Privacy Policy

Last updated: —

[LEGAL REVIEW REQUIRED] This privacy policy describes how REKAP processes your data.

1. Data Controller

[LEGAL REVIEW REQUIRED] Data controller information to be added.

2. What Data We Collect

[LEGAL REVIEW REQUIRED] Description of collected data to be added.

Email address for authentication
Invoice documents uploaded for processing
Extraction results and metadata
Google OAuth tokens (encrypted at rest)
Usage data (page views and feature usage)

3. How We Use Your Data

[LEGAL REVIEW REQUIRED] Description of data usage to be added.

Authenticating your account
Processing and extracting invoice data
Filing documents to your Google Drive
Improving extraction accuracy

4. Subprocessors

[LEGAL REVIEW REQUIRED] List of subprocessors to be added.

Supabase (database and authentication — EU region)
Google Cloud Vision (OCR processing — EU endpoint)
Google Drive (document filing — user-controlled)
Vercel (hosting)

5. Data Retention

[LEGAL REVIEW REQUIRED] Data retention policy to be added.

Uploaded documents are deleted from temporary storage after processing
Extraction results are retained while your account is active
Google OAuth tokens are encrypted and revoked on disconnect

6. Your Rights (Art. 15–22 DSGVO)

Under the GDPR/DSGVO, you have the following rights:

Right of access (Art. 15)
Right to rectification (Art. 16)
Right to erasure (Art. 17)
Right to restriction of processing (Art. 18)
Right to data portability (Art. 20)
Right to object (Art. 21)

7. Contact

[LEGAL REVIEW REQUIRED] Contact information for data protection inquiries to be added.