Privacy Policy

Last Updated: April 20, 2026

1. Introduction

The Dewdrop Group, LLC ("we," "us," "our," or "Company"), operator of NiceData, is committed to protecting and respecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you use our document processing services, which extract, parse, convert, and organize data from documents ("Services"), and when you visit our website.

By accessing or using our Services, you agree to the terms of this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

2. Summary of Key Points

This summary provides an overview of our privacy practices. Please read the full policy below for complete details.

Document Processing

  • We process your documents solely to provide the Service
  • We do not sell your data or share your documents with other customers
  • We do not use your documents to train AI models
  • Documents are automatically deleted according to the retention period set on each project (1, 14, 30, 60, or 90 days) unless deleted earlier

Information We Collect

  • Account information: email address and encrypted password
  • Workspace information: organization or team name
  • Billing and subscription details for paid plans (processed securely by Stripe)
  • Documents, extracted outputs, and export files you upload or generate

How We Use Your Information

  • Provide the Service: process documents, extract data, enable exports
  • Maintain and improve the Service: security, performance, bug fixes
  • Communicate: account notifications and service updates

Your Rights

  • Download or delete your documents at any time
  • Export or delete your account from account settings
  • Request correction, restriction, or deletion of your personal information

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

  • Email address
  • Password (stored in encrypted form)
  • Organization or workspace name, if you create one

3.2 Billing Information

When you subscribe to paid features, we collect:

  • Billing address
  • Payment card details (processed securely by our payment processors)
  • Transaction history

3.3 Document Data

When you use our Services, you upload documents for processing. These may include PDFs, images, Microsoft Office documents, and other file types supported by our Services.

Important Notice: Pursuant to our Terms of Service, you are prohibited from uploading documents containing sensitive personal data such as health information, biometric data, financial account credentials, or other categories of special or prohibited data as defined in Section 8.3 of our Terms of Service. If you inadvertently upload such information, contact us immediately at [email protected] for removal.

3.4 Automatically Collected Information

We automatically collect:

  • IP address and general geographic location
  • Browser type, version, and language settings
  • Device type and operating system
  • Pages viewed and features accessed
  • Date and time of visits
  • Files uploaded and downloaded

4. How We Use Your Information

4.1 Service Provision

We use your information to:

  • Create and manage your account
  • Process and extract data from your uploaded documents
  • Convert and transform documents between formats
  • Process payments and manage billing
  • Provide customer support

4.2 Service Improvement

We use usage trends, operational diagnostics, and product feedback to improve our Services, fix bugs, develop new features, and understand which parts of the Service are most useful. Optional website analytics and browser telemetry are currently disabled in the product.

4.3 Communication

We use your information to:

  • Send operational notifications about your account
  • Provide updates about new features
  • Deliver billing statements
  • Respond to your inquiries

4.4 Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area or United Kingdom, we process your personal data based on: (a) contract performance to create your account, process documents, provide exports, and deliver the Service; (b) our legitimate interests in securing the Service, preventing fraud, maintaining reliability, and handling billing operations; and (c) legal obligations such as tax, accounting, and lawful disclosure requirements.

5. Document Data Processing

5.1 How We Process Documents

When you upload documents:

  1. Documents are securely uploaded and stored in encrypted form
  2. Our AI engines analyze documents to extract relevant data
  3. Text, numbers, and structured information are identified and extracted
  4. Documents may be converted between formats as requested
  5. Processed data is made available to you
  6. Documents are retained according to the project retention period you select: 1, 14, 30, 60, or 90 days

5.2 Document Privacy

We treat your documents as confidential. We do not:

  • Share your documents with other users
  • Sell your documents or extracted data to third parties
  • Use document content for any purpose other than providing the Services to you
  • Use your documents or their contents to train, improve, or develop AI or machine learning models
  • Share your document content with AI providers for model training purposes

5.3 Your Control Over Documents

You retain control over your documents and may exercise the following rights at any time:

  • Upload new documents or remove existing documents from the Service
  • Download your original files and extracted data in standard, machine-readable formats
  • Delete individual documents immediately; such deletion is permanent and irreversible
  • Export your account data or permanently delete your account from account settings. Account deletion does not include a post-closure export grace period, so you should export data before confirming deletion.

5.4 AI Processing

We utilize artificial intelligence technologies to process your documents and extract data. The following describes how AI technology is applied to your data:

  • Processing Only: AI is used solely to analyze and extract data from your documents to provide the Service
  • No Training: Your document content is never used to train or improve AI models
  • Third-Party AI: We may use third-party AI services to process documents; these providers are contractually prohibited from using your data for training
  • Temporary Processing: Document content sent to AI services is processed in real-time and not retained by AI providers beyond what's necessary to complete the request

6. Disclosure and Sharing of Information

We do not sell, rent, or trade your personal data or document data to third parties. We may share information with:

6.1 Service Providers

We share information with trusted service providers who assist us in operating our Services:

  • Cloudflare R2: For encrypted file storage and infrastructure
  • AI Processing Providers: For document analysis and data extraction (not for model training on your content)
  • Stripe: For secure payment processing
  • Postmark: For transactional email delivery
  • Umami Analytics: For optional website analytics

All service providers are contractually required to protect your data and use it only for the purposes we specify. You can review our current vendor list on our subprocessors page. When you enable customer-directed integrations such as webhooks or Zapier, data may also be sent to the recipients you choose under your instructions.

