Privacy Policy
1. Controller and Scope
1.1. This Privacy Policy explains how Redacto handles personal data when a user visits the website, purchases a license, receives a license key, activates the extension, validates a license, or contacts support.
1.2. The controller is the Redacto licensor identified in Section 12 of the Russian license offer for individuals. Contact details for privacy requests are listed in the same section.
1.3. This Policy covers both the public landing page and the Chrome browser extension.
2. Summary
- User text and files: processed locally in the browser and not sent to Redacto servers.
- Purchase email: used for payment processing, receipt delivery, license key delivery, and license-related service messages.
- Payments: processed through YooKassa; Redacto does not receive or store bank card details.
- Marketing: sent only with a separate opt-in consent and stopped after unsubscribe or consent withdrawal.
- Licensing: the extension sends only license activation and validation data to the server, not user text, files, or masking dictionaries.
3. Data We Process
3.1. During license purchase and payment, Redacto processes the user's email address, local order data, YooKassa payment identifiers, payment amount, payment status, timestamps, and technical metadata needed to issue and deliver the license key.
3.2. For receipts, Redacto forms and transmits the data required by the applicable tax regime and sends the receipt to the purchaser electronically.
3.3. During license activation and validation, Redacto processes the license key during activation, signed license token, installation identifier, extension version, license status, activation and expiration dates, next validation date, and a locally calculated hash of the browser account identifier when available.
3.4. If the user opts in to marketing emails, Redacto processes the email address, consent timestamp, consent source, consent text version, subscription status, and unsubscribe data.
3.5. If the user contacts support, Redacto processes the email address, message content, and any information the user chooses to include in the request.
3.6. Technical logs may temporarily contain request date and time, IP address, user-agent, request URL, processing result, and error details. These logs are used for security, diagnostics, and abuse prevention.
4. Purposes
4.1. Purchase email and order data are used to enter into and perform the license agreement: process payment, issue a license key, send a receipt, deliver service messages, and provide support.
4.2. Payment and receipt data are processed to comply with legal obligations and to confirm transactions.
4.3. License data is processed to activate the license, validate its term, prevent license key sharing, revoke a license where allowed by the license terms, and restore access when the user contacts support.
4.4. Marketing emails are sent only with prior consent. The user may unsubscribe or withdraw consent.
4.5. Technical logs are processed to keep the website and backend working, investigate errors, prevent fraud, and protect Redacto and its users.
5. How the Extension Processes Data Locally
5.1. Redacto's core feature is local processing of user text and files in the browser. User text, files, masking dictionaries, and masking policy settings are not sent to Redacto servers for masking or restoration.
5.2. The extension analyzes text that the user types or pastes on supported websites and in the side panel, detects personal and sensitive entities, replaces them with markers such as [PERSON_1], [EMAIL_1], and [ORG_1], and lets the user restore original values where local state is available.
5.3. Local detection may use a built-in NER model running through ONNX Runtime and WebAssembly, as well as local rules. These computations run on the user's device.
5.4. File processing for supported formats, including .txt, .csv, .docx, .xlsx, and .pptx, is performed locally in the browser. If the user creates a JSON dictionary, they may protect it with a password; encryption is performed locally.
5.5. The extension uses chrome.storage.session for temporary current-session and current-tab state, including marker-to-original mappings. It uses chrome.storage.local for local masking policy settings, signed license token, public license dates, and a technical installation identifier.
5.6. For licensing, the extension may use Chrome identity to access a technical Chrome profile identifier and calculate a hash locally. The user's Google email is not sent to the license backend.
5.7. The user can delete local extension data by uninstalling the extension, clearing browser extension/site data, or using the browser's built-in data management controls.
6. Chrome Web Store Limited Use Disclosure
6.1. The use and transfer of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.
6.2. Redacto uses data obtained through Chrome APIs only to provide or improve its single purpose: local sensitive data masking and restoration with license activation and validation.
6.3. Redacto does not sell user data, does not transfer user data to advertising platforms or data brokers, does not use user data for personalized advertising, retargeting, credit scoring, or lending decisions, and does not use user text or files to train external AI or machine learning models.
7. Third Parties and External Services
7.1. YooKassa is used to process payments. After the user submits the license purchase form, the payment form may load the official widget and YooKassa/YooMoney resources required for payment. Bank card details are entered into the payment form and are not transmitted to Redacto.
7.2. An SMTP provider may be used to deliver license keys and service messages. Only the data necessary to send the email is provided.
7.3. If the user has opted in to marketing, Redacto may export the email address, consent timestamp, consent version, and unsubscribe URL to an external email service. Marketing emails are not sent without separate consent.
7.4. Receipt and transaction data may be transmitted to tax authorities where required by applicable law.
7.5. Redacto may use technical providers for hosting, domain, email, and infrastructure. Such providers may access data only as needed to provide their services.
8. Retention
8.1. Personal data is retained no longer than necessary for the purposes described in this Policy, unless a longer period is required by law, contract, or legitimate rights protection.
8.2. The purchaser email is stored in minimized form: a hash is used for order lookup and audit, while the original value is stored encrypted only where needed for license delivery, service retry, or mandatory legal requirements.
8.3. Raw license keys issued after payment are stored only encrypted and only for a limited period required for service re-delivery. After that period, only the key hash and public license data remain.
8.4. Marketing consent is retained until unsubscribe, withdrawal, or termination of marketing activities. After unsubscribe, the encrypted email used for marketing is cleared, while a hash may remain in a suppression list to prevent renewed sending without new consent.
8.5. Technical logs are retained for a limited period necessary for diagnostics, security, and incident investigation.
9. Security Measures
9.1. Redacto applies organizational and technical measures to protect personal data, including data minimization and separation between payment, licensing, and local extension processing.
9.2. Purchaser email is stored as a hash and encrypted value. Encryption and token-signing secrets are kept separate from public code.
9.3. User text, files, masking dictionaries, and extension settings are not accepted by the payment and licensing backend.
9.4. Redacto does not use user text or files for advertising, profiling, credit scoring, or training external AI or machine learning models.
10. User Rights and Choices
10.1. Users may request information about their personal data, correction, restriction, or deletion where applicable.
10.2. Users may withdraw marketing consent. Withdrawal does not affect processing that occurred before withdrawal and does not prevent processing required to perform the license agreement, send receipts, comply with law, or protect rights.
10.3. Privacy requests should be sent to the controller contact listed in Section 12 of the license offer. The request should include the email used for purchase or support and describe the request. Redacto may request information needed to confirm the user's connection to an order or license.
11. Emails, Cookies, and Analytics
11.1. Redacto does not use its own web analytics, tracking pixels, or marketing email open/click tracking on the landing page.
11.2. The YooKassa payment widget loads only after the user submits the license purchase form. Within the payment form, YooKassa may use its own cookies, local storage, and network requests necessary to process the payment.
11.3. Service emails about purchase, receipt, license key, license status, and support are not marketing emails. Marketing emails are sent only with separate consent.
12. International Transfers
12.1. Redacto aims to store the purchaser database containing personal data of Russian citizens in the Russian Federation.
12.2. If email, mailing, support, hosting, or other infrastructure providers involve international transfer of personal data, such transfer is performed only where a valid legal basis exists and applicable law is followed.
13. Changes to This Policy
13.1. Redacto may update this Policy when the product, payment flow, data categories, law, or extension store requirements change.
13.2. The new version takes effect when published on the website unless it states otherwise.