FileParse logo
Sign up

Privacy Policy

Last updated: March 13, 2026

Summary

FileParse is committed to keeping your private data private. We only collect personal data as needed to provide our document parsing service and manage your account. We do not sell your data, we do not run advertising trackers, and we do not use tracking cookies. This policy explains what we collect, why, and how you can control it.

If you have questions, please contact us at admin@fileparse.app. We actively monitor this inbox.

1. Data Controller

Fileparse ("Fileparse", "we", "us", or "our") is the data controller for the personal data collected through the FileParse web application.

Email: admin@fileparse.app

2. What Data We Collect

Data You Provide

We collect personal data when you voluntarily provide it to us, for instance when you:

  • Create an account: Name, email address, and password (cryptographically hashed in our storage). If you sign in with Google or GitHub, we receive your name, email address, and profile picture from the provider.
  • Upload documents: The files you upload (PDF, PNG, JPEG) along with the original file name, file size, and file type.
  • Generate API keys: The name you assign to each key. The key itself is cryptographically hashed before storage — we cannot retrieve the plaintext key after creation.
  • Configure webhooks: The URL you provide for receiving document processing notifications.
  • Contact us: Any information you include when emailing us or submitting a support request.

Data Associated With Your Account

We also collect and store information to provide our service. These include:

  • Upload metadata: processing status, error messages, source (web or API), and timestamps.
  • Parsed output: extracted text, layout blocks, bounding box coordinates, page dimensions, and extracted images derived from your uploaded documents.
  • API key metadata: key prefix (first few characters), usage status, and last-used timestamp.
  • Session records: active login sessions including creation time and expiration time.
  • Email verification and password reset tokens (automatically cleaned up after expiry).

Data Collected Automatically

When you use FileParse, some data is collected automatically:

  • IP address: Recorded with each login session for security purposes (fraud detection, session anomaly detection). Also used temporarily in memory for rate limiting but not persisted for that purpose.
  • User agent: Your browser name, version, and operating system are recorded with each login session.
  • Usage analytics: We use Umami, a privacy-focused analytics tool, to collect anonymized, aggregate usage data such as page views and feature usage events (e.g., sign-ups, uploads, parsing completions). Umami does not use cookies, does not collect personally identifiable information, and does not track users across websites.

3. How We Use Your Data

We use the information we collect to:

  • Provide, maintain, and improve the FileParse service, including document parsing and account management.
  • Process your uploaded documents by sending them to our parsing service and returning the structured results.
  • Send you transactional emails such as email verification and password reset links.
  • Deliver webhook notifications to URLs you configure when document processing completes or fails.
  • Detect and prevent fraud, abuse, and unauthorized access through IP-based rate limiting and session monitoring.
  • Analyze anonymized, aggregate usage patterns to improve functionality and reliability.
  • Enforce our terms of service.

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

  • Performance of a Contract: Processing necessary to provide the services you requested, such as parsing your documents, managing your account, and delivering webhook notifications.
  • Legitimate Interests: Processing necessary for security (rate limiting, session monitoring, fraud prevention) and service improvement (anonymized analytics), provided these do not override your rights.
  • Consent: Where you have given explicit consent, such as connecting a third-party OAuth provider.
  • Legal Obligation: Where we are required to comply with applicable laws.

5. Third-Party Services

We do not sell, trade, or otherwise transfer your personally identifiable information to outside parties. We share data with the following third-party service providers solely to operate our application:

  • S3-Compatible Storage: Your uploaded files and parsed output (including extracted images) are stored on S3-compatible object storage infrastructure.
  • Mailgun: Your email address is shared with Mailgun to deliver transactional emails (email verification, password reset). No other personal data is shared.
  • Google OAuth (optional): If you choose to sign in with Google, your name, email address, and profile picture are received from Google during authentication.
  • GitHub OAuth (optional): If you choose to sign in with GitHub, your name, email address, and profile picture are received from GitHub during authentication.
  • Umami Analytics: Anonymized, cookieless website analytics. Umami does not collect personally identifiable information and does not track users across websites.
  • jsdelivr CDN: We load mathematical rendering resources (KaTeX) from the jsdelivr content delivery network. Your browser makes standard HTTP requests to jsdelivr servers to fetch these resources.

