Privacy Policy

1. Introduction

Gemina Tech Ltd. ("Gemina," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our document processing services and visit our website.

By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Data Controller

The data controller responsible for your personal data is:

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

• Name and email address
• Company name (if applicable)
• Billing information and payment details
• Account credentials

3.2 Documents You Submit

When you use our document processing services, you upload documents for data extraction. These documents may contain personal data belonging to you or third parties. You are responsible for ensuring you have the right to process any personal data contained in documents you submit.

3.3 Usage Data

We automatically collect certain information when you use our services:

• API call logs and timestamps
• Processing metadata (document types, extraction results)
• IP addresses and device information
• Browser type and version

3.4 Cookies and Tracking

We use cookies and similar technologies to maintain your session, remember your preferences, and analyze usage patterns. See Section 12 for more details.

4. How We Use Your Information

We use the information we collect to:

• Provide our services: Process your documents, extract data, and deliver results through our API
• Maintain your account: Authenticate users, manage subscriptions, and process payments
• Improve our services: Analyze usage patterns and system performance to enhance reliability and features
• Communicate with you: Send service updates, security alerts, and respond to support requests
• Ensure security: Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations: Meet applicable legal and regulatory requirements

5. No Training on Your Data

We do not use your documents or extracted data to train our AI models. Your proprietary information remains completely private and confidential. The documents you process are used solely to provide you with the extraction results you requested.

This commitment is fundamental to our privacy-first architecture and applies to all customers regardless of plan type.

6. Data Retention

We believe you should control how long your data is stored. Our retention practices include:

6.1 Document Data

• Configurable retention periods: You set your preferred retention period through the admin dashboard
• Built-in purge dates: Every document has an automatic purge date based on your settings
• Complete deletion: When data expires, it is permanently deleted - nothing is kept
• Proactive deletion: Delete any document instantly via our API or admin console at any time

6.2 Account Data

Account information is retained for as long as your account is active. Upon account closure, we delete your data within 30 days, except where retention is required by law.

6.3 Usage Logs

API logs and usage data are retained for up to 90 days for operational purposes, after which they are automatically purged.

7. Data Residency

You choose the country where your data is stored. We offer data residency options to help you meet local regulatory requirements. Your data storage location is configured through your admin dashboard and remains consistent unless you choose to change it.

Note that while data storage occurs in your selected region, some processing may occur in other locations as part of our distributed infrastructure.

8. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process personal data under the following legal bases:

• Contract performance: Processing necessary to provide our services as agreed in our terms of service
• Legitimate interests: Processing for service improvement, security, and fraud prevention where these interests do not override your rights
• Legal obligations: Processing required to comply with applicable laws
• Consent: Where you have given explicit consent for specific processing activities

9. Data Security

We implement comprehensive security measures to protect your data:

• Encryption at rest: All stored data is encrypted using AES-256 encryption
• Encryption in transit: All data transmission uses TLS 1.3 encryption
• Access controls: Role-based access with multi-factor authentication
• Audit logging: Comprehensive logs of all data access and system activities
• Regular security assessments: Ongoing vulnerability testing and security reviews
• Incident response: Documented procedures for identifying and responding to security incidents

10. Third-Party Service Providers

We work with carefully selected third-party service providers who process data on our behalf. These providers are contractually obligated to:

• Process data only according to our instructions
• Maintain appropriate security measures
• Not use data for their own purposes
• Delete data upon termination of services

Our service providers include cloud infrastructure providers, payment processors, and customer support tools. We do not sell your personal data to third parties.

11. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate personal data
• Right to erasure: Request deletion of your personal data
• Right to restriction: Request limitation of processing of your personal data
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at privacy@gemina.co. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection supervisory authority.

12. Your Rights Under CCPA

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to know: Request disclosure of the categories and specific pieces of personal information we have collected
• Right to delete: Request deletion of your personal information
• Right to opt-out: Opt out of the sale of personal information (note: we do not sell personal information)
• Right to non-discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at privacy@gemina.co or use the deletion controls in your admin dashboard.

13. Cookies

We use cookies and similar technologies for the following purposes:

• Essential cookies: Required for the website and services to function properly
• Preference cookies: Remember your settings and preferences
• Analytics cookies: Help us understand how visitors interact with our website

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our services.

14. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Standard contractual clauses approved by relevant authorities
• Data processing agreements with all service providers
• Assessment of the legal framework in destination countries

15. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@gemina.co.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by:

• Posting the updated policy on our website with a new "Last updated" date
• Sending an email notification to account holders for significant changes

We encourage you to review this policy periodically.

17. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

For data protection inquiries, you may also contact our Data Protection team directly at dpo@gemina.co.