logo

Privacy Policy

Last updated: 10th June 2025

1. Who We Are

JhumanJ SAS (“RayDocs”, “we”, “our” or “us”) operates the RayDocs intelligent document data-extraction platform (the “Service”). We are registered in France with headquarters at 25 Boulevard d’Inkermann, 92200 Neuilly-sur-Seine.

This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you interact with the Service, our website (raydocs.ai), or otherwise communicate with us.

2. Scope

This Policy applies to:

  • Customer representatives and authorised users who access the Service
  • Website visitors and prospective customers
  • Individuals whose personal data appears in documents uploaded by customers (“Document Subjects”)

It does not cover third-party services that are not under our control—even if accessed via our Service.

3. Personal Data We Collect

A. Data You Provide Directly

  • Account & Contact Data – name, business email, phone, company name, role, billing address.
  • Documents – any files (e.g., PDFs) uploaded to the Service. Documents may contain personal data belonging to Document Subjects.
  • Support & Communications – content of emails, chats, or other correspondence with us.

B. Data Collected Automatically

  • Usage Data – log files, IP address, browser type, operating system, date/time stamps, pages viewed, and clickstream data.
  • Device Identifiers – user agent strings, device IDs, and session tokens.
  • Cookies & Similar Tech – small text files stored on your device (see Section 12).

C. Data from Third Parties

  • We may receive analytics or enrichment data from providers such as Plausible Analytics or Clearbit (e.g., company size, industry).

4. How We Use Personal Data

  • Provide & Operate the Service – create accounts, process Documents, generate Output Data, and manage user authentication.
  • Customer Support – respond to inquiries, diagnose issues, and improve user experience.
  • Service Improvement & Research – aggregate, anonymise, and analyse usage patterns to enhance functionality and AI accuracy.
  • Security & Fraud Prevention – monitor, investigate, and prevent unauthorised access or malicious activity.
  • Marketing & Communication – send product updates, newsletters, and event invitations (you may opt out at any time).
  • Compliance & Legal – enforce our Terms, comply with legal obligations, and defend legal claims.

5. Legal Bases for Processing (EEA/UK)

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

  • Contract Performance – to deliver the Service to customers.
  • Legitimate Interests – to improve and secure the Service, market to existing customers, and prevent fraud.
  • Consent – for cookies, optional marketing emails, and any processing where we request and you provide explicit consent.
  • Legal Obligation – to comply with applicable laws and regulations.

6. Data Retention

  • Account & Billing Data – retained for the duration of the customer contract plus a maximum of six (6) years for accounting and audit purposes.
  • Documents & Output Data – retained for the period specified in the customer order form (default 90 days) unless deletion is requested sooner or a longer retention period is required by law.
  • Usage Logs – retained for up to twelve (12) months, unless needed for security investigations.

7. How We Share Personal Data

  • LLM Providers Chosen by Customer – We transmit Document content to the customer-selected large-language-model provider (e.g., OpenAI, Anthropic, Microsoft Azure) solely for the purpose of generating Output Data.
  • Service Providers – trusted sub-processors for hosting (e.g., AWS EU West (Paris)), storage, email delivery, analytics, and customer-support tools. All providers are bound by confidentiality and data-processing agreements.
  • Professional Advisors – lawyers, accountants, insurers, where necessary for business operations.
  • Business Transfers – in connection with a merger, acquisition, or sale of assets, subject to confidentiality protections.
  • Legal or Regulatory Authorities – when required to comply with a legal obligation or protect rights, property, or safety of RayDocs, our users, or others.

8. International Transfers

We primarily store data in the European Economic Area (EEA). Where personal data is transferred outside the EEA or UK (e.g., to a US-based LLM provider), we rely on an adequate decision or implement appropriate safeguards such as the EU Standard Contractual Clauses.

9. Security

RayDocs employs industry-standard administrative, technical, and organisational measures to protect personal data, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Role-based access control & SSO
  • Regular penetration testing and code reviews
  • Audit logging and continuous monitoring

No method of transmission over the Internet or method of electronic storage is 100% secure; therefore, we cannot guarantee absolute security.

10. Your Rights

If you are located in the EEA, UK, or other jurisdiction with similar laws, you may have the following rights (subject to certain limitations):

  • Right of access
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent (where processing is based on consent)

To exercise any of these rights, contact us at [email protected]. We may need to verify your identity before responding. If we process your personal data on behalf of a customer, please direct your request to the relevant customer.

You also have the right to lodge a complaint with your local supervisory authority; in France this is the CNIL (cnil.fr).

11. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal data from anyone under 16. If you believe that a child has provided personal data to us, please contact us and we will delete the data.

12. Cookies & Tracking Technologies

We use first-party cookies to maintain sessions and secure logins. We employ privacy-friendly analytics (Plausible) that does not place intrusive cookies or collect personally identifiable information.

You can control cookies through your browser settings. However, disabling cookies may affect the functionality of our Service.

13. Links to Other Sites

Our website may contain links to third-party sites. We have no control over and are not responsible for their content or privacy practices.

14. Changes to This Policy

We may update this Policy periodically. We will notify you of material changes via email or an in-Service notice at least thirty (30) days before the changes take effect. Your continued use of the Service after that period constitutes acceptance.

15. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact:

JhumanJ SAS – RayDocs
25 Boulevard d'Inkermann, 92200 Neuilly-sur-Seine, France
julien [@] nahum.net