Data Policy
Last updated: December 1, 2025
Simple-OCR ("the Service") prioritizes transparency and security so you can use our product with confidence. This policy explains what data we collect, why we use it, how long we retain it, when we collaborate with external platforms, and the safeguards we apply.
1.Data We Collect
1.1 Uploaded Image Data
We collect the following data to run OCR processing.
- Image files (JPEG / PNG / PDF, etc.)
- Metadata such as file name, size, and format
We analyze image contents only to perform OCR. We never reuse them for training or secondary purposes.
1.2 Usage Logs and Access Information
To improve the service and maintain security, we collect the following.
- IP address, user agent, and browser details
- Access timestamps, API call counts, processing times
- Error reports and suspicious access detection logs
1.3 Account and Billing Information
- Account information such as email address
- Minimal billing data supplied by Stripe (customer ID, subscription status, etc.)
We do not store payment card details on our servers.
2.How We Use the Data
2.1 Performing OCR
We convert uploaded images into text as requested.
2.2 Improving Service Quality
We analyze aggregated operational metrics to improve speed, reliability, and features. We do not analyze or store image contents for this purpose.
2.3 Preventing Abuse and Securing the Service
- Detecting abnormal access patterns
- Responding to policy violations or API misuse
2.4 Billing and Support
- Managing subscriptions and invoicing via Stripe
- Responding to customer inquiries
3.Retention Periods
3.1 Image Data
- Automatically deleted 30 days after upload
- Never stored for model training or secondary reuse
- We do not provide a feature for users to persist uploads
3.2 Usage Logs
Retained for 30–90 days to assist with security and system improvements.
3.3 Billing and Account Data
- Stored and managed within Stripe
- We retain only the minimum information needed to manage your subscription
4.Integrations with External Services and AI Platforms
We leverage the OpenAI API (GPT-4 class models, etc.) for a portion of our OCR pipeline.
4.1 Data Sent to OpenAI
- Image data or its Base64 representation
- Minimal text required to complete the OCR request
4.2 OpenAI Data Protection (Official)
OpenAI guarantees the following for data sent via the API.
- API data is not used for model training
- Data is automatically deleted after a defined period
- Data is safeguarded under the API agreement
OpenAI Data Controls
https://platform.openai.com/docs/guides/your-data
4.3 Sharing with Other Third Parties
We do not disclose user data to third parties except in the following circumstances.
- When legally compelled to disclose
- Providing the minimum necessary information to payment processors such as Stripe
- Limited access by infrastructure providers (e.g., AWS) for maintenance
5.Security Measures
We implement commercially appropriate security protections, including the following.
- HTTPS/TLS encryption
- Encrypted storage (e.g., AWS SSE)
- Least privilege access controls
- Secure storage of API keys and credentials
- Tenant isolation and safe multi-tenant design
- Preventing personal data leakage into logs
- Audited and restricted administrator access
6.Your Rights
You may request the following actions.
- Confirm data we hold
- Request data deletion
- Delete your account
- Cancel your subscription
We may be unable to fulfill certain requests if prohibited by law or limited by technical constraints.
7.Use of Cookies
We may use cookies or similar technologies to enable analytics, maintain authenticated sessions, and prevent abuse. We do not use tracking cookies for advertising.
8.Policy Updates
We will announce changes to this policy on our site, including the revision date. For material changes, we may provide advance notice or direct outreach.
9.Contact
Contact us at the following for questions about this policy.
Simple-OCR Data Policy Team
- Company
- Cozy.Inc
- Address
- 6-23-4 Jingumae, Shibuya-ku, Tokyo 150-0001, Japan
- help@be-cozy.io