← Back to Home

Privacy Policy

Last updated: September 15, 2025

This Privacy Policy explains how IngestScale, Inc. ("IngestScale," "we," "us") collects, uses, discloses, and protects information in connection with our software, services, and websites (the "Services"). Our Services can be deployed privately (on‑prem/VPC) or as a managed service.

1. Scope

This Policy applies to personal data processed by IngestScale in connection with the Services. It does not supersede customer‑specific agreements. If you use our Services under a contract with your organization, your organization is typically the controller of personal data processed in private deployments.

2. Roles (Controller / Processor)

  • Private deployments (on‑prem/VPC): Your organization generally acts as the controller; IngestScale acts as a processor (or sub‑processor where applicable) in accordance with the contract and data processing terms.
  • Managed service: IngestScale generally acts as a processor on behalf of your organization (controller) under the applicable data processing agreement.

3. Data We Process

  • Customer content: documents and related data provided to the Services for processing and extraction (e.g., PDFs, images, metadata).
  • Account and contract data: business contact details, billing details, and account configuration information.
  • Operational data: logs, metrics, and diagnostics to operate and secure the Services (minimized and scoped to the deployment model).

4. Purposes of Processing

  • Provide, secure, and operate the Services (including support and reliability).
  • Deliver contracted features (extraction, normalization, validation, observability, delivery).
  • Fulfill legal obligations and enforce agreements.

5. Lawful Basis

Where required by law (e.g., GDPR), we rely on one or more lawful bases: contract performance, legitimate interests (e.g., service security), compliance with legal obligations, and, where applicable, consent.

6. Security

We implement administrative, technical, and physical safeguards appropriate to the nature of data and deployment model. Private/VPC/on‑prem deployments keep data within your trust boundary. Controls may include encryption in transit/at rest, access controls, key management integrations, audit logging, and sampling‑ based QA consistent with your governance.

7. Retention

We retain personal data no longer than necessary for the purposes described above or as required by law. Retention and deletion schedules for Customer content in private deployments are governed by your environment and the contract/SOW. Managed service retention is documented in the applicable order or data processing terms.

8. Sharing and Transfers

  • We do not sell personal data. We may share data with service providers that perform services on our behalf, subject to appropriate contractual safeguards.
  • International transfers (where applicable) use recognized transfer mechanisms (e.g., SCCs) and appropriate safeguards consistent with law and contractual commitments.

9. Your Rights

Depending on your location, you may have rights to access, correct, delete, restrict, object, or port your personal data. For private deployments, please contact your organization (controller). For managed services where we act as processor, we will support the controller in responding to requests. To reach us, contact us.

10. Children

Our Services are not directed to children and we do not knowingly collect children’s personal data.

11. Changes

We may update this Policy from time to time. Material changes will be posted on this page with an updated date. Continued use of the Services after the effective date constitutes acceptance of the updated Policy.

Related documents: Terms of Service Acceptable Use Policy.