PrivacyPolicy
Last Updated: March 2, 2026
Contents
1. Introduction
Welcome to nolain OCR ("we", "us", or "our"). We operate the website nolainocr.com and the related document extraction service (collectively, the "Service").
This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have over your information. Please read it carefully before using the Service.
By using nolain OCR you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.
2. Data We Collect
We collect the following categories of personal data:
Account Information
Your email address and, if you register via Google OAuth, your Google profile name and avatar. Passwords are hashed and never stored in plain text.
Documents You Upload
PDF and image files you submit for OCR processing. These files are stored temporarily to perform extraction and are associated with your account. They are deleted after you logout.
Extracted Data
The structured output (CSV, Excel, JSON, Google Sheets) generated from your uploaded documents. It is saved only if the user chooses the "New Project" or "Update Project" options.
Billing Information
Subscription plan and payment status. All payment card details are processed exclusively by Stripe and are never stored on our servers.
Usage Data
Pages processed per month, plan tier, and service-level metrics used to enforce subscription limits and improve the Service.
Technical Data
IP address, browser type, operating system, and access timestamps collected automatically in server logs.
3. How We Use Your Data
We use your personal data only for the following purposes:
- [✓]To create and manage your account and authenticate you securely.
- [✓]To process documents you upload and return structured extracted data.
- [✓]To enforce subscription limits and usage quotas.
- [✓]To process payments and manage your subscription via Stripe.
- [✓]To send transactional emails (account verification, password reset, billing receipts).
- [✓]To respond to support requests and inquiries.
- [✓]To detect fraud, abuse, and security incidents.
- [✓]To comply with legal obligations.
We DO NOT sell your personal data or use it for advertising purposes.
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), our legal bases for processing your personal data are:
Contract
Processing is necessary to provide the Service you signed up for (account management, document processing, billing).
Legitimate Interests
Security monitoring, fraud prevention, and service improvement — balanced against your rights and interests.
Legal Obligation
Where we are required to process data to comply with applicable law (e.g., financial record-keeping).
Consent
For any optional marketing communications. You may withdraw consent at any time.
5. Third-Party Service Providers
We share data with a limited set of trusted sub-processors only to the extent necessary to operate the Service:
Supabase
Authentication, database, and file storage. Your account information and uploaded documents are stored on Supabase infrastructure.
View privacy policy ↗Stripe
Payment processing and subscription management. Stripe processes your payment card data under their own PCI-DSS compliant environment.
View privacy policy ↗Mistral AI
AI-powered OCR and document content extraction. Document content is sent to Mistral AI APIs for processing.
View privacy policy ↗Google (OAuth)
Optional sign-in via Google account. If you use "Sign in with Google", Google shares your email and profile name with us.
View privacy policy ↗We do not share your data with any other third parties unless required by law.
6. Data Retention
Account Data
Retained for as long as your account is active. You can request to delete your account at any time at info@nolainocr.com.
Uploaded Documents
Stored only during an user session. They are deleted after you logout.
Extracted Results
Stored only if the user chooses the "New Project" or "Update Project" options, as long as the account is active.
Billing Records
Transaction records may be retained for up to 7 years to comply with financial and tax regulations.
Server Logs
Technical access logs are retained for up to 90 days for security and debugging purposes.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data. We will respond to verified requests within 30 days.
To exercise any of these rights, contact us at info@nolainocr.com.
9. Data Security
We implement industry-standard security measures to protect your data, including TLS encryption for all data in transit, encrypted storage of sensitive credentials, and access controls that restrict data access to authorised systems only. However, no method of transmission over the internet is 100% secure. If you suspect a security breach affecting your account, please contact us immediately at info@nolainocr.com.
10. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence, including the United States, where our service providers (Supabase, Stripe, Mistral AI) operate. When such transfers occur for users in the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions recognised by the European Commission.
11. Children's Privacy
The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at info@nolainocr.com and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you by email. Continued use of the Service after changes become effective constitutes your acceptance of the revised policy.
13. Contact Us
For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:
