Privacy Policy

Select a region to view the base policy combined with the regional addendum, or view standalone addendums below.

PRIVACY POLICY

Effective: December 22, 2025

[Your Company Name] ("we", "us", "our") operates [Your App Name] ("Service"), a SaaS platform for AI-powered file analysis. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Service. We comply with Brazil's LGPD, EU GDPR, California CCPA/CPRA, and other applicable data protection laws.

  1. INFORMATION WE COLLECT

1.1 Account Information
When you create an account: name, email address, billing information (processed by Stripe; we don't store card details), company name (B2B).

1.2 File-Related Information
- Files you upload for analysis
- Prompts/queries submitted with files
- Technical metadata: file size, file type, storage duration, token count/effort/time for LLM processing

1.3 Usage Statistics (Anonymized)
- App usage patterns (features used, session duration)
- System performance metrics (response times, error rates)
- Aggregated analytics via Sentry/Datadog (no file content)

1.4 Device & Network Information
- IP address, browser type, device type, operating system
- Approximate location (city level from IP)

1.5 Cookies & Tracking
See our Cookie Policy below for details.

We collect NO personal data from files unless you explicitly provide it (e.g., names in documents).

  1. HOW WE USE YOUR INFORMATION

We use your data SOLELY to:
- Provide file analysis service (process files with AI models)
- Store files temporarily for service delivery
- Generate usage statistics for service improvement
- Detect/prevent fraud, abuse, security issues
- Process payments (via Stripe)
- Communicate service updates, billing
- Comply with legal obligations

WE DO NOT:
- Use your files or data to train AI models
- Sell, rent, or share your data with third parties for marketing
- Profile individuals or make automated decisions

  1. LEGAL BASIS FOR PROCESSING (GDPR/LGPD/CCPA)

  2. Contract: Necessary to deliver file analysis service

  3. Consent: File uploads (you initiate processing)
  4. Legitimate Interests: Security, fraud prevention, service analytics (balanced via DPIA)

  5. Legal Obligation: Billing records, audit logs

  6. DATA SHARING & SUB-PROCESSORS

We share data only with trusted processors bound by Data Processing Agreements:

Processor Purpose Location Data Shared
Amazon Web Services (AWS) File storage/processing US/EU Encrypted files, metadata
Stripe Payment processing US Billing info (PCI-DSS compliant)
Sentry Error monitoring US Anonymized usage stats
Datadog Performance monitoring US Anonymized system metrics

No data shared with other third parties.

  1. DATA RETENTION
Data Type Retention Period Deletion Method
Uploaded files 30 days after deletion or account closure Cryptographic erasure
Account data Duration of account + 90 days Secure deletion
Billing records 7 years (legal requirement) Secure deletion
Usage analytics 12 months Anonymized aggregation
Audit logs 6 months Secure deletion
  1. INTERNATIONAL DATA TRANSFERS

Files may be processed in US/EU data centers. We protect transfers via:
- EU Standard Contractual Clauses (SCCs)
- Brazil LGPD adequacy measures
- Encryption in transit (TLS 1.3) and at rest (AES-256)

  1. YOUR RIGHTS (LGPD/GDPR/CCPA)

You can exercise these rights anytime:

Right How to Exercise Response Time
Access Download from Account Settings or email privacy@[domain].com 30 days
Correction Edit in Account Settings Immediate
Deletion Delete Account or email privacy@[domain].com 30 days
Portability Export from Account Settings 30 days
Objection Cookie settings or email privacy@[domain].com 30 days
Withdraw Consent Account Settings > Privacy Immediate effect

No discrimination for exercising rights.

  1. SECURITY MEASURES

  2. Files encrypted in transit (TLS 1.3) and at rest (AES-256)

  3. Access controls: role-based, multi-factor authentication
  4. Regular security audits and penetration testing

  5. Breach notification within 48 hours (LGPD/GDPR)

  6. CHILDREN'S PRIVACY

Service not directed to children under 13 (LGPD) or 16 (COPPA). We do not knowingly collect children's data.

  1. CHANGES TO THIS POLICY

We may update this policy. Material changes notified via email or app notification.

  1. CONTACT

Data Protection Officer: privacy@albedo.cloud
Brazil LGPD inquiries: dpo@albedo.cloud

Regional Addendum: US-STATES

US State Privacy Laws Addendum

Last Updated: [Date]

This addendum supplements our Privacy Policy and applies to residents of US states with comprehensive privacy laws, including but not limited to:

  • Virginia (VCDPA)
  • Colorado (CPA)
  • Connecticut (CTDPA)
  • Utah (UCPA)
  • Other applicable state privacy laws

State-Specific Rights

Depending on your state of residence, you may have the right to:

  • Access your personal information
  • Correct inaccurate personal information
  • Delete your personal information
  • Data portability
  • Opt-out of targeted advertising
  • Opt-out of the sale of personal information
  • Opt-out of profiling

Sale of Personal Information

We do not sell your personal information.

Contact Information

For state privacy law-related inquiries, please contact us.

Standalone Regional Addendums

You can also view regional addendums separately: