Who We Are
Datafyle (“we”, “our”, “us”) operates the AI document processing platform at datafyle.com. We are committed to protecting the personal data of our users. This Privacy Policy explains what information we collect, how we use it, and your rights.
Information We Collect
We collect the following categories of data:
- Account data: Name, email address, and authentication credentials provided when you sign up via Clerk.
- Document data: Files you upload for processing (invoices, receipts, statements). Stored on Cloudflare R2 infrastructure.
- Extracted data: Structured data extracted by AI from your documents — vendor names, amounts, dates, line items.
- Billing data: Subscription and payment information processed by Paddle. We do not store credit card numbers.
- Usage data: Number of documents processed, feature usage, and error logs for platform improvement.
- Technical data: IP addresses, browser type, device identifiers, and request logs for security and rate limiting.
How We Use Your Data
- To provide the document processing service you subscribed to.
- To improve AI extraction accuracy using aggregated, anonymised patterns — never individual document content.
- To send transactional emails (account creation, payment confirmations, anomaly alerts).
- To enforce usage limits and subscription plans.
- To comply with legal obligations and prevent fraudulent activity.
🔒 We never sell your data. Your documents are never used to train AI models. Your data is never shared with third parties except as described below.
Third-Party Services
We use the following trusted third-party services to operate the platform:
Clerk
Authentication and user identity management
Cloudflare R2
Encrypted file storage for uploaded documents
Supabase (PostgreSQL)
Relational database for extracted data and user records
Anthropic Claude
AI model used to extract structured data from documents
Google Cloud Vision
OCR processing for image-based documents
Paddle
Payment processing and subscription management
Resend
Transactional email delivery
Data Security
All data is encrypted in transit using TLS 1.2+. Documents are encrypted at rest on Cloudflare R2. Database connections use SSL. We apply rate limiting and authentication to all API endpoints. Employees do not have routine access to customer documents.
Data Retention
- Documents and extracted data are retained for the duration of your account.
- You can delete individual documents at any time from your dashboard.
- On account deletion, all your data is permanently deleted within 30 days.
- Billing records are retained for 7 years as required by tax law.
Your Rights (GDPR / UK GDPR)
You have the following rights regarding your personal data:
Access
Request a copy of all personal data we hold about you
Rectification
Correct any inaccurate personal data
Erasure
Request deletion of your data ("right to be forgotten")
Portability
Export your data in a machine-readable format
Objection
Object to processing for direct marketing purposes
Restriction
Request we restrict processing in certain circumstances
To exercise any of these rights, email privacy@datafyle.com.
Cookies
We use only essential cookies required for authentication (set by Clerk) and session management. We do not use advertising cookies or third-party tracking pixels.
Changes to This Policy
We may update this policy periodically. Material changes will be notified via email to registered users at least 14 days before taking effect. Continued use of Datafyle after the effective date constitutes acceptance of the updated policy.
Contact Us
For privacy questions or to exercise your rights:
privacy@datafyle.com