Last updated: January 2026

Privacy and security have always been the foundation of DigiParser's approach to product development and business, and we continuously evaluate all our practices in an effort to safeguard your information as effectively as possible. In that vein, we're glad to comply with the General Data Protection Regulation ("GDPR") and to help DigiParser's customers comply with the GDPR.

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. For European individuals, the GDPR expands their data privacy rights and gives them more power to control their data. For companies that process the personal data of these European individuals, the GDPR requires compliance with a new set of regulations. The GDPR outlines specific requirements that these companies must satisfy, as well as specific rights that European individuals can exercise with these companies.

Further information on the GDPR is available on the European Union's official website.

Under the EU General Data Protection Regulation (GDPR):

• Customer acts as the Data Controller
• DigiParser acts as the Data Processor

DigiParser processes customer data solely on documented instructions from the customer and only for the purpose of providing the agreed services.

DigiParser may process the following data types as part of document processing workflows:

• Document files (including but not limited to PDF, Excel, DOCX, CSV, images, and email attachments)
• Extracted structured data derived from submitted documents
• Account information (name, email, company information)
• Parser configurations including field definitions, extraction rules, and processing settings
• Team member information including names, email addresses, roles, and permissions

DigiParser is not designed to specifically collect or target special category (sensitive) personal data. Documents are processed as provided by the customer, who remains responsible for the content of submitted data.

• Customer data is hosted and processed in the European Union (EU) region by default for enterprise customers.
• For standard customers, data may be hosted in the United States, with options for EU data residency available upon request.
• Data is not transferred outside the selected region unless explicitly configured or required for service delivery.
• DigiParser does not sell or share customer data with third parties for marketing or independent purposes.

For more information about data storage and location, see our Privacy Policy.

DigiParser implements appropriate technical and organizational measures, including:

• Encryption of data in transit and at rest
• Secure, signed URLs for document access
• Logical tenant isolation between customers
• Role-based access controls

For detailed information about our security measures, see our Security Policy.

• DigiParser personnel do not have access to customer documents by default
• Support access requires explicit customer consent
• Access is granted per document or per request, not globally
• All access is logged and limited to troubleshooting purposes only

This ensures that your data remains private and is only accessed when necessary to provide support, and only with your explicit permission.

• Data retention is configurable (e.g., 1 day, 1 week, 1 month, or longer based on your account settings)
• Customers may request deletion of data at any time
• Upon termination of a paid subscription, all customer data is deleted in accordance with agreed retention policies
• We retain your data only for as long as necessary to provide our services or as required by law

For more details on our data retention practices, please see our Privacy Policy.

DigiParser uses a limited number of vetted sub-processors to provide infrastructure and document processing services.

All sub-processors operate under GDPR-compliant contractual obligations and process data only to deliver the DigiParser service.

Customer data is not used for training or secondary purposes by DigiParser or its sub-processors.

For a complete list of our sub-processors, see our Third Party Subprocessors page.

DigiParser maintains procedures to detect, respond to, and mitigate security incidents.

In the event of a personal data breach impacting customer data, DigiParser will follow applicable data protection laws and GDPR requirements for breach notification, including providing relevant details about the nature of the breach and measures taken to address it.

• DigiParser is committed to GDPR compliance and data protection best practices
• Upon request, DigiParser can enter into a Data Processing Agreement (DPA) with customers
• We regularly review our codebase and infrastructure for security vulnerabilities
• We maintain audit trails and logs for all data processing activities

If DigiParser will process your personal data or personal information, you can request a Data Processing Agreement (DPA) by contacting us. Please email us at [email protected] with your company name, address, and the name and position of the person who will sign the DPA on behalf of your company.

For enterprise clients with specific requirements, please reach out directly to our support team for customized agreements.

For more information, see our Data Processing Agreement page.

DigiParser can help you meet your data portability and deletion requirements for the GDPR:

• Data Export: You can export all your extracted data at any time through the DigiParser interface or API.
• Data Deletion: You can request permanent deletion of all your data by sending an email to [email protected]. We will process your request in accordance with applicable data protection laws.
• Access to Personal Data: You can access all personal data we hold about you through your account settings or by contacting us.
• Right to Rectification: You can update or correct your personal data at any time through your account settings.
• Right to Object: You can object to certain processing activities by contacting us at [email protected].

DigiParser supports customers in fulfilling data subject rights requests, including:

• Right to Access: Request access to the personal data we hold about you
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Data Portability: Export your data in a machine-readable format
• Right to Object: Object to certain types of data processing
• Right to Restrict Processing: Request that we limit how we process your data

Requests are handled in accordance with applicable data protection laws and GDPR requirements.

We have appointed a Data Protection Officer to oversee our data protection practices. For more information or to exercise your rights under GDPR, contact [email protected].

We've added additional language to our Privacy Policy to reinforce our commitment to privacy, security, and confidentiality, and to ensure compliance with GDPR requirements.

If you have further questions about GDPR compliance or need to exercise your rights under GDPR, please reach out to [email protected].

For data protection or privacy inquiries:

Email: [email protected]

Company: DigiParser