Privacy Policy

Effective Date: January 1, 2025

1. Who We Are

This Privacy Policy explains how Discorra ("Discorra," "we," "us," or "our") collects, uses, and protects your information when you use our website, applications, and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Scope

This Privacy Policy applies to:

• Visitors to our website (including marketing pages).
• Registered users of the Discorra application.
• Any person who contacts us via email, contact forms, or other communication channels.

3. Information We Collect

3.1 Account Information

• Identifiers: email address, password (hashed), and name (if you choose to provide it).
• Workspace details: workspace name, membership, roles, and settings.

3.2 Content and Corpora You Provide

• Uploaded text and documents: any text, datasets, corpora, or notes you upload or paste into the Service for analysis.
• Metadata: titles, dataset labels, language settings, and other context attached to your corpora.

You are responsible for ensuring that any content you upload does not violate applicable laws or third-party rights and that you have a lawful basis to share it with us.

3.3 Usage and Device Data

• Technical data: IP address, browser type, operating system, device identifiers, and approximate location (e.g., city/country level).
• Usage data: pages viewed, features used, clicks, session duration, error logs, and performance data.
• Log data: timestamps of logins, account actions, and system events.

3.4 Payment Information

If you purchase a subscription, payments may be processed by a third-party payment provider (e.g., a payment platform like Stripe). We do not store your full payment card numbers. We may receive limited information related to billing status (e.g., last four digits of card, transaction IDs, subscription status) from the payment provider.

3.5 Cookies and Similar Technologies

We may use cookies, local storage, and similar technologies to:

• Keep you signed in and maintain your session.
• Remember your preferences and settings.
• Measure usage of the Service and improve performance.

You can control cookies through your browser settings, but disabling them may impact certain features of the Service.

4. How We Use Your Information

We use the information we collect for the following purposes:

• To provide and maintain the Service: authenticate you, operate core features, process your text and corpora, and deliver analysis results.
• To improve and develop the Service: analyze usage patterns, debug issues, optimize performance, and develop new features.
• To communicate with you: send service-related emails (such as onboarding messages, technical notices, account alerts) and respond to your support requests.
• To ensure security and prevent misuse: detect, prevent, and respond to fraudulent, abusive, or unlawful activities.
• To comply with legal obligations: meet record-keeping, tax, and regulatory requirements and respond to lawful requests from authorities.
• With your consent: for any other purposes clearly explained to you at the time of collection.

5. AI, Analytics, and Automated Processing

The core of the Service involves processing text data using automated methods, including statistical analysis, natural language processing (NLP), and other machine learning tools. This may include:

• Tokenization and frequency analysis of your text and corpora.
• Sentiment, topic, and keyword extraction.
• Similarity comparisons across documents or datasets.

We may use both in-house tools and third-party providers to perform these tasks. Where we rely on third-party AI/ML services, we seek to configure them to protect your privacy and limit unnecessary retention of your content.

6. Legal Bases for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we process your personal data under one or more of the following legal bases:

• Contract: where processing is necessary to provide the Service you requested.
• Legitimate interests: such as improving the Service, ensuring security, preventing abuse, and supporting our business operations, provided these interests are not overridden by your rights and interests.
• Consent: where we ask for your consent for specific optional activities (e.g., certain analytics or communications). You may withdraw your consent at any time.
• Legal obligation: where we are required by law to process or retain certain information.

7. How We Share Information

We do not sell your personal data. We may share your information in the following limited circumstances:

• Service providers: with trusted vendors who help us operate the Service (e.g., hosting, databases, analytics, email delivery, customer support, payment processing). These providers may only process your data on our behalf and in accordance with our instructions.
• Workspace collaboration: if you are part of a shared workspace, certain information (such as your name/email and the corpora or projects you access) may be visible to other authorized members of that workspace.
• Business transfers: in connection with a merger, acquisition, reorganization, or sale of assets, your data may be transferred as part of the transaction, subject to appropriate safeguards.
• Legal obligations: when required to do so by law, subpoena, court order, or other legal process, or to protect our rights, safety, or the rights and safety of others.

8. International Data Transfers

Depending on your location and our infrastructure, your information may be transferred to and processed in countries other than your own, which may have different data protection laws. Where required, we implement appropriate safeguards to protect your information when it is transferred internationally.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law. In general:

• Account and workspace data are retained while your account is active.
• Corpora and uploaded content are retained until you delete them or your account is closed, subject to any backup or legal retention requirements.
• Log and analytics data may be retained for a limited period to help ensure security, diagnose issues, and improve the Service.

When data is no longer needed, we will take reasonable steps to delete or anonymize it.

10. Security

We use reasonable technical and organizational measures designed to protect your information from unauthorized access, loss, misuse, or alteration. However, no system or transmission over the internet is completely secure. You are responsible for:

• Keeping your account credentials confidential.
• Using a strong, unique password for your account.
• Promptly notifying us if you suspect unauthorized access to your account or data.

11. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Correction: request that we correct inaccurate or incomplete data.
• Deletion: request deletion of your personal data, subject to legal requirements and legitimate business needs.
• Restriction: request that we restrict processing of your data in certain circumstances.
• Portability: request a copy of certain data in a structured, commonly used, and machine-readable format.
• Objection: object to certain types of processing, including processing based on our legitimate interests.
• Withdrawal of consent: where we rely on your consent, you may withdraw it at any time.

To exercise your rights, please contact us at [email protected]. We may need to verify your identity before responding to your request.

If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority.

12. Cookies and Tracking Technologies

As described in Section 3.5, we may use cookies and similar technologies for authentication, security, and analytics. Depending on your jurisdiction, you may be presented with a cookie banner or similar mechanism to manage your preferences.

13. Third-Party Links

The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party sites or services you visit.

14. Children’s Privacy

The Service is not intended for children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal data from children in this age group. If you believe that a child has provided us with personal data, please contact us and we will take steps to delete such information.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Effective Date" at the top and may provide additional notice (such as a banner or email) where appropriate.

Your continued use of the Service after any changes become effective means you accept the revised Privacy Policy.

16. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

[email protected]