6. Webhooks

When you configure a webhook URL through the API, FileParse will send HTTP POST requests to that URL when your documents finish processing or encounter an error. The webhook payload includes document metadata (document ID, status, file name, and timestamps). If you opt in, the parsed markdown content may also be included.

Webhook URLs are provided by you and point to servers you control. We validate URLs for security (HTTPS required in production, no private IP ranges) but are not responsible for the privacy practices of the receiving server.

7. Your Uploaded Content

Documents you upload to FileParse are your responsibility. Your files are processed solely to provide the parsing service — we extract text, tables, equations, and images from your documents and return structured output.

Uploaded content is not shared with any third party, except if you as the user decide to (for example with the Google Drive export). We do not review, analyze, or use your document content for any purpose other than providing the parsing service.

8. Cookies and Tracking

We use essential cookies only to manage your authentication sessions. These cookies are necessary for the application to function and cannot be disabled without losing basic functionality.

We do not use advertising cookies, marketing cookies, or third-party tracking cookies. Our analytics provider, Umami, is cookieless and does not track individual users across websites.

9. Data Security

We use industry-standard practices to safeguard your data, including:

  • Passwords are cryptographically hashed before storage — we never store plaintext passwords.
  • API keys are cryptographically hashed — only the key prefix is stored in readable form.
  • HTTPS is enforced with HTTP Strict Transport Security (HSTS).
  • Content Security Policy (CSP) headers restrict which resources can be loaded.
  • Cross-Site Request Forgery (CSRF) protection validates request origins on all mutating operations.
  • Per-IP rate limiting protects against brute-force attacks and abuse.
  • Session tracking includes IP address and user agent to detect unauthorized access.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. Please contact us immediately if you become aware of any unauthorized use of your account.

10. International Data Transfers

Your information may be transferred to and processed on servers located outside your country of residence, where data protection laws may differ from those in your jurisdiction. By using FileParse, you consent to such transfers. We ensure that any transfers comply with applicable data protection laws and that your data remains protected in accordance with this policy.

11. Data Retention

We retain your personal data only for as long as necessary. Here are the specific retention periods:

  • Account data: Retained as long as your account is active. Deleted entirely when you delete your account.
  • Uploaded files and parsed output: Retained until you delete the individual upload or your account is closed.
  • Login sessions: Retained until they expire or you revoke them from your account settings.
  • Email verification and password reset tokens: Expire after 1 hour and are automatically cleaned up.
  • Rate limiting data: Held in server memory only (not persisted to any database) and automatically purged every 5 minutes.
  • API keys: Retained until you revoke them or delete your account.

12. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: The right to access the data we hold about you.
  • Rectification: The right to correct inaccurate or incomplete data.
  • Erasure: The right to request deletion of your personal data.
  • Restriction: The right to restrict the processing of your data.
  • Portability: The right to receive your data in a portable format.
  • Objection: The right to object to processing based on legitimate interests.
  • Withdraw consent: The right to withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at admin@fileparse.app. We will respond within 30 days. You can also manage much of your data directly through your account settings — see the sections below.

13. Data Export and Portability

You can export all of your personal data at any time from your account settings. The export includes your account information, session history, linked accounts, upload metadata, and API key metadata in a machine-readable JSON format.

14. Account Deletion

You can delete your account at any time from your account settings. Deleting your account permanently removes:

  • Your account information (name, email, password hash, profile image).
  • All uploaded files from storage.
  • All parsed output (extracted text, images, and layout data).
  • All login sessions.
  • All API keys.
  • All linked OAuth accounts.

This action is irreversible. Account deletion requires password confirmation and an explicit confirmation step. Once completed, we retain no personal data associated with your account.

15. Do Not Track

We respect your privacy preferences. Our analytics provider (Umami) is cookieless and privacy-focused by design — it does not track individual users or follow you across websites. Because we do not engage in cross-site tracking, there is no change in behavior when your browser sends a "Do Not Track" signal.

16. Children's Privacy

FileParse is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us at admin@fileparse.app and we will take steps to delete such information.

17. Links to Other Sites

FileParse may contain links to other websites or services that are not operated by us. We are not responsible for the privacy practices of third-party sites. We encourage you to review the privacy policy of every site you visit.

18. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top. By continuing to use FileParse after changes are posted, you agree to the revised policy.

19. Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us:

  • By email: admin@fileparse.app

We will respond to all requests and inquiries within 30 days.