InstaRedact LogoInstaRedact
Start Free Scan

Privacy Policy

How we collect, use, and protect your information.

InstaRedact — Privacy Policy

Effective Date: January 1, 2026 Last Updated: May 2, 2026

1. Introduction

Olmsted Tech LLC ("InstaRedact," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, store, and safeguard information about you when you access or use the InstaRedact platform, website, API, and related services (collectively, the "Service").

Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

This Privacy Policy is incorporated into and forms part of our Terms of Service.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you provide when you create an account, use the Service, or communicate with us, including:

  • Account Information: Name, email address, username, password (stored in hashed form), and organization name.
  • Billing Information: Payment card details, billing address, and transaction history. Payment card data is processed by our third-party payment processor and is not stored on our systems.
  • User Content: Images and files you upload to the Service for processing ("User Content"). See Section 4 for how we handle User Content specifically.
  • Communications: Messages, support requests, feedback, or other correspondence you send to us.

2.2 Information Collected Automatically

When you use the Service, we automatically collect certain technical information, including:

  • Log Data: IP address, browser type and version, operating system, referring URLs, pages visited, and timestamps of requests.
  • Usage Data: Feature usage patterns, API call volumes, processing job metadata (e.g., file size, processing duration), and error logs.
  • Device Information: Device type, device identifiers, and network information.
  • Cookies and Similar Technologies: See Section 7 for details.

2.3 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Authentication Providers: If you sign in using Google OAuth or another third-party authentication method, we receive profile information such as your name, email address, and profile picture from that provider, subject to your privacy settings with that provider.
  • Payment Processors: Transaction confirmation and billing status from our payment processor.

3. How We Use Your Information

We use the information we collect for the following purposes:

Purpose Legal Basis (GDPR)
Providing, operating, and maintaining the Service Performance of contract
Processing your images and returning redacted output Performance of contract
Creating and managing your account Performance of contract
Processing payments and preventing fraud Performance of contract / Legitimate interests
Sending transactional communications (receipts, alerts, security notices) Performance of contract
Responding to support requests and inquiries Legitimate interests
Improving and developing the Service Legitimate interests
Ensuring security, preventing abuse, and enforcing our Terms Legitimate interests
Complying with legal obligations Legal obligation
Sending marketing communications (with opt-out available) Consent / Legitimate interests
Analytics and service performance monitoring Legitimate interests

We do not sell your personal information to third parties for their independent marketing lists. Certain advertising and measurement activities may involve disclosures that qualify as “sale” or “sharing” under U.S. state privacy laws; see our Cookie Policy and §10.3 for California opt-out rights.

4. How We Handle User Content (Uploaded Images)

Given the nature of the Service, we treat User Content with particular care.

4.1 Processing

Images you upload are processed solely for the purpose of performing the requested redaction and returning output to you. We use automated systems to analyze and process your images. We do not use your User Content to train our machine learning models without your explicit opt-in consent.

4.2 Storage and Retention

  • Uploaded images and processed output files are stored temporarily on our infrastructure (hosted on Google Cloud Platform) for the minimum time necessary to complete processing and deliver results.
  • By default, original and processed images are deleted from our active servers after job completion, unless you have explicitly enabled longer-term storage as part of your account settings or plan.
  • You may request deletion of your User Content at any time via your account dashboard or by contacting us at legal@instaredact.com.

4.3 Biometric and Sensitive Data

To the extent that images you upload contain biometric data (e.g., facial geometry or other identifying characteristics) within the meaning of applicable laws such as the Illinois Biometric Information Privacy Act (BIPA) or similar statutes:

  • We process such data solely to perform the automated redaction you have requested.
  • We do not sell, lease, trade, or otherwise profit from biometric data.
  • We do not disclose biometric data to third parties except as required to provide the Service (e.g., our cloud infrastructure providers under appropriate data processing agreements) or as required by law.
  • We retain biometric data only as long as necessary to complete the requested processing, subject to the retention periods described in Section 4.2.

You are responsible for ensuring that you have obtained any legally required consent from individuals depicted in images you upload before submitting them for processing.

5. How We Share Your Information

We do not sell your personal information. We may share information in the following limited circumstances:

5.1 Service Providers and Infrastructure Partners

We engage trusted third-party service providers to support the operation of the Service. These providers are contractually obligated to use your data only as directed by us and in accordance with this Privacy Policy. Our key infrastructure partners include:

Provider Purpose Location
Supabase Database, authentication, and backend infrastructure United States / EU (depending on region)
Google Cloud Platform (GCP) Cloud hosting, image processing infrastructure, and storage United States (and GCP regions as configured)
Stripe Payment processing United States
Resend Transactional email delivery United States
PostHog Service analytics United States

We maintain Data Processing Agreements (DPAs) with applicable providers as required by law.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in good faith belief that such disclosure is necessary to:

  • Comply with a legal obligation, court order, or valid governmental request;
  • Protect and defend the rights or property of InstaRedact;
  • Prevent or investigate possible wrongdoing in connection with the Service;
  • Protect the personal safety of users of the Service or the public; or
  • Protect against legal liability.

