Privacy Policy

Your privacy is our foundation. Learn how we handle your data with transparency and respect.

Last updated: January 2026

Privacy-First Architecture

Redactli is designed with privacy at its foundation. Your uploaded data files are processed in real-time and are never stored on our servers. This isn't just a policy—it's built into our architecture.

What We DO Store

  • Account information (email, name)
  • Usage metrics (file counts, row counts)
  • Subscription and billing status
  • Encryption keys (for reversible anonymization)
  • Authentication tokens

What We DON'T Store

  • Your uploaded files
  • The contents of your data
  • Processed/anonymized results
  • Column names or headers
  • Any personal data from your files

Information We Collect

Information You Provide

Account Information: When you create an account, we collect your email address, name, and password (stored in hashed form).

Payment Information: Payment details are collected and processed by Stripe. We do not store your full credit card number.

Communications: If you contact us for support, we retain correspondence to assist you.

Information Collected Automatically

Usage Data: We collect anonymized usage statistics including number of files processed, row counts, and feature usage.

Device Information: Browser type, operating system, and device information for compatibility and security.

Cookies: We use essential cookies for authentication and session management. See our Cookie Policy.

How We Use Your Information

We use the information we collect for:

Service Provision: To provide, maintain, and improve our anonymization service

Account Management: To create and manage your account, process payments, and communicate with you

Security: To protect against fraud, unauthorized access, and other security threats

Legal Compliance: To comply with applicable laws and regulations

Service Improvement: To analyze usage patterns (using only anonymized, aggregated data)

Data Sharing and Disclosure

We are committed to transparency about how your data is handled. Here is a complete list of parties with whom we share, transfer, or disclose data:

Google User Data (Google Sheets Add-on)

When using our Google Sheets add-on, selected spreadsheet data is:

  • Sent to: Our encryption service hosted on Google Cloud Run (datashield-crypto.run.app)
  • Purpose: Real-time AES-SIV encryption/decryption only
  • Retention: Zero - data is processed in memory and immediately returned to your spreadsheet
  • Storage: None - we do not store any spreadsheet content

We do NOT share, transfer, or disclose Google user data to:

  • Any AI service providers (OpenAI/ChatGPT, Anthropic/Claude, Microsoft Copilot, Perplexity, GitHub Copilot, or any other AI platform)
  • Any third-party analytics or advertising services
  • Any data brokers or resellers
  • Any other third parties

Service Providers We Use

  • Clerk - Authentication and user management (receives: email, name)
  • Supabase - Database and secure key storage (receives: account metadata, encryption keys)
  • Polar.sh - Payment processing (receives: billing information)
  • Google Cloud Run - Hosts our encryption API (processes: data you select for encryption, in real-time only)
  • Vercel - Hosts our web application (receives: standard web traffic logs)

Legal Disclosure

We may disclose information if required by law, court order, or government request, or to protect our rights, property, or safety.

Our Role as Data Processor

When you use Redactli to anonymize data, you (or your organization) are the Data Controller, and we act as your Data Processor. This means:

  • You determine what data to process and why
  • We process data only according to your instructions (to anonymize selected columns)
  • We implement appropriate security measures
  • We do not use your data for any purpose other than providing our service
  • We delete your data immediately after processing (real-time, no retention)

Enterprise and business customers may request a formal Data Processing Agreement (DPA). Contact us at legal@redactli.com

Your Privacy Rights

Depending on your location, you may have the following rights:

GDPR Rights (EU/UK)

  • Right of Access - Request a copy of personal data we hold about you
  • Right to Rectification - Request correction of inaccurate personal data
  • Right to Erasure - Request deletion of your personal data
  • Right to Data Portability - Request your data in a machine-readable format
  • Right to Object - Object to processing based on legitimate interests

CCPA/CPRA Rights (California)

  • Right to Know - Information about data collection and use
  • Right to Delete - Request deletion of personal information
  • Right to Opt-Out - We do not sell or share personal information
  • Right to Non-Discrimination - No discrimination for exercising your rights

Australian Privacy Act

  • Right to access your personal information
  • Right to request correction of inaccurate information
  • Right to complain to the Office of the Australian Information Commissioner (OAIC)

Exercising Your Rights: To exercise any of these rights, contact us at legal@redactli.com. We will respond within the timeframes required by applicable law.

Security Measures

Encryption

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Secure key management using Supabase Vault with HSM protection

Privacy Protections

  • No persistent storage of processing data
  • Request body logging disabled
  • Role-based access controls
  • Regular security assessments

Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, email us at legal@redactli.com

For EU/UK residents, you may also contact your local data protection authority.

For Australian residents, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

    Privacy Policy - Redactli | Redactli