denoizev1 · beta
legal

Privacy Policy

last updated · 2026-04-24

This page explains what data Denoize ("we", "us") collects when you use the service, how we use it, and what control you have over it. We try to keep this short and human.

What we collect

  • Account data — your email, name (optional), password hash. If you sign in with Google or GitHub, we also receive your provider profile (id, email, display name).
  • API usage — for every call to the API: the URL you submitted, the timestamp, the API key prefix (first 12 characters), the user it belongs to. We do not log the request body content beyond the URL itself.
  • Extracted content — the Markdown we extract from URLs you submit may be cached server-side for up to 24 hours so the same URL doesn't have to be re-fetched. The cache key is a hash of the URL. We never cache the original binary (PDF, etc.).
  • Billing data — when you purchase credits, Stripe handles the card details. We never see or store card numbers. We store your Stripe customer id and the payment session id for reconciliation.
  • Operational logs — request id, status, latency, IP address (kept for abuse prevention up to 90 days).

How we use it

  • To run the service: extract content, meter credits, enforce quotas.
  • To communicate with you: account emails (password reset, low balance alerts), receipts.
  • To improve the service: aggregate usage stats, debug issues.
  • To prevent abuse: detect scrapers using stolen credentials, comply with subpoenas.

We do not sell your data. We do not use the URLs you submit or the content we extract to train AI models.

Who we share with

Only the third parties strictly required to run the service:

  • Stripe — payment processing
  • Resend — transactional email delivery
  • Google / GitHub — only if you sign in via OAuth (we receive your profile)
  • Hosting / database providers — to physically run the application and store its data

Retention

  • Account data: kept until you delete your account.
  • API usage logs: 90 days, then aggregated and the per-request rows are deleted.
  • Cached extracted content: up to 24 hours, then evicted.
  • Payment records: kept as long as legally required (typically 10 years for tax compliance under EU/IT law).

Your rights

Under GDPR (and equivalent regimes), you can ask us to:

  • Show you what data we hold about you
  • Correct inaccurate data
  • Delete your account and associated data (we honor this within 30 days)
  • Export your data in a portable format
  • Restrict or object to certain processing

Email [email protected] for any of the above.

Cookies

We use a single first-party cookie to store your authenticated session. We do not use third-party tracking, advertising, or analytics cookies.

Changes

If we change this policy in a way that materially affects you, we'll email you. Otherwise, the "last updated" date at the top tells you when the page changed.

Contact

For privacy questions: [email protected]
For everything else: [email protected]