At Bastian Technologies, we are committed to protecting your privacy and ensuring transparency about how we collect, use, and protect your personal information. This Privacy Policy explains our practices regarding data collection and usage when you use our API services.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Name: Used for personalization and communication
• Email Address: Used for account verification, billing, and service notifications
• Password: Securely hashed and never stored in plain text
• Payment Information: Processed securely through Stripe (we do not store full credit card numbers)

1.2 API Usage Data

When you use our API services, we automatically collect:

• API Key Usage: Which API keys made requests
• Request Metadata: Timestamps, endpoints accessed, response status codes
• Document Information: File sizes, page counts (for billing purposes)
• IP Addresses: For security monitoring and fraud prevention
• Usage Statistics: Total API calls, monthly costs, billing history

1.3 Technical Information

We collect technical data to improve service performance:

• Browser type and version
• Operating system
• Device information
• Referral URLs
• Time zone settings

1.4 Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Authentication: Keeping you logged in securely
• Preferences: Remembering your settings and preferences
• Analytics: Understanding how users interact with our service
• Security: Detecting and preventing fraudulent activity

2. How We Use Your Information

2.1 Service Delivery

• Provide and maintain the API service
• Process your document extraction requests
• Generate and manage your API keys
• Track usage for billing purposes
• Send service-related notifications

2.2 Billing and Payments

• Calculate monthly charges based on usage
• Process payments through Stripe
• Generate invoices and receipts
• Manage billing disputes
• Comply with tax and accounting requirements

2.3 Service Improvement

• Analyze usage patterns to improve API performance
• Identify and fix technical issues
• Develop new features based on user needs
• Optimize infrastructure and response times

2.4 Security and Fraud Prevention

• Monitor for suspicious activity
• Prevent unauthorized access
• Detect and prevent API abuse
• Comply with legal obligations

3. Data Sharing and Disclosure

3.1 Third-Party Service Providers

We share data with trusted third parties who help us operate our service:

• Supabase: Database and authentication services
• Stripe: Payment processing (PCI DSS compliant)
• Railway: Application hosting infrastructure
• Cloudflare: Content delivery and DDoS protection

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

3.2 Legal Requirements

We may disclose your information if required to:

• Comply with legal obligations, court orders, or government requests
• Enforce our Terms of Service
• Protect our rights, property, or safety
• Prevent fraud or security threats

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new owner. We will notify you before your information is transferred and becomes subject to a different privacy policy.

4. Data Retention

4.1 Account Data

We retain your account information for as long as your account is active. After account deletion:

• Personal information is deleted within 30 days
• Billing records are retained for 7 years (tax compliance)
• Anonymized usage statistics may be retained indefinitely

4.2 Document Processing Data

Documents submitted to the API are:

• Processed in memory and not written to disk
• Deleted immediately after processing completes
• Never permanently stored on our servers

Extracted text may be temporarily cached (up to 1 hour) for performance optimization, then automatically purged.

4.3 Logs and Analytics

Server logs and analytics data are retained for:

• Request logs: 90 days
• Error logs: 1 year
• Aggregated analytics: Indefinitely (anonymized)

5. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted using TLS 1.3
• Encryption at Rest: Database encryption for stored data
• Password Security: Bcrypt hashing with salt
• API Key Protection: Secure generation and storage
• Access Controls: Role-based permissions and authentication
• Regular Security Audits: Vulnerability scanning and penetration testing
• Incident Response: 24/7 monitoring and rapid response protocols

6. Your Privacy Rights

6.1 Access and Portability

You have the right to:

• Request a copy of your personal data
• Export your usage data in JSON format
• View your billing history and transactions

6.2 Correction and Update

You can update your information at any time through:

• Account Settings page
• Contacting our support team

6.3 Deletion ("Right to be Forgotten")

You can request deletion of your account and personal data:

• Use the "Delete Account" button in Account Settings
• Email us at shanel.bastian4@gmail.com

Note: Some data may be retained for legal compliance (e.g., billing records for tax purposes).

6.4 Objection and Restriction

You can object to or restrict certain data processing activities by contacting us.

6.5 Withdraw Consent

You can withdraw consent for data processing at any time. This may limit your ability to use certain features.

7. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure adequate protection through:

• Standard contractual clauses approved by regulatory authorities
• Selecting service providers with strong privacy frameworks
• Implementing technical safeguards for international transfers

8. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover we have collected data from a child, we will delete it immediately.

9. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Significant changes will be communicated via:

• Email notification to your registered address
• Prominent notice on our website
• Updated "Last Updated" date at the top of this page

Continued use of the Service after changes constitute acceptance of the updated policy.

10. Third-Party Links

Our website may contain links to third-party sites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

11. Do Not Track Signals

Some browsers support "Do Not Track" (DNT) signals. Currently, there is no industry standard for responding to DNT signals. We do not alter our data collection practices based on DNT signals.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

• Email: shanel.bastian4@gmail.com
• Website: bastiantechnologies.com
• Response Time: We aim to respond within 48 hours

13. Regulatory Compliance

We are committed to complying with applicable privacy regulations, including:

• GDPR: General Data Protection Regulation (EU)
• CCPA: California Consumer Privacy Act
• Other: Local data protection laws where applicable