PRIVACY

Privacy Policy

How Abscode Technologies LLP collects, uses, and protects personal data across documentai.abscode.com and the Document AI APIs — for customers in the EU/UK, India, Africa, and worldwide.

Last updated: 9 June 2026 · Effective: 9 June 2026

Template notice

This document is a starting template covering GDPR / UK GDPR, India's DPDP Act 2023, and South Africa's POPIA. Items marked [PLACEHOLDER] must be completed and the whole document reviewed by qualified legal counsel before publication. Privacy contact: privacy@abscode.com.

1. Who we are

The Abscode Document AI APIs are operated by Abscode Technologies LLP ("Abscode", "we", "us"), a limited liability partnership established in India. Registered office: [PLACEHOLDER: street address], India. For privacy questions contact privacy@abscode.com.

Abscode is established in India and has no office or establishment in the EU/EEA or UK. Where we offer the service to individuals in the EEA or UK, GDPR Article 27 may still require a representative there; our representative, where appointed, is [PLACEHOLDER: EU/UK representative — or document reliance on the Article 27(2) exemption; confirm with counsel].

2. Controller and processor roles

We are a data controller for personal data relating to this website and our developer/sales relationship with you (account, billing, enquiries). We are a data processor for the documents you submit to the APIs and any personal data within them ("Customer Content"), processed only to perform the requested operation on your instructions under our Data Processing Agreement (DPA).

3. Personal data we process

  • Account & developer data — name, work email, organisation, and API keys created for your account.
  • Billing data — processed by our payment partners (Razorpay in India, Stripe globally). We do not store full card numbers.
  • Customer Content — the documents you submit for OCR, masking, extraction, or analysis. Documents are auto-purged after processing and are not used to train models.
  • Technical data — API request metadata, IP address, and logs used for security, billing, and reliability. We use only functional browser storage on the website (e.g. remembering your country); no advertising or third-party tracking cookies.

4. Purposes & legal bases (GDPR Art. 6)

  • Providing the APIs / responding to you — performance of a contract or pre-contract steps.
  • Security, fraud prevention, and service quality — our legitimate interests.
  • Marketing — your consent, withdrawable at any time.
  • Legal obligations — compliance with applicable law.

Under India's DPDP Act 2023 we process personal data for lawful purposes with notice and, where required, consent; under POPIA we rely on the corresponding lawful-processing conditions.

5. Sub-processors & sharing

We use a small number of vetted sub-processors under data-protection contracts: cloud hosting (Google Cloud — Mumbai for India, Johannesburg for Africa/ME), and payment processing (Razorpay, Stripe). A current list is at /security/. We do not sell personal data, and we do not use Customer Content to train AI models.

6. International data transfers

Our core processing takes place in India (and Africa for AF/ME customers), which the European Commission has not designated as "adequate". Where we process personal data of EEA/UK individuals we use appropriate safeguards — principally the European Commission's Standard Contractual Clauses with the UK Addendum. Regional processing means most data stays within the customer's region.

7. Retention

Submitted documents are processed transiently and purged automatically after processing. Account, billing, and log data are retained only as long as necessary for the purposes above and to meet legal obligations.

8. Your rights

Subject to applicable law you may access, rectify, erase, restrict, or object to processing, request portability, and withdraw consent. EEA/UK individuals may complain to their supervisory authority; Indian users to the Data Protection Board; South African users to the Information Regulator. Email privacy@abscode.com. For Customer Content, contact the relevant customer (the controller); we assist as processor.

9. Security

TLS 1.3 in transit, AES-256 at rest, API-key authentication, and auto-purge after processing. See Security & Compliance for detail and our breach-notification approach.

10. Cookies & local storage

The website uses strictly necessary and functional browser storage only — for example a localStorage value that remembers your selected country for pricing. No advertising or third-party analytics cookies, so no consent is legally required; we show a short notice for transparency.

11. Changes & contact

We may update this policy; material changes will be posted here with a new date. Privacy team / DPO: privacy@abscode.com · Abscode Technologies LLP, [PLACEHOLDER: address], India.