Last Updated: 21st of April, 2024
This Privacy Policy outlines how PostLabel.co ("the Service") manages and processes user information. By using the Service, you agree to the terms outlined in this Privacy Policy.
All data processing, including PDF extraction and analytics, occurs client-side. No personally identifiable information (PII) is sent or stored on our servers. The only data collected is anonymized analytics data detailed in our Data Processing Agreement as referenced in our Terms of Service.
The Service employs Cloudflare Cookieless Logging, Vercel Cookieless Analytics and Plausible Cookieless Analytics, all of which do not capture IP addresses or other PII. A custom endpoint, /usage, collects non-PII analytics data triggered during Processing, Downloading, and Printing events and /queryUsage retrieves it for display in UI in aggregated fashion. It only ever contains the following data: number of files, number of pages, file size, number of labels and number of labels per type identified, date of event, and a randomly generated UUID that is unique to each page opening event.
Analytics data from the /usage endpoint is stored in a persistent database within the EU, currently located in Germany, Frankfurt and operated by Vercel.
The Service is hosted on Vercel, a serverless and stateless environment, in the UK, London datacenter. No access to router logs is available, and Vercel logs do not include PII but instead only includes User Agent.
The Service may use third-party services for analytics and logging, each governed by its own privacy policy. Please refer to our Data Processing Agreement and the privacy policies of Cloudflare, Plausible and Vercel for more information.
Logs collected by Vercel only capture User Agent information, e.g., "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36." which falls outside of PII as defined by GDPR and CCPA and other privacy regulation legislation.
You, as a User, are within your rights not to use the Service. As we store no PII as defined in our Data Processing Agreement, we are unable to execute on any Data Protection, Removal or other requests related to Data Subject Rights as we don't store any nor have any option to determine which data would need to be exported or removed as the result of the above.
The Service complies with all latest security measures and practices. All Third-Party Services are protected with multi-factor authentication, as for the credentials for the Analytics Storage - these are held securely and never shared with anyone. Furthermore, the code is openly available on GitHub.
For any questions or concerns regarding this Privacy Policy, please contact us at [email protected].
