Privacy Policy

Last updated: January 2025

We respect your privacy. This policy explains what data we collect, how we use it, and your rights.

1. Information We Collect

Information You Provide

• Email address: When you create an account
• Name: Optional, for billing purposes
• Payment information: Securely processed by Stripe (we never see your full card number)
• EDI files: The files you upload for conversion
• Contact messages: When you use our contact form

Information We Collect Automatically

• Usage data: Files processed, transaction types, upload times
• Device information: Browser type, IP address, operating system
• Authentication tokens: To keep you logged in

Anonymous Usage

You can use our free preview without creating an account. In this case, we temporarily store your EDI file and parse results in your browser's local storage—this data never leaves your device.

2. How We Use Your Information

• Provide our service: Parse EDI files and generate CSV exports
• Process payments: Bill for paid exports and subscriptions
• Send transactional emails: Upload confirmations, export receipts, account notifications
• Improve our parser: Analyze parsing patterns to fix bugs and add features
• Customer support: Respond to inquiries and refund requests
• Prevent abuse: Detect and prevent fraudulent activity

We do NOT:

• Send marketing emails without your consent
• Sell your data to third parties
• Use your EDI data for purposes other than providing our service
• Share your files with anyone else

3. Data Storage and Security

Where We Store Your Data

• Firebase (Google Cloud): User accounts, EDI files, parse results
• Stripe: Payment information (PCI-compliant)
• Vercel: Web hosting and serverless functions

Security Measures

• All data encrypted in transit (HTTPS/TLS)
• All data encrypted at rest
• Secure authentication via Firebase Auth
• Regular security audits
• Limited employee access to production data

Data Retention

• EDI files: Automatically deleted after 30 days
• Parse results: Stored until you delete them or 30 days, whichever comes first
• Account data: Retained until you delete your account
• Payment records: Retained for 7 years for tax/legal compliance

4. Third-Party Services

We use trusted third-party services to operate PlainEDI. Each has its own privacy policy:

• Firebase (Google Cloud): Authentication, database, file storage
  firebase.google.com/support/privacy
• Stripe: Payment processing
  stripe.com/privacy
• SendGrid: Transactional emails
  twilio.com/legal/privacy
• Vercel: Web hosting
  vercel.com/legal/privacy-policy

We only share data necessary to provide our service. We do not sell your data to anyone.

5. Your Rights

You have the right to:

• Access your data: Request a copy of all data we have about you
• Correct your data: Update incorrect information in your account settings
• Delete your data: Delete files from your dashboard or delete your entire account
• Export your data: Download your parse results and transaction history
• Opt out of emails: Unsubscribe from marketing emails (transactional emails required for service)
• Withdraw consent: Delete your account to stop data processing

To exercise these rights, contact us or manage settings in your dashboard.

6. Cookies and Tracking

We use essential cookies only for authentication and session management. These are required for the service to function.

We do NOT use:

• Third-party advertising cookies
• Cross-site tracking
• Social media tracking pixels
• Analytics cookies (we use server-side analytics only)

7. GDPR Compliance (EU Users)

If you're in the EU, you have additional rights under GDPR:

• Legal basis for processing: Contract performance (to provide our service) and legitimate interests (improving our service)
• Data portability: Export your data in machine-readable format
• Right to object: Object to data processing for legitimate interests
• Supervisory authority: File complaints with your local data protection authority

8. CCPA Compliance (California Users)

If you're a California resident, you have rights under CCPA:

• Categories of data collected: Listed in Section 1
• Business purposes: Listed in Section 2
• No selling of data: We do not sell personal information
• Disclosure requests: Request disclosure of data collected in past 12 months
• Deletion requests: Request deletion of your data
• Non-discrimination: We won't discriminate for exercising your rights

9. Children's Privacy

PlainEDI is not intended for users under 13 years old. We do not knowingly collect data from children. If we discover we've collected data from a child, we'll delete it immediately.

10. International Data Transfers

Your data may be transferred to and processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place (e.g., Google Cloud's data processing agreements).

11. Changes to This Policy

We may update this Privacy Policy as our service evolves or laws change. Material changes will be communicated via email to registered users. The "Last updated" date at the top reflects the most recent version.

12. Contact Us

Questions about privacy or data handling? Contact us

Data Controller: PlainEDI (Infinite Grow Ventures LLC)
Location: United States