6.2 Legal Requirements

We may disclose information when required to:

  • Comply with laws, regulations, or legal processes
  • Respond to lawful requests from government authorities
  • Protect our rights, property, or safety, or that of our users or the public
  • Prevent fraud or security breaches

Where legally permitted, we will notify you of legal demands for your data before disclosure, unless: (a) we are prohibited by law, court order, or legal process from providing notice; (b) the request relates to an emergency involving danger of death or serious physical injury; or (c) providing notice would be futile, ineffective, or would create a risk of injury or harm to an identifiable individual or group.

7. Data Security

We implement comprehensive security measures to protect your information:

7.1 Technical Measures

We use encryption for data in transit and at rest, and implement access controls to protect your information.

7.2 Your Responsibilities

  • Use strong, unique passwords
  • Keep login credentials confidential
  • Report suspected security incidents immediately

7.3 Data Breach Notification

In the event of a security breach that affects your personal data, we will notify you in compliance with applicable law.

8. Data Retention

We retain different types of data for varying periods based on operational necessity, legal requirements, and legitimate business purposes:

8.1 Document Retention

The Service provides document processing functionality. Documents are retained as follows:

  • Project-Configured Retention: Uploaded documents and extracted data are kept for the retention period selected on each project: 1, 14, 30, 60, or 90 days
  • Automatic Removal: After the selected retention period ends, documents are automatically deleted unless you remove them sooner
  • Immediate Deletion: You can delete any document at any time through your account

8.2 Account Data

  • While Active: Account information is maintained as long as your account remains open
  • After Closure: Deleting your account removes you from shared workspaces, revokes your credentials, and deletes sole-member workspaces without a post-closure export grace period
  • Legal Retention: We may retain limited data where required by law, for billing, fraud prevention, security, or to establish, exercise, or defend legal claims
  • Backups: Encrypted backup copies may remain until they are overwritten in our normal backup cycle

8.3 Financial Records

  • Billing History: Payment records and invoices are retained for 7 years to comply with tax and accounting regulations
  • Payment Methods: Card details are stored by our payment processor (Stripe), not on our servers

8.4 Operational Records

  • Webhook Delivery History: Project webhook delivery records are retained for up to 30 days for troubleshooting and replay visibility
  • Diagnostics: Operational logs and error diagnostics are retained for limited periods based on security and reliability needs

9. Cookies and Analytics

We use essential cookies required for the Service to function, including session cookies to keep you logged in, security tokens to protect your account, payment-related cookies set by Stripe during checkout, and a locale preference cookie that remembers your selected language for up to one year. Disabling essential cookies will prevent you from using core parts of the Service.

Optional Analytics: Umami website analytics is currently disabled in the product. If we re-enable optional analytics later, we will update this policy before doing so.

10. Your Privacy Rights

10.1 Universal Rights

You have the right to:

  • Access: Request information about your personal data
  • Correction: Update inaccurate or incomplete information
  • Deletion: Request deletion of your personal data
  • Data Portability: Receive your data in a structured format

10.2 GDPR Rights (EEA, UK)

If you are located in the European Economic Area or United Kingdom, you have additional rights under the General Data Protection Regulation, including the right to restrict or object to processing, withdraw consent, and lodge a complaint with your local data protection supervisory authority.

10.3 CCPA Rights (California)

California residents have the right to know what personal information is collected, request deletion, and opt-out of the sale of personal information. We do not sell your personal information. We will not discriminate against you for exercising your privacy rights.

10.4 Exercising Your Rights

To exercise your privacy rights, submit a request via email to [email protected] or use the data export and deletion features available in your account settings.

Verification: To protect your privacy, we may require verification of your identity before processing your request. This may include confirming information associated with your account.

Response Timeframes: We will respond to verified requests within the timeframes required by applicable law: thirty (30) days for requests under GDPR (extendable by an additional sixty days for complex requests with notice), and forty-five (45) days for requests under CCPA (extendable by an additional forty-five days with notice). If we cannot fulfill your request, we will explain the reasons.

11. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. We protect transfers through a combination of encryption, access controls, and vendor-specific transfer safeguards where required, such as adequacy decisions, participation in recognized transfer frameworks, or the European Commission's Standard Contractual Clauses. Additional details about our current vendors are available on our subprocessors page.

12. Children's Privacy

Our Services are not intended for users under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with information, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least thirty (30) days' advance notice via email. Your continued use of the Service after the effective date constitutes acceptance of the changes.

14. Contact Information

For questions about this Privacy Policy, to exercise your privacy rights, or for any privacy-related concerns, please contact us:

The Dewdrop Group, LLC

Product: NiceData

Email: [email protected]

For data protection inquiries from EU/UK residents, you may also contact us at the email address above with "GDPR Request" in the subject line.

By using our Services, you acknowledge that you have read and understood this Privacy Policy.