Legal

Privacy Policy

Last updated: March 30, 2026

1. Information we collect

We collect the minimum data necessary to operate the Service:

  • Account information — name, email address, and hashed password (we never store plaintext passwords).
  • Uploaded documents — P&ID files you submit for instrument extraction.
  • Extraction results — instrument data extracted from your documents, including any corrections you make during review.
  • Usage data — pages processed, features used, extraction accuracy metrics, and review edits (used to improve service quality).
  • Payment data — processed and stored by Stripe. We receive only transaction confirmation, customer ID, and purchase amount. We never see or store your card number.
  • Technical data — IP address, browser type, and request logs for security and abuse prevention. Retained for 30 days.

2. How we use your data

  • Provide the Service — process your P&ID documents, extract instrument data, and generate exports.
  • Improve accuracy — aggregate review corrections (original vs. edited values) to improve extraction quality over time. This data is used in aggregate form only.
  • Billing — process payments, manage credits, and maintain transaction history.
  • Communication — send verification emails, processing notifications, and important service updates.
  • Security — detect and prevent fraud, abuse, and unauthorized access.

3. Data retention

  • Uploaded PDF files — automatically deleted after 30 days. You can request immediate deletion.
  • Extraction results — retained in your account until you delete the project or your account.
  • Account data — retained until you delete your account. Upon deletion, all personal data is permanently removed.
  • Aggregate accuracy data — de-identified correction statistics may be retained indefinitely for service improvement.
  • Server logs — retained for 30 days, then automatically purged.

4. Third-party services

We share data only with services necessary to operate:

  • Stripe (payments) — processes credit card transactions. Subject to Stripe's Privacy Policy.
  • Cloudflare (CDN/DNS) — serves the website and provides DDoS protection. Subject to Cloudflare's Privacy Policy.
  • Resend (email) — sends transactional emails (verification, notifications). Subject to Resend's Privacy Policy.
  • Railway (hosting) — hosts our backend infrastructure. Subject to Railway's Privacy Policy.
  • Document processing — your uploaded P&ID drawings are processed by our extraction system to identify instrument tags. Your files are not used to train any models.

We never sell your personal data to third parties.

5. Data security

  • All data transmitted via TLS/HTTPS encryption
  • Passwords hashed with bcrypt (never stored in plaintext)
  • JWT-based authentication with token rotation
  • Rate limiting and account lockout protection
  • Role-based access controls — you can only access your own data
  • Structured audit logging with request correlation

6. Cookies

We use only essential cookies and local storage:

  • Authentication tokens — stored in localStorage to keep you signed in.
  • Cookie consent preference — stored in localStorage to remember your choice.

We do not use tracking cookies, analytics cookies, or advertising cookies. We do not use Google Analytics or similar tracking services.

7. Your rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access — request a copy of all personal data we hold about you. Available via the data export feature in your account settings, or by contacting us.
  • Right to rectification — request correction of inaccurate personal data.
  • Right to erasure — request deletion of your account and all associated data. Available via the delete account feature, or by contacting us.
  • Right to data portability — receive your data in a structured, machine-readable format (JSON). Available via GET /api/auth/export.
  • Right to object — object to processing of your data for certain purposes.
  • Right to restrict processing — request limitation of how we process your data.

Lawful basis for processing: We process your data based on: (a) contract performance (providing the Service you signed up for); (b) legitimate interests (improving service accuracy, security); and (c) consent (marketing communications, if any).

To exercise any of these rights, contact us at support@tagsight.net. We will respond within 30 days.

8. California privacy rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know — you may request the categories and specific pieces of personal information we have collected about you.
  • Right to delete — you may request deletion of your personal information.
  • Right to opt-out of sale — we do not sell personal information. There is nothing to opt out of.
  • Non-discrimination — we will not discriminate against you for exercising your privacy rights.

Categories of personal information collected:

  • Identifiers (name, email, IP address)
  • Commercial information (purchase history, credit balance)
  • Internet activity (usage logs, feature interactions)
  • Professional information (uploaded engineering documents)

To submit a CCPA request, email support@tagsight.netwith the subject "CCPA Request".

9. Children's privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete it.

10. International data transfers

Your data may be transferred to and processed in the United States. By using the Service, you consent to this transfer. We ensure appropriate safeguards are in place in accordance with applicable data protection laws.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email at least 14 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact

For privacy-related questions or to exercise your data rights:

Email: support@tagsight.net