Privacy Policy - Bastian Technologies

At Bastian Technologies, we are committed to protecting your privacy and ensuring transparency about how we collect, use, and protect your personal information. This Privacy Policy explains our practices regarding data collection and usage when you use our API services.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

Name: Used for personalization and communication
Email Address: Used for account verification, billing, and service notifications
Password: Securely hashed and never stored in plain text
Payment Information: Processed securely through Stripe (we do not store full credit card numbers)

1.2 API Usage Data

When you use our API services, we automatically collect:

API Key Usage: Which API keys made requests
Request Metadata: Timestamps, endpoints accessed, response status codes
Document Information: File sizes, page counts (for billing purposes)
IP Addresses: For security monitoring and fraud prevention
Usage Statistics: Total API calls, monthly costs, billing history

✅ Important: We do NOT permanently store the content of documents you process through our API. Documents are processed transiently and deleted immediately after processing.

1.3 Technical Information

We collect technical data to improve service performance:

Browser type and version
Operating system
Device information
Referral URLs
Time zone settings

1.4 Cookies and Tracking Technologies

We use cookies and similar technologies for:

Authentication: Keeping you logged in securely
Preferences: Remembering your settings and preferences
Analytics: Understanding how users interact with our service
Security: Detecting and preventing fraudulent activity

2. How We Use Your Information

2.1 Service Delivery

Provide and maintain the API service
Process your document extraction requests
Generate and manage your API keys
Track usage for billing purposes
Send service-related notifications

2.2 Billing and Payments

Calculate monthly charges based on usage
Process payments through Stripe
Generate invoices and receipts
Manage billing disputes
Comply with tax and accounting requirements

2.3 Service Improvement

Analyze usage patterns to improve API performance
Identify and fix technical issues
Develop new features based on user needs
Optimize infrastructure and response times

2.4 Security and Fraud Prevention

Monitor for suspicious activity
Prevent unauthorized access
Detect and prevent API abuse
Comply with legal obligations

3. Data Sharing and Disclosure

3.1 Third-Party Service Providers

We share data with trusted third parties who help us operate our service:

Supabase: Database and authentication services
Stripe: Payment processing (PCI DSS compliant)
Railway: Application hosting infrastructure
Cloudflare: Content delivery and DDoS protection

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

3.2 Legal Requirements

We may disclose your information if required to:

Comply with legal obligations, court orders, or government requests
Enforce our Terms of Service
Protect our rights, property, or safety
Prevent fraud or security threats

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new owner. We will notify you before your information is transferred and becomes subject to a different privacy policy.

🔒 We Never: Sell your personal data to third parties for marketing purposes.

4. Data Retention

4.1 Account Data

We retain your account information for as long as your account is active. After account deletion:

Personal information is deleted within 30 days
Billing records are retained for 7 years (tax compliance)
Anonymized usage statistics may be retained indefinitely

4.2 Document Processing Data

Documents submitted to the API are:

Processed in memory and not written to disk
Deleted immediately after processing completes
Never permanently stored on our servers

Extracted text may be temporarily cached (up to 1 hour) for performance optimization, then automatically purged.

4.3 Logs and Analytics

Server logs and analytics data are retained for:

Request logs: 90 days
Error logs: 1 year
Aggregated analytics: Indefinitely (anonymized)

5. Data Security

We implement industry-standard security measures to protect your data:

Encryption in Transit: All data transmitted using TLS 1.3
Encryption at Rest: Database encryption for stored data
Password Security: Bcrypt hashing with salt
API Key Protection: Secure generation and storage
Access Controls: Role-based permissions and authentication
Regular Security Audits: Vulnerability scanning and penetration testing
Incident Response: 24/7 monitoring and rapid response protocols

🔐 Your Responsibility: Keep your account credentials and API keys secure. Never share them publicly or commit them to version control.

6. Your Privacy Rights

6.1 Access and Portability

You have the right to:

Request a copy of your personal data
Export your usage data in JSON format
View your billing history and transactions

6.2 Correction and Update

You can update your information at any time through:

Account Settings page
Contacting our support team

6.3 Deletion ("Right to be Forgotten")

You can request deletion of your account and personal data:

Use the "Delete Account" button in Account Settings
Email us at teamevolvit@gmail.com

Note: Some data may be retained for legal compliance (e.g., billing records for tax purposes).

6.4 Objection and Restriction

You can object to or restrict certain data processing activities by contacting us.

6.5 Withdraw Consent

You can withdraw consent for data processing at any time. This may limit your ability to use certain features.

7. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure adequate protection through:

Standard contractual clauses approved by regulatory authorities
Selecting service providers with strong privacy frameworks
Implementing technical safeguards for international transfers

8. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover we have collected data from a child, we will delete it immediately.

9. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Significant changes will be communicated via:

Email notification to your registered address
Prominent notice on our website
Updated "Last Updated" date at the top of this page

Continued use of the Service after changes constitute acceptance of the updated policy.

10. Third-Party Links

Our website may contain links to third-party sites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

11. Do Not Track Signals

Some browsers support "Do Not Track" (DNT) signals. Currently, there is no industry standard for responding to DNT signals. We do not alter our data collection practices based on DNT signals.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

Email: teamevolvit@gmail.com
Website: bastiantechnologies.com
Response Time: We aim to respond within 48 hours

13. Regulatory Compliance

We are committed to complying with applicable privacy regulations, including:

GDPR: General Data Protection Regulation (EU)
CCPA: California Consumer Privacy Act
Other: Local data protection laws where applicable

Your trust is important to us. We are committed to protecting your privacy and handling your data responsibly. If you have concerns, please don't hesitate to contact us.