Skip to main content
500 pages to test the API, one-time. No credit card.Join the waitlist

Security and privacy, by design.

Parsift is built for teams that handle sensitive documents. We protect your data with encryption, strict access controls, and a proprietary extraction engine you stay in control of. This page explains our compliance posture, the subprocessors we rely on, and the controls we have in place.

Last updated: 2026-05-20

Compliance

Parsift is built to align with modern data protection law.

Our data handling practices are designed to comply with the Brazilian General Data Protection Law (LGPD, Lei 13.709/2018) and to be compatible with the EU General Data Protection Regulation (GDPR).

We support data subjects in exercising their rights (access, correction, deletion, portability, and the right to object) and we limit processing to what is necessary to deliver the service.

For full details on what we collect, why, the legal bases for processing, and how to exercise your rights, see our Privacy Policy.

Subprocessors

Third-party providers that may process data on Parsift's behalf. Our platform runs on Azure data centers (multi-region; currently United States).

Microsoft Azure

United States

Cloud infrastructure: compute, managed database, and identity and authentication.

Cloudflare

Global edge

Object storage for uploaded documents (encrypted at rest), plus DNS, CDN, TLS, and edge security for the public site.

Security measures

The controls we apply across the platform to keep your data safe.

Encryption in transit and at rest

All traffic to and from Parsift is protected with TLS. Uploaded documents and extracted data are encrypted at rest in our storage and database layers.

Access controls

Access to production systems and customer data is restricted, authenticated, and logged, following least-privilege principles.

Proprietary extraction engine

Extraction runs on our own engine, and you control whether your documents ever reach external model providers, so nothing is exposed to third parties without your choice.

Data minimization

We keep uploaded files and extracted data only as long as needed to deliver the service, and minimize what we retain. Retention terms are defined per plan; Enterprise retention is set in your agreement.

Form abuse protection

Our waitlist and contact forms use Cloudflare Turnstile for anti-bot protection. Cloudflare is already a disclosed subprocessor, and Turnstile is a privacy-friendly challenge that does not track users across sites.

Data Processing Agreement

For customers who need a Data Processing Agreement (DPA) covering how Parsift processes personal data on their behalf, a DPA is available on request. Reach out and we will share the current agreement; a downloadable PDF template is planned for a future release.

Request a DPA

This document describes how Parsift handles your data, in line with the LGPD (Brazilian General Data Protection Law) and GDPR-compatible practices. It is provided for transparency and does not constitute legal advice.