Privacy Policy
Showing base policy with regional addendum
PRIVACY POLICY
Effective: December 22, 2025
[Your Company Name] ("we", "us", "our") operates [Your App Name] ("Service"), a SaaS platform for AI-powered file analysis. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Service. We comply with Brazil's LGPD, EU GDPR, California CCPA/CPRA, and other applicable data protection laws.
- INFORMATION WE COLLECT
1.1 Account Information
When you create an account: name, email address, billing information (processed by Stripe; we don't store card details), company name (B2B).
1.2 File-Related Information
- Files you upload for analysis
- Prompts/queries submitted with files
- Technical metadata: file size, file type, storage duration, token count/effort/time for LLM processing
1.3 Usage Statistics (Anonymized)
- App usage patterns (features used, session duration)
- System performance metrics (response times, error rates)
- Aggregated analytics via Sentry/Datadog (no file content)
1.4 Device & Network Information
- IP address, browser type, device type, operating system
- Approximate location (city level from IP)
1.5 Cookies & Tracking
See our Cookie Policy below for details.
We collect NO personal data from files unless you explicitly provide it (e.g., names in documents).
- HOW WE USE YOUR INFORMATION
We use your data SOLELY to:
- Provide file analysis service (process files with AI models)
- Store files temporarily for service delivery
- Generate usage statistics for service improvement
- Detect/prevent fraud, abuse, security issues
- Process payments (via Stripe)
- Communicate service updates, billing
- Comply with legal obligations
WE DO NOT:
- Use your files or data to train AI models
- Sell, rent, or share your data with third parties for marketing
- Profile individuals or make automated decisions
-
LEGAL BASIS FOR PROCESSING (GDPR/LGPD/CCPA)
-
Contract: Necessary to deliver file analysis service
- Consent: File uploads (you initiate processing)
- Legitimate Interests: Security, fraud prevention, service analytics (balanced via DPIA)
-
Legal Obligation: Billing records, audit logs
-
DATA SHARING & SUB-PROCESSORS
We share data only with trusted processors bound by Data Processing Agreements:
| Processor | Purpose | Location | Data Shared |
|---|---|---|---|
| Amazon Web Services (AWS) | File storage/processing | US/EU | Encrypted files, metadata |
| Stripe | Payment processing | US | Billing info (PCI-DSS compliant) |
| Sentry | Error monitoring | US | Anonymized usage stats |
| Datadog | Performance monitoring | US | Anonymized system metrics |
No data shared with other third parties.
- DATA RETENTION
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Uploaded files | 30 days after deletion or account closure | Cryptographic erasure |
| Account data | Duration of account + 90 days | Secure deletion |
| Billing records | 7 years (legal requirement) | Secure deletion |
| Usage analytics | 12 months | Anonymized aggregation |
| Audit logs | 6 months | Secure deletion |
- INTERNATIONAL DATA TRANSFERS
Files may be processed in US/EU data centers. We protect transfers via:
- EU Standard Contractual Clauses (SCCs)
- Brazil LGPD adequacy measures
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- YOUR RIGHTS (LGPD/GDPR/CCPA)
You can exercise these rights anytime:
| Right | How to Exercise | Response Time |
|---|---|---|
| Access | Download from Account Settings or email privacy@[domain].com | 30 days |
| Correction | Edit in Account Settings | Immediate |
| Deletion | Delete Account or email privacy@[domain].com | 30 days |
| Portability | Export from Account Settings | 30 days |
| Objection | Cookie settings or email privacy@[domain].com | 30 days |
| Withdraw Consent | Account Settings > Privacy | Immediate effect |
No discrimination for exercising rights.
-
SECURITY MEASURES
-
Files encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access controls: role-based, multi-factor authentication
- Regular security audits and penetration testing
-
Breach notification within 48 hours (LGPD/GDPR)
-
CHILDREN'S PRIVACY
Service not directed to children under 13 (LGPD) or 16 (COPPA). We do not knowingly collect children's data.
- CHANGES TO THIS POLICY
We may update this policy. Material changes notified via email or app notification.
- CONTACT
Data Protection Officer: privacy@albedo.cloud
Brazil LGPD inquiries: dpo@albedo.cloud
Regional Addendum: LATAM
LATAM Addendum
Last Updated: [Date]
This addendum supplements our Privacy Policy and applies to users in Latin American countries with data protection laws.
Applicable Laws
This addendum applies to users in countries with data protection laws, including but not limited to:
- Argentina (Personal Data Protection Law)
- Chile (Law on Protection of Personal Data)
- Colombia (Statutory Law 1581)
- Mexico (Federal Law on Protection of Personal Data)
- Other applicable LATAM privacy laws
Your Rights
Depending on your country of residence, you may have rights including:
- Access to your personal data
- Rectification of inaccurate data
- Deletion of personal data
- Objection to processing
- Data portability
Contact Information
For LATAM privacy-related inquiries, please contact us.
Standalone Regional Addendums
You can also view regional addendums separately: