At Shroudly, privacy is foundational to what we build. This policy explains exactly what data we collect, why we collect it, how it's protected, and what rights you have over it. We believe you deserve clear answers, not legal obfuscation.
01
Information We Collect
Account Information:When you register, we collect your email address and a hashed version of your password. We do not store your password in plain text.
Usage Data:We collect information about how you interact with the Service, including job types submitted, processing timestamps, credit consumption, and API usage patterns.
Uploaded Content:Files and text you submit for processing are transmitted to our servers. Processed outputs are stored temporarily in Azure Blob Storage with time-limited access links. We do not permanently retain the content of your documents.
Technical Data:We collect IP addresses, browser type, device information, and session cookies necessary for authentication and security purposes.
02
How We Use Your Information
Service Delivery:To process your documents, manage your account, and provide the features of the Shroudly platform.
Security:To detect, prevent, and respond to fraud, abuse, and security threats.
Improvement:To analyze usage patterns and improve our AI models and service performance. Document content is never used to train our models without explicit consent.
Communications:To send transactional emails such as account confirmations, credit alerts, and service notifications.
03
Data Retention
Processed Files:Output files stored in Azure Blob Storage are accessible via SAS (Shared Access Signature) URLs with a defined expiry. After expiry, files are no longer accessible via the link. Underlying blobs are deleted on a rolling basis.
Account Data:Account information is retained for the duration of your account. You may request deletion of your account and associated data at any time.
Job Logs:Job metadata (module, status, timestamps, failure codes) is retained for up to 90 days for debugging and support purposes.
04
Data Sharing and Disclosure
Third-Party Processors:We use Microsoft Azure for cloud infrastructure and file storage. Your data is processed within Azure's secure environment under appropriate data processing agreements.
AI Pipeline:Document content is transmitted to our AI processing pipeline for redaction, OCR, and conversion operations. This pipeline operates under strict data isolation.
Legal Requirements:We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights or the safety of others.
No Sale of Data:We do not sell, rent, or trade your personal information to third parties for marketing purposes. Ever.
05
Cookies and Authentication
Session Cookie:We use an HttpOnly session cookie named access_token to authenticate your requests. This cookie is not accessible to JavaScript and is protected against XSS attacks.
Cookie Duration:Session cookies expire according to the configuration set during login. Logging out invalidates the session on both client and server.
No Tracking Cookies:We do not use third-party advertising or tracking cookies. We do not use Google Analytics or similar tracking services.
06
Security
Encryption in Transit:All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
Encryption at Rest:Data stored in Azure Blob Storage is encrypted at rest using AES-256.
Access Controls:Access to production systems is restricted to authorized personnel and governed by least-privilege principles.
Vulnerability Disclosure:If you discover a security vulnerability, please report it responsibly to security@shroudly.app. We commit to responding within 48 hours.
07
Your Rights
Access:You have the right to request a copy of the personal data we hold about you.
Rectification:You may request correction of inaccurate personal data.
Erasure:You may request deletion of your account and associated personal data, subject to legal retention obligations.
Portability:You may request your data in a machine-readable format.
Objection:You may object to certain processing of your personal data, including processing for direct marketing purposes.
08
Children's Privacy
Age Restriction:The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will delete such information promptly.
09
Changes to This Policy
Notification:We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on the Service. The date at the top of this policy indicates when it was last revised.
10
Contact Us
Privacy Inquiries:For questions or concerns about this Privacy Policy or your personal data, contact us at privacy@shroudly.app.
Data Protection Officer:For GDPR-related matters, you may contact our Data Protection Officer at dpo@shroudly.app. Response time: within 30 days.
Your privacy matters. Questions? Email privacy@shroudly.app