Your Privacy is Our Priority

We believe privacy is a fundamental right. This policy explains how we collect, use, and protect your data when you use Heracles.

Last updated: February 1, 2026

Our Privacy Commitments

No selling of data

No training on your data

Full data portability

GDPR compliant

CCPA compliant

Right to deletion

Core Principles

Privacy by Design

Data Minimization

We only collect data that is strictly necessary to provide our services. No unnecessary tracking or profiling.

Purpose Limitation

Your data is only used for the specific purposes you consented to. We never repurpose your data.

Storage Limitation

We don't keep your data longer than necessary. You control retention periods.

Data Collection

What We Collect & Why

Data Category

Description

Retention

Legal Basis

Document Processing

Temporary processing of uploaded PDFs for extraction

Deleted after 30 days or on request

Contract performance

Extracted Data

Structured financial data from your documents

Until you delete your account

Contract performance

Account Information

Email, name, and authentication data

Until account deletion

Contract performance

Usage Analytics

Anonymized platform usage patterns

24 months

Legitimate interest

Audit Logs

Security and compliance logging

7 years for compliance

Legal obligation

Document ProcessingContract performance

Temporary processing of uploaded PDFs for extraction

Retention: Deleted after 30 days or on request

Extracted DataContract performance

Structured financial data from your documents

Retention: Until you delete your account

Account InformationContract performance

Email, name, and authentication data

Retention: Until account deletion

Usage AnalyticsLegitimate interest

Anonymized platform usage patterns

Retention: 24 months

Audit LogsLegal obligation

Security and compliance logging

Retention: 7 years for compliance

Your Rights

You Control Your Data

Under GDPR, CCPA, and other privacy regulations, you have specific rights regarding your personal data.

Right to Access

Request a copy of all personal data we hold about you

Export Data

Right to Rectification

Request correction of inaccurate personal data

Update Profile

Right to Erasure

Request deletion of all your personal data

Delete Account

Right to Portability

Receive your data in a machine-readable format

Export JSON

Right to Object

Object to processing of your personal data

How We Protect Your Data

We employ industry-leading security measures to ensure your data is protected at all times.

Encryption at Rest

AES-256 encryption for all stored data

Encryption in Transit

TLS 1.3 for all network communications

Access Controls

Role-based access with MFA required

Regular Audits

SOC 2 Type II certified annually

Data Locations

Your data is processed and stored in secure data centers. You can choose your preferred data region.

United States

AWS US-East (Virginia)

Available

European Union

AWS EU-West (Ireland)

Available

Asia Pacific

AWS AP-Southeast (Singapore)

Available

We Never Train on Your Data

Unlike many AI companies, we explicitly commit to never using your documents or extracted data to train our AI models. Your data remains exclusively yours and is only used to provide you with the service.

No training on customer documents
No sharing with third parties
No cross-tenant data usage

of your data used for training

Third Parties

Who Has Access to Your Data

Cloud Infrastructure

Amazon Web Services

Secure hosting and storage

DPA in place

AI Processing

OpenAI / Anthropic

Document extraction (no retention)

DPA in place

Payment Processing

Stripe

Subscription management

DPA in place

Email Service

Sendgrid

Transactional emails only

DPA in place

Error Monitoring

Sentry

Technical debugging

DPA in place

Analytics

Internal Only

Anonymized usage metrics

Privacy Questions?

If you have any questions about this privacy policy or how we handle your data, please don't hesitate to contact us.

Email: privacy@heracles.app

DPO: dpo@heracles.app