin flag.
- Rate limiting and IP-based abuse detection.
- Regular security audits and dependency scanning.
- Infrastructure hardened with VPC isolation and firewall rules.
10. Cookies
We use only strictly necessary cookies for authentication (Firebase session). We do not use tracking cookies, third-party analytics, or advertising pixels.
11. Children's Privacy
Our Service is not directed at individuals under 16. We do not knowingly collect data from minors. If you believe a child has provided personal data, contact us and we will delete it.
12. Data Breach Notification
In the event of a personal data breach, we will notify affected individuals and any relevant authorities promptly where the breach poses a risk to your rights or data.
13. Changes to This Policy
We may update this policy with 30 days notice via email or dashboard notification. The "last updated" date at the top reflects the latest revision.
14. Contact
Privacy inquiries: privacy@peterparser.com
General inquiries: support@peterparser.com