Humans
ParsePop

Privacy Policy

Your privacy matters to us. Learn how we handle your data.

Privacy Policy

Last updated: April 24, 2026

We are committed to protecting your privacy. Please read this Privacy Policy carefully before using ParsePop.

1. Introduction

1.1 About This Policy

This Privacy Policy explains how ParsePop (“we”, “us”, or “our”) collects, uses, stores, and protects your personal information when you use our service at parsepop.com.

1.2 Our Commitment

We are committed to:

  • Being transparent about what data we collect and why
  • Using your data only to provide and improve the Service
  • Never selling your personal data to third parties
  • Protecting your data with appropriate security measures

1.3 Scope and Applicability

This policy applies to all users of ParsePop, including visitors, registered users, and paying customers. By using our Service, you agree to the practices described in this policy.

1.4 Roles (Data Controller vs. Processor)

For invoice files uploaded by customers, ParsePop acts as a data processor. The customer remains the data controller.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name
  • Email address
  • Profile photo (if signing in via Google)
  • Authentication provider (Google OAuth or email/password)

2.2 Invoice Files

When you upload files for extraction:

  • Uploaded invoices may contain personal data (e.g., names, tax IDs, addresses). We process such data solely to provide the Service.
  • Invoice files (PDF or images) are temporarily stored during processing.
  • Files are deleted within 24 hours of upload.
  • We do not permanently store your uploaded invoice files.

2.3 Extracted Data

The structured output from your invoices (seller info, buyer info, line items, VAT, totals, currency) is saved to your account so you can view and export it later.

2.4 Usage Data

We automatically collect:

  • Files processed and quota usage (daily/monthly)
  • Subscription tier and billing status
  • Timestamps of processing activity

2.5 Information from Third Parties

OAuth Providers:

  • Google account information (username, email, profile photo) if you use Google OAuth

Payment Processors:

  • Payment confirmation and transaction status from Polar.sh

3. How We Use Your Information

3.1 Service Delivery

  • Authenticate your identity and manage your account
  • Process your invoice files through our AI extraction engine
  • Enforce your subscription quota (daily for Free, monthly for paid plans)
  • Display your extraction history on the dashboard

3.2 Service Improvement

  • Analyze aggregated usage patterns to improve the Service
  • Diagnose and fix technical issues
  • Develop new features based on usage trends

3.3 Communications

We send transactional emails (account confirmations, subscription receipts, security alerts) and notify you of material changes to these policies.

3.4 Legal Obligations

  • Comply with applicable laws and regulations
  • Respond to lawful requests from authorities
  • Enforce our Terms of Use and protect our legal rights

3.5 Legal Basis (GDPR)

  • Contract Performance: Processing necessary to provide the Service you signed up for.
  • Legitimate Interests: Usage analytics, security monitoring, and service improvement.
  • Legal Obligation: Compliance with applicable laws.
  • Consent: Where we ask for your explicit consent.

4. How We Share Your Information

We do not sell your personal data. We share information only in the following circumstances:

4.1 Service Providers

We share data with trusted third-party providers who help us operate the Service:

Firebase Auth (Google)

Firebase Firestore (Google)

Firebase Storage (Google)

Vercel

Google Gemini API

Polar

5. How We Store Your Information

5.1 Storage Locations

  • Firebase (Google Cloud): Account data, extraction results, and temporary invoice files are stored on Google Cloud infrastructure.
  • Vercel: Request and server logs are retained by Vercel for infrastructure and security purposes.

5.2 Data Retention

    Contact us at huynhtrungduc.growth@gmail.com to request account deletion

5.3 Cross-Border Data Transfers

Your data may be processed outside of your country of residence (e.g., via Google Cloud or Vercel). For cross-border data transfers, we rely on Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs) with our service providers to ensure appropriate safeguards in accordance with applicable data protection laws.

6. AI Processing

  • 6.1 How We Use AI: Your invoice files are sent to the Google Gemini API for data extraction.
  • 6.2 No AI Training: We do not use your invoice data to train AI models. Google's API terms prohibit using API inputs for model training by default.
  • 6.3 File Handling: Invoice files are transmitted securely over HTTPS and deleted within 24 hours of upload.

7. Data Retention

7.1 Retention Schedule

  • Invoice files: Deleted within 24 hours of upload.
  • Extracted results: Retained until you delete them or close your account.
  • Account data: Retained while your account is active.
  • Usage logs: Retained for up to 12 months.

7.2 Account Deletion

When you request account deletion, your data is deleted within 30 days. Contact us at huynhtrungduc.growth@gmail.com.

8. Your Rights & Choices

8.1 GDPR Rights (EU/EEA Users)

  • Right to Access Request a copy of the personal data we hold about you.
  • Right to Rectification Request correction of inaccurate personal information.
  • Right to Erasure Request deletion of your personal information.
  • Right to Restriction Limit how we use your data or temporarily suspend processing.
  • Right to Data Portability Receive your data in a structured, machine-readable format.
  • Right to Object Object to processing based on legitimate interests or marketing.
  • Right to Withdraw Consent Withdraw consent at any time.
  • Right to Lodge a Complaint File a complaint with your local authority.

8.2 How to Exercise Your Rights

Send an email to huynhtrungduc.growth@gmail.com with the subject “Privacy Rights Request”.

9. Data Security

We implement TLS 1.3 encryption, Firebase access controls, and PCI-DSS compliant payment processing via Polar. We do not store credit card information.

Data Breaches: In the event of a data breach affecting personal data, we will notify affected users without undue delay as required by law.

10. Cookies

We use essential cookies for session management (Firebase Auth) and security. We do not use advertising or third-party tracking cookies.

11. Third-Party Links

We are not responsible for the privacy practices of third-party sites linked from ParsePop.

12. Children's Privacy

ParsePop is for users 18+ only. We do not knowingly collect data from children under 18.

13. Do Not Sell

We do not sell your personal information.

14. Changes to Policy

We may update this policy. Material changes will be notified via email or website notice.

15. Contact Us

Email: huynhtrungduc.growth@gmail.com

Summary

✅ WHAT WE COLLECT

  • Name, email, profile photo
  • Temporary invoice files
  • Extraction results

✅ HOW WE PROTECT IT

  • TLS 1.3 Encryption
  • Files deleted within 24 hours of upload
  • No AI training on your data

✅ YOUR RIGHTS

  • Access and delete data
  • Export results
  • Close account

❌ WHAT WE DON'T DO

  • NO selling your data
  • Files will be deleted within 24 hours of upload
  • NO advertising cookies