Privacy Policy
1. Controller and Scope
1.1. This Privacy Policy explains how Redacto handles personal data when a user visits the website, purchases a license, receives a license key, requests a sandbox API key, activates the extension, validates a license, or contacts support.
1.2. The controller is the Redacto licensor identified in Section 12 of the Russian license offer for individuals. Contact details for privacy requests are listed in the same section.
1.3. This Policy covers both the public landing page and the Chrome browser extension.
2. Summary
- User text and files in the extension: processed locally in the browser and not sent to Redacto servers.
- Purchase email: used for payment processing, receipt delivery, license key delivery, and license-related service messages.
- Sandbox API email: used to issue a test API key, verify the email address, and send sandbox-related technical notices.
- Sandbox API: intended only for synthetic data; real personal data, real documents, real JWTs, and real dictionaries are prohibited.
- Payments: processed through YooKassa; Redacto does not receive or store bank card details.
- Marketing: sent only with a separate opt-in consent and stopped after unsubscribe or consent withdrawal.
- Licensing: the extension sends only license activation and validation data to the server, not user text, files, or masking dictionaries.
3. Data We Process
3.1. During license purchase and payment, Redacto processes the user's email address, local order data, YooKassa payment identifiers, payment amount, payment status, timestamps, and technical metadata needed to issue and deliver the license key.
3.1.1. For each checkout order, Redacto stores an audit record showing that the user accepted the license offer and acknowledged the personal data processing policy. The record includes server-side timestamps, document versions, and SHA-256 hashes of the document texts current at checkout.
3.2. For receipts, Redacto forms and transmits the data required by the applicable tax regime and sends the receipt to the purchaser electronically.
3.3. During license activation and validation, and for accounting free sanitization attempts, Redacto processes the license key during activation, signed license token, installation identifier, extension version, license status, activation and expiration dates, next validation date, and a technical Google OAuth subject hash. A legacy Chrome profile hash may be processed temporarily only for compatibility with previously activated licenses.
3.4. If the user opts in to marketing emails, Redacto processes the email address, consent timestamp, consent source, consent text version, SHA-256 hash of the consent text, subscription status, and unsubscribe data. Each checkout order also stores whether the marketing checkbox was selected for that purchase.
3.5. When a user requests a sandbox API key, Redacto processes the email address, confirmation of the synthetic-only terms, privacy policy acknowledgement, verification token hash, API key hash, key identifier, scopes, expiration date, status, and quota counters. Raw verification tokens and raw API keys are not stored.
3.6. If the user contacts support, Redacto processes the email address, message content, and any information the user chooses to include in the request.
3.7. Technical logs may temporarily contain request date and time, IP address, user-agent, request URL, processing result, and error details. These logs are used for security, diagnostics, and abuse prevention.
4. Purposes
4.1. Purchase email and order data are used to enter into and perform the license agreement: process payment, issue a license key, send a receipt, deliver service messages, and provide support.
4.2. Payment and receipt data are processed to comply with legal obligations and to confirm transactions.
4.3. License data is processed to activate the license, validate its term, prevent license key sharing, revoke a license where allowed by the license terms, and restore access when the user contacts support.
4.4. Marketing emails are sent only with prior consent. The user may unsubscribe or withdraw consent.
4.5. Sandbox key data is processed to verify the email address, issue test access to the sandbox API, enforce expiration and quotas, revoke keys, and send sandbox-related technical notices.
4.6. Technical logs are processed to keep the website and backend working, investigate errors, prevent fraud, and protect Redacto and its users.
5. How the Extension Processes Data Locally
5.1. Redacto's core feature is local processing of user text and files in the browser. User text, files, masking dictionaries, and masking policy settings are not sent to Redacto servers for masking or restoration.
5.1.1. The separate hosted sandbox API is not part of the local extension. It accepts only synthetic test payloads from integrators who have received a sandbox API key and runs on a separate sandbox API domain.
5.2. The extension analyzes text that the user types or pastes on supported websites and in the side panel, detects personal and sensitive entities, replaces them with markers such as [PERSON_1], [EMAIL_1], and [ORG_1], and lets the user restore original values where local state is available.
5.3. Local detection may use a built-in NER model running through ONNX Runtime and WebAssembly, as well as local rules. These computations run on the user's device.
5.4. File processing for supported formats, including .txt, .csv, .docx, .xlsx, and .pptx, is performed locally in the browser. If the user creates a JSON dictionary, they may protect it with a password; encryption is performed locally.
5.5. The extension uses chrome.storage.session for temporary current-session and current-tab state, including marker-to-original mappings and the current browser-session license OAuth confirmation. It uses chrome.storage.local for local masking policy settings, signed license token, public license dates, and a technical installation identifier.
