Privacy Policy

1. Overview

DataDistill, Inc. ("DataDistill," "we," "us," or "our") provides document intelligence infrastructure for businesses. This Privacy Policy describes how we collect, use, and share information about you when you use our website, API, or dashboard (the "Service").

This policy applies to our commercial relationship with customers. It does not govern the treatment of customer documents processed through our Service — that relationship is governed by our Terms of Service and any applicable Data Processing Agreement (DPA).

2. Information We Collect

Account Information. When you create an account, we collect your name, work email, company name, role, and billing information. For SSO-based sign-in, we also receive your identity provider's unique user identifier.

Usage Data. When you use our APIs, we log request metadata — including timestamps, endpoint, response codes, request size, IP address, and user agent — for the purposes of billing, rate limiting, abuse prevention, and service reliability. These logs are retained for up to 24 months.

Cookies & Similar Technologies. Our website and dashboard use cookies for authentication, preference storage, and performance analytics. See our Cookie Policy for details.

3. How We Use It

We use the information we collect for the following purposes:

• Service delivery. Authenticate you, process API requests, apply rate limits, deliver results, and bill you accurately.
• Service improvement. Diagnose issues, monitor performance, and improve reliability. We do not train our machine-learning models on customer document contents.
• Security & abuse prevention. Detect and prevent unauthorized access, fraud, or abuse.
• Communication. Send you service updates, security advisories, and (with consent) product announcements.
• Legal compliance. Comply with applicable law, legal process, and valid requests from public authorities.

4. Sharing & Disclosure

We do not sell your personal information. We share information only with:

• Service providers under contract (cloud hosting, payment processing, analytics, customer support), bound by confidentiality and data protection obligations.
• Legal authorities when required by law or to protect the rights, safety, or property of DataDistill or others.
• Business transfers. In the event of a merger, acquisition, or sale of assets, information may transfer to the acquiring entity subject to the terms of this policy.

5. Data Retention

We retain account information for the duration of your subscription plus 30 days. Usage logs are retained for up to 24 months. Customer document content is retained according to your project's configured retention policy (0 days to indefinite — you control this).

6. Your Rights

Depending on your jurisdiction, you may have the right to access, rectify, delete, restrict, or object to our processing of your personal information, as well as the right to data portability. To exercise these rights, email privacy@datadistill.co. We'll respond within 30 days.

7. International Transfers

DataDistill is headquartered in the United States and operates infrastructure in multiple regions. When personal information is transferred out of the EU, UK, or other regulated jurisdictions, we rely on Standard Contractual Clauses and applicable adequacy decisions. EU and UK customers may request in-region data residency on Growth and Enterprise tiers.

8. Children's Privacy

DataDistill is intended for use by businesses and their employees over the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us personal information, please contact us and we'll delete it.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by email to account administrators at least 30 days before taking effect. The "Last updated" date at the top of this policy indicates when it was most recently revised.