Privacy Policy
We are committed to protecting the privacy and security of your data. This policy explains what we collect, how we use it, and the rights you have.
Summary: We collect only the data necessary to operate the platform. We never sell your data. Your records belong to you, and you can export or delete them at any time.
1. Information We Collect
We collect information you provide directly to us and information generated through your use of the platform. The categories of data we collect include:
- Account Information: Name, email address, organization name, job title, phone number, and billing details provided at registration.
- Document & Records Data: Files, documents, and records you upload, scan, or create within the platform, including associated metadata.
- Usage Data: Log data, IP addresses, browser type, device identifiers, pages visited, features accessed, and actions taken within the platform.
- Communication Data: Messages, support tickets, and correspondence you send to us through any channel.
- Payment Information: Billing address and payment method details processed securely through our PCI-compliant payment processor. We do not store full card numbers on our servers.
2. How We Use Your Information
We use the information we collect for the following purposes:
- To provide, operate, and improve the Records Referee platform and its features.
- To process records, run AI classification, OCR, and automated workflows.
- To authenticate users and enforce role-based access controls.
- To generate compliance reports and statutory filings on your behalf.
- To send transactional communications including request confirmations, status updates, and security alerts.
- To process billing and manage your subscription.
- To respond to support requests and provide customer service.
- To analyze usage patterns for platform improvement — using aggregated, de-identified data only.
- To comply with applicable laws, regulations, and legal obligations.
We do not use your document data or records content to train AI models without your explicit written consent.
3. Data Sharing & Disclosure
We do not sell, rent, or trade your personal information or your organization's records data to any third party. We may share data in the following limited circumstances:
- Service Providers: We share data with trusted vendors who help us operate the platform (e.g., cloud infrastructure, payment processing, email delivery). These vendors are contractually bound to protect your data.
- Authorized Users: Within your organization, data is accessible to users according to the role-based access permissions you configure.
- Legal Obligations: We may disclose information if required by law, court order, or government authority.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.
4. Data Security
We implement industry-standard security measures to protect your data:
- AES-256 encryption for all data at rest.
- TLS 1.3 encryption for all data in transit.
- SOC2 Type II certified infrastructure with annual third-party audits.
- Role-based access control (RBAC) and multi-factor authentication (MFA).
- Immutable, tamper-evident audit logs for all data access and modifications.
- Geographically redundant US-based data centers.
- Regular penetration testing and vulnerability assessments.
5. Data Retention
We retain your data for as long as your account is active or as needed to provide services and comply with legal obligations. Upon account termination, your data is retained for a 30-day grace period during which you may request export or restoration. After this period, data is permanently deleted from our active systems within 90 days, except where retention is required by law.
6. Your Rights
You have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your data, subject to legal retention requirements.
- Portability: Export your data in a machine-readable format at any time.
- Objection: Object to certain types of processing.
- Withdrawal of Consent: Withdraw consent where processing is based on your consent.
To exercise any of these rights, contact us at privacy@recordsreferee.com.
7. Cookies & Tracking
We use cookies and similar technologies to authenticate users, remember preferences, and analyze platform usage. For details on the types of cookies we use and how to manage them, see our Cookie Policy.
8. Third-Party Services
The platform integrates with third-party services for specific features (e.g., payment processing, email delivery, AI services). These integrations are governed by our service agreements with each provider. We do not share more data than necessary for these services to function.
9. Children's Privacy
Records Referee is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the platform at least 30 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.
11. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact our Privacy Team:
- Email: privacy@recordsreferee.com
- Mail: Records Referee, Privacy Team, Florida, United States