5.6. For licensing and free-attempt accounting, the extension starts a backend-mediated Google OAuth flow and receives only a technical Google subject hash. After a browser restart, paid features require a fresh OAuth confirmation. The user's Google email is not sent to the license backend.
5.7. The user can delete local extension data by uninstalling the extension, clearing browser extension/site data, or using the browser's built-in data management controls.
6. Chrome Web Store Limited Use Disclosure
6.1. The use and transfer of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.
6.2. Redacto uses data obtained through Chrome APIs only to provide or improve its single purpose: local sensitive data masking and restoration with license activation and validation.
6.3. Redacto does not sell user data, does not transfer user data to advertising platforms or data brokers, does not use user data for personalized advertising, retargeting, credit scoring, or lending decisions, and does not use user text or files to train external AI or machine learning models.
7. Third Parties and External Services
7.1. YooKassa is used to process payments. After the user submits the license purchase form, the payment form may load the official widget and YooKassa/YooMoney resources required for payment. Bank card details are entered into the payment form and are not transmitted to Redacto.
7.2. An SMTP provider may be used to deliver license keys, sandbox verification codes/links, and service messages. Only the data necessary to send the email is provided.
7.3. If the user has opted in to marketing, Redacto may export the email address, consent timestamp, consent version, and unsubscribe URL to an external email service. Marketing emails are not sent without separate consent.
7.4. Receipt and transaction data may be transmitted to tax authorities where required by applicable law.
7.5. Redacto may use technical providers for hosting, domain, email, and infrastructure. Such providers may access data only as needed to provide their services.
8. Retention
8.1. Personal data is retained no longer than necessary for the purposes described in this Policy, unless a longer period is required by law, contract, or legitimate rights protection.
8.2. The purchaser email is stored in minimized form: a hash is used for order lookup and audit, while the original value is stored encrypted only where needed for license delivery, service retry, or mandatory legal requirements.
8.3. Raw license keys issued after payment are stored only encrypted and only for a limited period required for service re-delivery. After that period, only the key hash and public license data remain.
8.4. Sandbox API keys are stored only as hashes together with public technical key fields. Verification tokens are short-lived and marked as consumed after confirmation.
8.5. Marketing consent is retained until unsubscribe, withdrawal, or termination of marketing activities. After unsubscribe, the encrypted email used for marketing is cleared, while a hash may remain in a suppression list to prevent renewed sending without new consent.
8.6. Checkout consent audit records are retained with the related order data for contract and legal proof purposes. They do not include IP address or user-agent.
8.7. Technical logs are retained for a limited period necessary for diagnostics, security, and incident investigation.
9. Security Measures
9.1. Redacto applies organizational and technical measures to protect personal data, including data minimization and separation between payment, licensing, sandbox key issuance, sandbox API, and local extension processing.
9.2. Purchaser or integrator email is stored as a hash and encrypted value. Encryption, token-signing, and API key hashing secrets are kept separate from public code.
9.3. User text, files, masking dictionaries, and extension settings are not accepted by the payment and licensing backend.
9.4. Redacto does not use user text or files for advertising, profiling, credit scoring, or training external AI or machine learning models.
10. User Rights and Choices
10.1. Users may request information about their personal data, correction, restriction, or deletion where applicable.
10.2. Users may withdraw marketing consent. Withdrawal does not affect processing that occurred before withdrawal and does not prevent processing required to perform the license agreement, send receipts, comply with law, or protect rights.
10.3. Privacy requests should be sent to the controller contact listed in Section 12 of the license offer. The request should include the email used for purchase, sandbox key request, or support and describe the request. Redacto may request information needed to confirm the user's connection to an order, license, or sandbox key.
11. Emails, Cookies, and Analytics
11.1. Redacto does not use its own web analytics, tracking pixels, or marketing email open/click tracking on the landing page.
11.2. The YooKassa payment widget loads only after the user submits the license purchase form. Within the payment form, YooKassa may use its own cookies, local storage, and network requests necessary to process the payment.
11.3. Service emails about purchase, receipt, license key, license status, sandbox verification, sandbox key, and support are not marketing emails. Marketing emails are sent only with separate consent.
12. International Transfers
12.1. Redacto aims to store the purchaser database containing personal data of Russian citizens in the Russian Federation.
12.2. If email, mailing, support, hosting, or other infrastructure providers involve international transfer of personal data, such transfer is performed only where a valid legal basis exists and applicable law is followed.
13. Changes to This Policy
13.1. Redacto may update this Policy when the product, payment flow, data categories, law, or extension store requirements change.
13.2. The new version takes effect when published on the website unless it states otherwise.