NotaPraPlanilha is a product operated by ALS tecnologia e treinamento ("we", "us", the "Controller"). This policy explains what we collect, why, the legal basis we rely on, and the choices you have. It applies to parse-ai-magic.lovable.app and any future production domain.
1. What we collect
- Account data: email, display name, hashed password, and authentication tokens.
- Documents you upload: PDFs and images, plus their AI-extracted fields, confidence scores and metadata (filename, page count, content hash).
- Usage data: pages parsed, mailboxes created, model used and processing duration — used only for billing and product analytics.
- Technical logs: IP address, user-agent and basic request logs, retained for up to 30 days for abuse and reliability.
2. How we use your documents
Your documents are processed solely to perform the extraction you requested and to surface the result back to you. Specifically:
- Files are stored in a private object-storage bucket. There are no public links.
- For extraction, the document image is sent to our AI provider over TLS. The provider processes the request and discards the input — your documents are never used to train AI models.
- We never sell your documents, extractions, or contact information.
3. Security
- TLS 1.2+ in transit, AES-256 at rest.
- Row-level security in the database — users can only read and write their own records.
- Service-role credentials are server-only and rotated on incident.
- See the Security page for the full posture.
4. Data location & sub-processors
Application data is stored on infrastructure in the EU and the United States. Our current sub-processors and data recipients are:
- Supabase — hosting, database and authentication.
- Google Gemini — vision AI used to extract fields from your documents.
- Cloudflare — CDN and edge delivery.
- Paddle.com Market Limited — our Merchant of Record. Paddle processes all payments, billing, invoicing and tax compliance, and receives the personal and transactional data necessary to do so (name, billing address, email, payment instrument, country, VAT/tax ID where applicable). See Paddle's Privacy Notice.
A current sub-processor list is available on request.
4a. Legal basis for processing
- Performance of a contract — to create your account, process the documents you upload and deliver the service.
- Legitimate interests — product analytics, abuse prevention, security logging and improving reliability.
- Legal obligation — tax, accounting and responding to lawful requests (Paddle handles tax/invoicing obligations as MoR).
- Consent — where required, for optional communications. You can withdraw consent at any time.
5. Your rights (GDPR & LGPD)
- Access, correction, deletion: delete any document, mailbox or your entire account from the app. Cascading deletes remove the underlying file, preview and extraction within 24 hours.
- Portability: export your extractions as CSV at any time from the mailbox view.
- Request a DPA, sub-processor list or data export by emailing aislan@longevitylabs.tech.
- You may lodge a complaint with your supervisory authority (ANPD in Brazil, your DPA in the EU).
6. Retention
Documents and extractions are retained until you delete them or close your account. Backups are purged within 30 days. Free-tier accounts that are inactive for 12 months may be deleted after notice.
7. Cookies
We use strictly necessary cookies (authentication session) and a single first-party preference cookie for language. No advertising or cross-site tracking cookies.
8. Children
NotaPraPlanilha is not directed at children under 16 and we do not knowingly collect their data.
9. Changes
We will post material changes here and notify account holders by email at least 14 days before they take effect.
10. Contact
Privacy questions: aislan@longevitylabs.tech.