Privacy Policy

Parsift is operated by AT TECNOLOGIA LTDA, registered under CNPJ 56.606.567/0001-60, with registered address at Av. Nossa Senhora da Penha, 1495, Sala 707, Torre BT, Vitória - ES (the "Controller", "we", "us"). We are the controller of the personal data described in this Policy.

Parsift is a document intelligence platform: we extract structured data from documents (such as invoices, receipts, and bank statements) using our own proprietary engine. We do not route your documents to third-party model providers without your instruction.

This Policy is governed primarily by the Brazilian General Data Protection Law (LGPD, Lei nº 13.709/2018). Because Parsift is offered globally, we also follow practices compatible with the EU General Data Protection Regulation (GDPR). Where you are located may grant you additional rights, which we honor to the extent applicable.

We collect the following categories of personal data:

• Account data: name, email address, and authentication identifiers, managed through our identity provider.
• Billing data: company details and information required to manage your subscription (payment card data is handled by our payment processor, not stored by us).
• Document content: the documents you upload for processing and the data extracted from them. These may contain personal data depending on what you submit.
• Usage and technical data: log data, IP address, device/browser information, and interactions with the service, used for security and to operate the platform.
• Communications: information you provide when you contact us (e.g., the contact form or support).

We process personal data for the following purposes, under the legal bases below (LGPD Art. 7 / GDPR Art. 6):

• To provide the service (process documents, manage your account): performance of a contract.
• To bill and manage subscriptions: performance of a contract and compliance with legal obligations.
• To secure the platform and prevent abuse: legitimate interest.
• To respond to your inquiries: legitimate interest or pre-contractual steps.
• To send essential service communications: performance of a contract.
• Optional analytics (only after your consent): consent.

We retain uploaded documents and extracted data only as long as needed to provide the service, and we minimize what we keep. Retention terms are defined per plan and, for Enterprise, in your agreement. Account and billing records are kept for as long as your account is active and for the period required by applicable law thereafter.

We do not sell your personal data. We rely on the following subprocessors to operate the service, under appropriate data processing terms:

• Microsoft Azure: Cloud infrastructure: compute, managed database, and identity and authentication. (processed in: United States).
• Cloudflare: Object storage for uploaded documents (encrypted at rest), plus DNS, CDN, TLS, and edge security for the public site. (processed in: Global edge).

We may also disclose data when required by law or to protect our rights, always limited to what is strictly necessary.

Our infrastructure runs on Microsoft Azure across multiple regions, currently located in the United States. Because Parsift is incorporated in Brazil and serves data subjects in Brazil and globally, processing your personal data necessarily involves an international transfer of data. Whenever personal data is transferred internationally, we rely on the legal mechanisms permitted by the LGPD and GDPR (such as adequacy decisions or standard contractual clauses) to ensure an adequate level of protection.

Subject to applicable law (LGPD Art. 18 and, where applicable, the GDPR), you have the right to:

• Confirm the existence of processing and access your data.
• Correct incomplete, inaccurate, or outdated data.
• Request anonymization, blocking, or deletion of unnecessary data.
• Request data portability.
• Know who we share your data with.
• Withdraw consent and object to processing where applicable.

To exercise these rights, contact our Data Protection Officer at [email protected]. A dedicated request channel is available on the site.

We apply technical and organizational measures to protect personal data, including encryption in transit (TLS) and at rest, access controls, and isolation of processing environments. No method of transmission or storage is 100% secure, but we work to protect your data using industry practices.

Our Data Protection Officer is Privacy Team. You can reach the DPO at [email protected] for any privacy-related question or to exercise your rights.

We may update this Policy from time to time. The effective date below reflects the latest revision. Material changes will be communicated through the service. Last updated: 2026-05-20.