Privacy Policy

1. Who we are

KnowUrPolicy is an AI-powered document comprehension service operated from India. Throughout this policy "we", "us", and "KnowUrPolicy" refer to KnowUrPolicy. For correspondence, use the contact page.

2. What we collect about your documents

Your uploaded PDF is never stored. When you upload a document we:

• Transmit the file over HTTPS to our server
• Extract the text and send it to our AI analysis provider (Anthropic)
• Return the structured analysis to your browser
• Immediately discard the file and extracted text from server memory

Neither the uploaded file nor the extracted text is written to any database, log, backup, or training dataset. Follow-up questions you ask about a document are answered using the document text that was returned to your browser — the text is sent back with each question and discarded again once we reply. Anthropic processes the text under their zero-retention API policy for document analysis.

3. What we do collect

• Email address, which you provide before each analysis. We use it to (a) enforce the one-free-analysis-per-email fair-use limit, (b) associate paid credits with your account, and (c) attach downloadable PDFs to your purchase record.
• Google account profile (name, email, profile photo) if you sign in with Google to download an analysis as a PDF. We receive this from Google via Supabase Auth and use it only to identify your account.
• Usage counts — how many analyses you have run and how many paid credits remain. We store the count, not the documents.
• Payment records — order ID, amount, currency, country, and payment status returned by Razorpay. We never see or store your card details, UPI ID, bank credentials, or any other payment instrument data. All payment processing is performed by Razorpay under their privacy policy.
• Approximate location — country-level only, derived from your IP address at the edge by our hosting provider (Vercel). Used to show the right currency and price at checkout. We do not store IP addresses.
• Analytics — anonymised page view data via Google Analytics 4 with IP anonymisation enabled. Used to understand which pages are working. No personally identifiable information.

4. What we never do

• We never sell your data to third parties.
• We never use your documents (or any data derived from them) to train AI models — ours or anyone else's.
• We never share your email or account data outside of the essential service providers listed in Section 8.
• We never read, archive, or back up your uploaded documents.
• We never store your card or UPI details — Razorpay handles all payments.

5. Your rights

Depending on where you live, you have rights over the personal data we hold about you. Indian users have rights under the Digital Personal Data Protection Act, 2023 (DPDP Act). EU/UK users have GDPR rights. California users have CCPA rights.

• Right of access — request a copy of the data we hold (typically: your email, sign-in details, usage count, and payment history).
• Right of erasure — request deletion of your data. We'll delete your email, usage history, and Google account link on request. Payment records are retained only as required by applicable tax / accounting law.
• Right to rectification — correct inaccurate data.
• Right to portability — receive your data in a machine-readable format.
• Right to object / withdraw consent — opt out of processing for legitimate-interest grounds.

To exercise any of these rights, email us via the contact page with the subject "Data request". We respond within 30 days.

6. Cookies and tracking

We use a single first-party analytics cookie (Google Analytics 4) with IP anonymisation enabled, and authentication cookies set by Supabase when you sign in with Google. We do not use advertising cookies or third-party trackers. We do not sell your information for advertising purposes.

7. Data retention

• Uploaded documents: zero retention. Discarded immediately after analysis.
• Analysis results: zero retention server-side. Held only in your browser session (and in your downloaded PDF, if you chose to download one).
• Email + Google sign-in: retained while you have an active account, or until you request deletion.
• Usage counts: retained while your account is active; aggregated anonymously for capacity planning after deletion.
• Payment records: retained for the period required by Indian tax and accounting law (currently 8 years for GST / Income Tax records).

8. Service providers we use

We share the minimum necessary data with the following processors:

• Anthropic (AI analysis) — the extracted document text, processed under zero-retention terms.
• LlamaParse / LlamaIndex (PDF text extraction) — the uploaded PDF file, processed and discarded.
• Razorpay (payments) — your email, payment amount, and order metadata. Razorpay collects card / UPI details directly from you in its hosted checkout; we never see them.
• Supabase (account database and Google sign-in) — your email, Google account ID, profile metadata, usage count, and payment record.
• Google (sign-in only) — your Google profile data is shared with us when you choose to sign in with Google.
• Vercel (hosting) — operational data needed to serve the site (request metadata, no document content).
• Google Analytics 4 (analytics) — anonymised page views.

9. International transfers

KnowUrPolicy is operated from India. Our infrastructure providers (Vercel, Supabase, Anthropic, LlamaParse, Google) may process data in the United States, the European Union, or other regions. For EU/UK users, we rely on standard contractual clauses and the EU-US Data Privacy Framework for these transfers. Because documents are not stored, the practical residency exposure is limited to the brief processing window (~30 seconds).

10. Children

KnowUrPolicy is not directed at children under 16 (or 18 where local law requires a higher minimum age). We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

11. Security

All traffic is served over HTTPS / TLS 1.2+. Document processing happens entirely in memory and is discarded after each request. Payment processing is handled by Razorpay, which is PCI-DSS Level 1 certified. Account credentials are managed by Supabase Auth — we never see or store your Google password.

12. Changes to this policy

If we change how we handle data we will update this page and bump the "Last updated" date at the top. Material changes will be notified via email to active account holders.

13. Contact

For any privacy question or data request, use the contact page.