Privacy Policy
This Privacy Policy explains how Ceyltech ("we", "us", "our") collects, uses, discloses, and protects your personal information when you use our websites, applications, and services (the "Service").
We are committed to protecting your privacy and handling your data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and other relevant privacy legislation.
Quick Summary:
- We only collect data necessary to provide the Service
- We do not use your documents to train AI models
- We use industry-standard security measures
- You have full control over your data
- We comply with GDPR and other privacy laws
1. Information We Collect
1.1 Information You Provide
When you use our Service, we may collect:
- Account Information: Name, email address, and authentication credentials when you create an account or sign in
- Documents and Content: Shipping documents (PDFs, images) that you upload for analysis, including Bills of Lading, Packing Lists, Commercial Invoices, and related documents
- Contact Information: Information you provide when contacting us for support or inquiries
- Usage Data: Information about how you use the Service, such as features accessed and documents processed
1.2 Information Collected Automatically
When you visit our website or use our Service, we may automatically collect:
- Technical Information: IP address, browser type, device information, operating system
- Usage Information: Pages visited, time spent, features used, error logs
- Cookies and Similar Technologies: See our Cookie Policy for details
1.3 Information from Third Parties
We may receive information from:
- Authentication Providers: When you sign in using Microsoft Entra External ID, we receive your email address and basic profile information
- Service Providers: Information from third-party services we use to provide the Service (e.g., Azure services)
2. How We Use Your Information
We use the information we collect to:
- Provide the Service: Process your documents, perform OCR, extract data, generate analysis results, and support enabled integration workflows
- Authenticate and Manage Accounts: Verify your identity, manage your account, and provide access to the Service
- Improve the Service: Analyze usage patterns, fix bugs, and enhance functionality (using aggregated, anonymized data)
- Communicate with You: Respond to your inquiries, send service-related notifications, and provide customer support
- Ensure Security: Detect and prevent fraud, abuse, and security threats
- Comply with Legal Obligations: Meet legal requirements, respond to legal requests, and enforce our Terms of Service
Important: We do not use your documents or Customer Content to train public or general-purpose AI models. Your documents are processed solely to provide the Service to you.
3. Legal Basis for Processing (GDPR)
Under GDPR, we process your personal data based on the following legal bases:
| Legal Basis | Purpose |
|---|---|
| Contract Performance | To provide the Service you have requested and fulfill our contractual obligations |
| Legitimate Interests | To improve the Service, ensure security, and prevent fraud (using aggregated, anonymized data) |
| Legal Obligation | To comply with applicable laws and respond to legal requests |
| Consent | Where you have provided explicit consent (e.g., for optional features or communications) |
4. Data Sharing and Disclosure
4.1 Service Providers (Subprocessors)
We share your data with trusted third-party service providers who help us operate the Service:
- Microsoft Azure: Cloud hosting, storage, and infrastructure services
- Azure Document Intelligence: OCR and document processing services
- Azure OpenAI: AI model inference for data extraction and analysis
- Apryse WebViewer: PDF viewing and annotation services
- Microsoft Entra External ID: Authentication and identity management
These providers are contractually obligated to protect your data and only use it to provide services to us.
4.2 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership.
4.3 Legal Requirements
We may disclose your information if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users.
4.4 With Your Consent
We may share your information with third parties when you have given us explicit consent to do so.
5. Data Security
We implement industry-standard security measures to protect your personal information:
- Encryption: Data in transit is encrypted using TLS/SSL. Data at rest is encrypted using Azure's encryption services
- Access Controls: Strict access controls and authentication requirements for our systems
- Secure Infrastructure: Hosting on Microsoft Azure with enterprise-grade security
- Regular Security Assessments: Ongoing monitoring and security updates
- Session Security: Secure session management with HttpOnly and Secure cookie flags
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
6. Data Retention
We retain your personal information only as long as necessary to:
- Provide the Service to you
- Comply with legal obligations
- Resolve disputes and enforce our agreements
- Maintain security and prevent fraud
Document Retention: Documents you upload are retained according to your account settings and subscription plan. You can delete documents at any time through the Service. We may retain limited backups and logs for security and legal compliance for a limited period after deletion.
Account Data: If you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal purposes.
7. Your Rights (GDPR)
Under GDPR and other applicable privacy laws, you have the following rights regarding your personal data:
7.1 Right of Access
You have the right to request a copy of the personal information we hold about you.
7.2 Right to Rectification
You can request that we correct any inaccurate or incomplete personal information.
7.3 Right to Erasure ("Right to be Forgotten")
You can request that we delete your personal information, subject to certain legal exceptions.
7.4 Right to Restrict Processing
You can request that we limit how we use your personal information in certain circumstances.
7.5 Right to Data Portability
You can request a copy of your data in a structured, machine-readable format.
7.6 Right to Object
You can object to certain types of processing, such as processing based on legitimate interests.
7.7 Right to Withdraw Consent
Where processing is based on consent, you have the right to withdraw your consent at any time.
7.8 Right to Lodge a Complaint
You have the right to file a complaint with a data protection authority, such as the Danish Data Protection Agency (Datatilsynet) if you believe we have violated your privacy rights.
To exercise these rights, please contact us at info@ceyltech.com. We will respond to your request within one month (or as required by applicable law).
8. International Data Transfers
Your data may be processed and stored outside the European Economic Area (EEA), including in:
- Microsoft Azure data centers (which may be located in various regions)
- Other locations where our service providers operate
When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions by the European Commission
- Other legally recognized transfer mechanisms
9. Cookies and Tracking Technologies
We use cookies and similar technologies to provide and improve our Service. For detailed information about our use of cookies, please see our Cookie Policy.
Summary: We only use strictly necessary cookies (session cookies) required for the Service to function. We do not use tracking, analytics, or marketing cookies.
10. Children's Privacy
Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
11. Data Controller and Data Processor
Under GDPR:
- For account and usage data: Ceyltech is the Data Controller, as we determine the purposes and means of processing this data.
- For Customer Content (documents you upload): In B2B scenarios, you are typically the Data Controller, and Ceyltech acts as the Data Processor. We process your documents according to your instructions to provide the Service.
Where we act as a Data Processor, we will enter into a Data Processing Addendum (DPA) with you upon request, which sets out the terms for processing your data.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:
- Posting the updated policy on this page with a new "Last updated" date
- Sending an email notification (if you have an account)
- Displaying a notice in the Service
Your continued use of the Service after the effective date of the updated Privacy Policy constitutes your acceptance of the changes.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: info@ceyltech.com
Security/Data Protection: security@ceyltech.com
Data Protection Officer (if applicable): dpo@ceyltech.com
Data Protection Authority:
If you are located in Denmark and wish to file a complaint, you can contact:
Datatilsynet (Danish Data Protection Agency)
Borgergade 28, 5
1300 Copenhagen K
Denmark
Website: www.datatilsynet.dk