GDPR Compliance & Privacy Policy

Last updated: March 13, 2026

1. Introduction

Scriptris ("we", "us", or "our") is committed to protecting your personal data and respecting your privacy rights. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

Scriptris is the data controller responsible for your personal data. We are responsible for ensuring that your data is processed lawfully, fairly, and transparently.

3. Information We Collect

3.1 Personal Information

  • Email address (used for account creation and communication)
  • Account credentials (encrypted passwords)
  • Profile information (username, preferences)
  • Payment information (processed securely through third-party providers)

3.2 Document and Content Data

  • PDF documents you upload to our platform
  • Chat messages and interactions with our AI system
  • Document summaries and AI-generated reports
  • Metadata associated with your documents (upload date, file size, etc.)

3.3 Usage and Technical Data

  • IP address and device information
  • Browser type and version
  • Usage patterns and feature interactions
  • Session data and authentication tokens
  • Error logs and performance metrics

4. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract Performance: To provide the services you've requested and fulfill our contractual obligations
  • Legitimate Interests: To improve our services, prevent fraud, and ensure platform security
  • Consent: For marketing communications and optional features (you can withdraw consent at any time)
  • Legal Obligation: To comply with applicable laws and regulations

5. How We Use Your Data

We use your personal data for the following purposes:

  • To create and manage your account
  • To provide document management and AI analysis services
  • To process payments and manage your coin balance
  • To communicate with you about your account and our services
  • To improve our AI models and service quality
  • To detect and prevent fraud, abuse, and security incidents
  • To comply with legal obligations and enforce our terms
  • To send you updates and marketing communications (with your consent)

6. AI Processing and Third-Party Services

Scriptris uses third-party AI services to process and analyze your documents. Your document content may be sent to:

  • AI model providers for text analysis and generation
  • Vector database services for semantic search capabilities
  • Cloud storage providers for document storage

We do not use your uploaded documents to train our AI models. Documents you upload are treated as private and are used only to provide the requested features (for example: analysis, summarization, or search). See the Data Retention section below for how long documents are kept.

We ensure that all third-party processors comply with GDPR requirements through appropriate data processing agreements and security measures.

7. Data Storage and Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption of data in transit (HTTPS/TLS) and at rest
  • Secure authentication mechanisms (password hashing, session tokens)
  • Regular security audits and vulnerability assessments
  • Access controls and principle of least privilege
  • CSRF protection and secure API endpoints
  • Regular backups and disaster recovery procedures

Your data is stored in secure data centers within the EU/EEA region or with adequate data protection safeguards in place.

8. Data Retention

We retain your personal data for as long as necessary to:

  • Provide our services to you
  • Comply with legal, accounting, or reporting obligations
  • Resolve disputes and enforce our agreements

Specific retention periods:

  • Account data: Retained while your account is active, plus 90 days after deletion
  • Documents: PDF files you upload are retained for up to 30 days from the date of upload and are then permanently deleted from our storage systems. While your account is active you can also delete documents earlier; deleted documents are removed and will not be used further.
  • Chat history: Retained for the duration of your account
  • Transaction records: Retained for 7 years for accounting purposes
  • Logs and analytics: Retained for up to 24 months

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right to Access

Request a copy of the personal data we hold about you

Right to Rectification

Request correction of inaccurate or incomplete data

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data in certain circumstances

Right to Restriction of Processing

Request limitation of how we use your data

Right to Data Portability

Receive your data in a structured, machine-readable format

Right to Object

Object to processing based on legitimate interests or for marketing purposes

Right to Withdraw Consent

Withdraw consent for processing where consent is the legal basis

Right to Lodge a Complaint

File a complaint with your local data protection authority

To exercise any of these rights, please contact us through our support page. We will respond to your request within 30 days.

10. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Essential cookies: Authentication, session management, CSRF protection
  • Functional cookies: Remember your preferences and settings
  • Analytics cookies: Understand how you use our service (with your consent)

Google Analytics (optional): If you click "Accept" on our cookie banner, we may load Google Analytics to collect aggregated usage information (for example: pages viewed, approximate location based on IP, device/browser information, and interaction events). If you click "Refuse", we do not load Google Analytics.

Consent cookie: We store your choice in a cookie named cookie_consent with a value of accepted or declined so that we can remember your preference for up to 12 months.

You can control cookie preferences through your browser settings. Note that disabling essential cookies may affect service functionality.

11. Cloudflare

To ensure website security and performance, we use the following services:

Cloudflare, Inc.

Purpose: CDN, DDoS protection, performance optimization

Data processed: IP address, user agent, technical cookies

Location: USA (with Standard Contractual Clauses)

Retention: Approximately 30 days

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) - website security and functionality

Privacy Policy: https://www.cloudflare.com/privacypolicy/

When you visit our website, your IP address and browser information are automatically processed through Cloudflare's infrastructure to protect against attacks and ensure the website functions properly.

12. International Data Transfers

If we transfer your data outside the EU/EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection standards
  • Binding Corporate Rules for intra-group transfers

13. Children's Privacy

Scriptris is not intended for children under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information.

14. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the appropriate supervisory authority within 72 hours and inform affected users without undue delay, in accordance with GDPR requirements.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by email or through a notice on our platform. The "Last updated" date at the top of this policy indicates when it was last revised.

16. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your GDPR rights, please contact us through our support page.

For data protection inquiries, you can reach our Data Protection Officer (DPO) at:

[email protected]