⚠️ Review and fill in your company details (name, address) before going live.

Privacy Policy

Last updated: March 2026

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

[COMPANY NAME]
[Street + Number]
[Postal Code, City]
[Country]

E-mail: privacy@baindly.com

For any questions regarding data protection, please contact us at the email address above.

2. Data We Collect

We process personal data only to the extent necessary to provide and operate our service.

Account data

  • Email address
  • Encrypted password

Authentication is provided by Supabase Auth.

Uploaded documents

When you upload documents, we process:

  • PDF files
  • Images
  • Other document files

These files are stored in a private Supabase Storage bucket associated exclusively with your user account.

Document metadata

The following information may be automatically extracted from your documents:

  • Summaries
  • Keywords
  • Categories
  • Tasks or follow-up items

This metadata is stored to improve the usability of the service.

Server log data

When you access our application, technical data is automatically processed:

  • IP address
  • Time of request
  • Browser type
  • Operating system

This data is used exclusively for system security and stability.

Payment information

Payment processing is handled by Stripe. We store only:

  • your subscription status
  • payment events (e.g. active, cancelled)

We have no access to your credit card details.

Cookies

We use only strictly necessary session cookies set by Supabase to keep you signed in during your session. No tracking or advertising cookies are used.

3. Legal Basis for Processing (Art. 6 GDPR)

Processing of your data is based on the following legal grounds:

Art. 6(1)(b) GDPR — Performance of a contract
Processing is necessary to provide our service, including:

  • User accounts
  • Document storage
  • AI-powered analysis
  • Subscription management

Art. 6(1)(f) GDPR — Legitimate interests
Some processing is based on our legitimate interests, in particular:

  • Ensuring IT security
  • Preventing abuse and fraud
  • System stability and error analysis

4. Processors

We use third-party service providers (processors) to deliver our service. They process data solely according to our instructions and under data processing agreements pursuant to Art. 28 GDPR.

  • Supabase (EU): Database, authentication, and file storage.
  • Anthropic: AI text extraction via the Claude API. Document text may be transmitted to the API for analysis. According to the provider, this data is not used to train models.
  • Stripe: Payment processing and subscription management.
  • Resend: Delivery of system-relevant emails (e.g. login or notifications).
  • Vercel: Hosting of the web application.

5. International Data Transfers

Some of our service providers may process data outside the European Union or the European Economic Area. In such cases, data transfers take place only in compliance with the legal requirements of the GDPR, in particular on the basis of:

  • EU Standard Contractual Clauses (Art. 46 GDPR), or
  • other appropriate safeguards to protect personal data.

6. Retention

We store personal data only for as long as necessary for the respective purpose.

Account data
Stored for as long as your user account is active.

Documents and metadata
Stored for as long as your account exists. When you delete your account, all documents, metadata, and credentials are permanently deleted.

Inactivity policy: Accounts with no sign-in for 11 months will receive a reminder email. If no sign-in occurs within 30 days, the account, all documents, and all associated data will be permanently deleted. Active Pro subscribers are exempt from this policy while their subscription remains active.

Payment data
Stripe may retain payment information in accordance with statutory retention obligations.

Server logs
Server log data is stored for a maximum of 30 days for security purposes.

7. Your Rights

Under the GDPR you have the following rights:

  • Access (Art. 15 GDPR) to your stored personal data
  • Rectification (Art. 16 GDPR) of inaccurate data
  • Erasure (Art. 17 GDPR) of your data
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)

To exercise your rights, you may delete your account within the application or contact us at privacy@baindly.com.

8. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority.

The competent authority in Austria is:

Österreichische Datenschutzbehörde
Barichgasse 40–42
1030 Vienna, Austria
https://www.dsb.gv.at

9. Data Security

We implement appropriate technical and organisational measures (TOMs) to protect your data, including:

  • Encrypted data transmission (HTTPS)
  • Access controls
  • Secure cloud infrastructure
  • Regular security updates

10. Automated Decision-Making

No automated decision-making within the meaning of Art. 22 GDPR takes place. The AI features are used solely to assist with document analysis.

11. Contact

For any questions regarding data protection or the processing of your data, please contact us at: privacy@baindly.com