Privacy Policy

1. Data We Collect

We collect the following types of information:

• Account Information: When you create an account, we collect your name, email address, password, organization name, industry, and timezone preferences.
• Documents: Files you upload to the Service (PDFs, images, spreadsheets) for AI-powered data extraction and processing.
• Google User Data: When you connect your Google account, we access the following data based on the permissions you grant:
  • Email address and profile information (name, profile picture) — used to identify your connected Google account within the Service.
  • Google Drive files you select (per-file access) — we only access files you explicitly choose through the Google file picker. We cannot browse or access any files you have not selected. This includes Google Sheets you designate as output destinations for your workflows, which we read from and write to for delivering structured extraction results.
• Usage Data: We collect anonymized analytics about how you interact with the Service (pages visited, features used) to improve the product.

2. How We Use Your Data

We use the information we collect for the following purposes:

• Providing the Service: Processing your documents using AI models, running automated extraction workflows, and delivering structured results.
• Google Drive & Sheets Integration: Accessing only the specific Google Drive files and Google Sheets you explicitly select through our file picker. We read from and write extracted data to the Sheets you designate as output destinations for your workflows. We cannot access any files you have not selected.
• Account Management: Authenticating your identity, managing your organization and team members, and communicating service updates.
• Product Improvement: Analyzing aggregated, anonymized usage patterns to improve the Service. We do not use your document contents or Google user data for product analytics.

3. Data Storage and Security

We take the security of your data seriously and implement industry-standard measures to protect it:

• Document Storage: Uploaded documents are stored in Amazon S3 with encryption at rest (AES-256) and in transit (TLS 1.2+). Access is restricted to authenticated users within your organization.
• Google OAuth Tokens: Access tokens and refresh tokens obtained through Google OAuth are stored encrypted in our database. They are used solely to maintain your Google integration and are never exposed to other users or third parties.
• Database: All application data is stored in encrypted PostgreSQL databases with access restricted to authorized application services only.
• Infrastructure: Our services run on Railway and AWS with network-level isolation, automated backups, and access controls.

4. Data Sharing

We do not sell, rent, or trade your personal information or Google user data. We share data only in the following limited circumstances:

• AI Processing Providers: Document contents are sent to third-party AI model providers (such as Mistral AI) for OCR and data extraction. These providers process data under enterprise agreements that prohibit them from using your data for model training or any purpose other than fulfilling our processing requests.
• Infrastructure Providers: We use cloud infrastructure providers (AWS, Railway) to host and operate the Service. These providers act as data processors under our direction.
• Legal Requirements: We may disclose information if required to do so by law or in response to valid legal process.

Google user data is never shared with third parties for advertising, data brokerage, or any purpose unrelated to providing the Service. Google Drive file contents and Google Sheets data are only accessed to fulfill the specific integration features you configure.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide you the Service. Specifically:

• Account data is retained until you delete your account or request deletion.
• Uploaded documents are retained until you delete them or close your account.
• Google OAuth tokens are revoked and deleted when you disconnect your Google account from the Service or delete your account.
• Extraction results are retained as part of your workflow history until you delete them or close your account.

You can request deletion of all your data by contacting us at support@getceres.xyz or by deleting your account through the Settings page.

6. Google API Services Disclosure

Ceres's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we limit our use of Google user data to the practices explicitly disclosed in this Privacy Policy. We do not use Google user data for serving advertisements, and we do not allow humans to read your Google data unless: (a) we have your explicit consent, (b) it is necessary for security purposes, (c) it is necessary to comply with applicable law, or (d) our use is limited to internal operations and the data has been aggregated and anonymized.

7. Cookies

We use cookies and similar technologies for authentication (session tokens) and to remember your preferences. We also use anonymized analytics cookies (PostHog) to understand usage patterns. You can control cookie settings through your browser.

8. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data and account.
• Revoke Google account access at any time through your Google Account permissions or through the Integrations page in the Service.
• Export your data by contacting us.

9. Changes to This Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at support@getceres.xyz.