5.3 Business Transfers

If InstaRedact is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will provide notice of any such change and any choices you may have regarding your information.

5.4 With Your Consent

We may share your information with third parties when you have given us your explicit consent to do so.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including:

  • Account data: Retained for the duration of your account and for a period of 3 years following account closure to comply with legal obligations, resolve disputes, and enforce our agreements.
  • Billing records: Retained for a minimum of 7 years as required by applicable tax and financial regulations.
  • Log and usage data: Retained for 90 days for security and operational purposes.

When data is no longer required, we will delete or anonymize it in a secure manner.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Service.

7.1 Types of Cookies We Use

Type Purpose
Strictly Necessary Required for the Service to function (authentication sessions, security tokens)
Performance / Analytics Help us understand how users interact with the Service
Functional Remember your preferences and settings
Marketing Used for advertising measurement and related communications; see our Cookie Policy for default-on / opt-out practices

7.2 Your Cookie Choices

You may control cookies through your browser settings. Disabling strictly necessary cookies may impair the functionality of the Service.

For U.S. visitors, analytics and advertising cookies and similar technologies managed through our Klaro banner are generally on by default; you may opt out or adjust categories via Cookie preferences in the Site footer or the banner. For EEA / UK / Switzerland and other regions where stricter rules apply, we rely on the same tool to record and apply the choices required by applicable law. Details are in our Cookie Policy.

8. Data Security

We implement industry-standard technical and organizational security measures designed to protect your information from unauthorized access, disclosure, alteration, or destruction, including:

  • Encryption of data in transit (TLS) and at rest;
  • Access controls and authentication requirements for personnel;
  • Supabase Row Level Security (RLS) to enforce data access boundaries at the database level;
  • Regular security reviews and vulnerability assessments;
  • Data processing agreements with all third-party service providers.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your information, and you use the Service at your own risk. In the event of a data breach that affects your rights and freedoms, we will notify you as required by applicable law.

9. International Data Transfers

InstaRedact is based in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

Where we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries not recognized as providing an adequate level of data protection, we rely on appropriate transfer mechanisms, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • Adequacy decisions where applicable; or
  • Other lawful transfer mechanisms as permitted under applicable law.

By using the Service, you acknowledge and consent to the transfer of your information as described in this section.

10. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

10.1 Rights Available to All Users

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal information.
  • Deletion: Request deletion of your personal information, subject to certain exceptions.
  • Objection: Object to certain processing activities.
  • Portability: Request that we provide your data in a portable, machine-readable format.
  • Withdraw Consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.

10.2 Additional Rights for EEA / UK Residents (GDPR / UK GDPR)

In addition to the rights above, you have the right to:

  • Lodge a complaint with your local data protection authority;
  • Restrict the processing of your data in certain circumstances;
  • Not be subject to solely automated decision-making that produces significant legal effects.

10.3 Additional Rights for California Residents (CCPA / CPRA)

California residents have the following additional rights:

  • Right to Know: The categories and specific pieces of personal information we have collected about you.
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale or Sharing: Depending on how we use advertising and measurement partners, certain activities may constitute “sharing” or “selling” personal information under the CPRA. You may opt out of those uses where applicable by using Cookie preferences in the Site footer (Klaro) and by contacting us at legal@instaredact.com. We describe cookies and default-on measurement in our Cookie Policy.
  • Right to Limit Use of Sensitive Personal Information: We process sensitive personal information only as necessary to provide the Service.
  • Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a verifiable consumer request, contact us at legal@instaredact.com.

10.4 Exercising Your Rights

To exercise any of the rights described above, please contact us at legal@instaredact.com. We will respond to verified requests within the timeframe required by applicable law (generally 30–45 days). We may need to verify your identity before processing your request.

11. Children's Privacy

The Service is not directed to individuals under the age of 18, and we do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal information from a child under 18, we will take prompt steps to delete such information. If you believe we have collected information from a child under 18, please contact us at legal@instaredact.com.

12. Third-Party Links and Services

The Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you use.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. For material changes, we will provide more prominent notice, such as by email or an in-app notification. Your continued use of the Service after any update constitutes your acceptance of the revised Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: legal@instaredact.com

For users in the EEA or UK, you may also contact our data protection representative at: 30 N Gould St Ste R, Sheridan, WY 82801

This Privacy Policy was last updated on April 29, 2026.