Privacy Policy

Overview

RedactOffline is built on a single architectural principle: your documents never leave your device. All PDF rendering, text detection, OCR, and redaction happen entirely inside your browser using WebAssembly. We are technically incapable of receiving, storing, or accessing the files you redact.

This policy describes the limited data we do collect (account information, payment data, and anonymous usage analytics) and how we handle it.

Document Data

We do not collect, transmit, or store any document you process with RedactOffline. Zero bytes of your file content are sent to our servers at any point — before, during, or after redaction.

All processing is performed client-side via your browser's JavaScript engine and WebAssembly runtime. This is not a policy promise; it is an architectural constraint. There is no server endpoint that receives document data.

Account & Payment Data

If you create an account, we collect your email address to identify your account and send transactional emails (e.g. receipts, password resets). We do not sell or share your email address with third parties for marketing purposes.

Payments are processed by Stripe. RedactOffline never receives or stores your full card number, CVV, or banking details. Stripe's privacy policy governs how payment data is handled on their side.

We store the following account-level data: email address, subscription tier, subscription status, and timestamps of account creation and last login.

Usage Analytics

We collect anonymous, aggregated usage data to understand how the product is used and improve it. This includes page views, feature interactions (e.g. number of redactions applied, export format chosen), and performance metrics (e.g. page load time).

This data is not tied to your identity and cannot be used to reconstruct your documents or redaction patterns. We do not use third-party advertising trackers.

We use cookies strictly for session management (keeping you logged in) and remembering your theme preference (light/dark mode). We do not use tracking or advertising cookies.

Data Retention

Account data is retained for as long as your account is active. If you delete your account, your email address and subscription history are permanently deleted within 30 days.

Anonymous analytics data is retained in aggregated form with no expiry, as it contains no personally identifiable information.

Your Rights

Depending on your jurisdiction, you may have rights under GDPR, CCPA, or other privacy regulations, including the right to access, correct, or delete your personal data.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We do not require you to prove identity beyond confirming the email address associated with your account.

Third-Party Services

We use a small number of third-party services to operate the product: Stripe (payment processing), Vercel (hosting), and an analytics provider for anonymous usage data. Each of these providers has their own privacy policy governing data they collect as part of their service.

We do not sell personal data to any third party.

Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify registered users by email at least 14 days before the change takes effect. The current version and its effective date are always available at this URL.

Continued use of the service after the effective date of a revised policy constitutes acceptance of the new terms.

Contact

For privacy-related questions or requests, email us at [email protected]. For general support, use [email protected].