Privacy Policy - How we protect your data.

1. Introduction

TitleOCR (“we,” “us,” or “our”) is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy outlines how we collect, use, share, and protect information through our AI-powered OCR platform for title companies. By using our service, you agree to the terms described in this policy.

2. Information We Collect

2.1 Personal Information You Provide

• Registration: Name, email address, company name, job title, phone number
• Subscriptions: Billing and payment details (processed by third-party payment processors)
• Support correspondence: Contact information and messages when you reach out for help
• Profile completion: Professional and business details you choose to provide
• Surveys and promotions: Responses and feedback you voluntarily submit

2.2 Automatically Collected Information

• Usage patterns, documents processed, features used, and reports generated
• Device data: IP address, browser type, operating system
• Access logs: Times, pages visited, referring URLs, errors
• Location: General IP-derived location (not precise geolocation)
• Cookies: Session, preference, analytics, and marketing cookies (see our Cookie Policy)

2.3 Information from Third Parties

We may receive information from payment processors, authentication services, marketing partners, and public databases to verify your identity and improve our services.

2.4 Document Processing Data

When you upload title documents for OCR processing, we process the content to extract data as directed by you. This data is used solely to provide our service and is not sold to third parties.

3. How We Use Your Information

3.1 Service Provision

• Account creation and management
• Document processing and data extraction
• Customer support
• Feature delivery and platform access
• Data exports and API access

3.2 Service Improvement

• Usage analysis and feature development
• Performance monitoring and optimization
• Personalization of your experience

3.3 Communication

• Service announcements and updates
• Support responses
• Marketing communications (with your consent)
• Policy and terms notifications

3.4 Security & Compliance

• Fraud detection and prevention
• Terms of Service enforcement
• Legal compliance
• User and platform protection

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data on the following legal bases:

• Contract Performance: Processing necessary to fulfill our service agreement with you
• Legitimate Interests: Improving our services, preventing fraud, and ensuring security
• Consent: Marketing communications and non-essential cookies
• Legal Obligation: Compliance with applicable laws and regulations

You may withdraw your consent at any time by contacting us.

5. How We Share Your Information

We do not sell your personal information.

5.1 Service Providers

We share information with trusted third-party providers who help us operate our platform, including cloud infrastructure providers (AWS), analytics services (PostHog), and email delivery services. All providers are contractually bound to protect your data.

5.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change and ensure your data continues to be protected.

5.3 Legal Requirements

We may disclose information in response to valid legal processes, law enforcement requests, safety threats, or to protect our rights.

5.4 With Your Consent

We will only share your information for purposes not described here with your explicit permission.

6. Data Retention

We retain your data for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Upon account closure:

• Personal data is deleted or anonymized within 90 days
• Backup copies may be retained for up to 180 days total
• Aggregated, anonymized data may be retained indefinitely for analytics purposes

7. Your Privacy Rights

7.1 All Users

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data
• Data Portability: Request your data in a portable format
• Opt-out: Unsubscribe from marketing communications

7.2 GDPR Rights (EEA Users)

• Right to restriction of processing
• Right to object to processing
• Right to withdraw consent
• Right to file a complaint with a supervisory authority

7.3 CCPA Rights (California Residents)

• Right to Know what data we collect
• Right to Delete your data
• Right to Opt-Out of data sales (we do not sell data)
• Right to Non-Discrimination for exercising your rights

7.4 Exercising Your Rights

To exercise any of these rights, contact us at josh@pinnaclepeak.co. We will respond within 30 days. Identity verification may be required.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to operate our platform and improve your experience. For detailed information, please see our Cookie Policy.

Cookie Types

• Essential: Authentication and security
• Preference: Settings and saved configurations
• Analytics: Understanding platform usage
• Marketing: Advertising and campaign measurement

Managing Cookies

You can control cookies through your browser settings or through the cookie consent banner on our website. Disabling cookies may affect platform functionality.

9. Data Security

We implement industry-standard security measures to protect your information, including:

• TLS/SSL encryption for all data in transit
• AES-256 encryption for all data at rest
• Strict access controls and role-based permissions
• Regular security audits and penetration testing
• Secure cloud infrastructure on AWS
• Incident response procedures

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

10. International Data Transfers

If you are accessing our service from outside the United States, your data may be transferred to and processed in the United States. For EEA users, transfers are protected by Standard Contractual Clauses, adequacy decisions, or other lawful mechanisms.

11. Third-Party Links and Services

Our platform may contain links to third-party websites or services. We are not responsible for the content, privacy practices, or policies of these external sites. We encourage you to review the privacy policies of any third-party services you access.

12. Children's Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at josh@pinnaclepeak.co so we can promptly remove it.

13. Do Not Track Signals

Our platform does not currently respond to “Do Not Track” browser signals due to the lack of a uniform industry standard for recognizing and implementing these signals.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be communicated by:

• Updating the “Last Updated” date at the top of this page
• Email notification for material changes
• Prominent notice on our platform

15. Contact Us

If you have questions about this Privacy Policy or your personal data, please contact us:

• Email: josh@pinnaclepeak.co
• Website: titleocr.com
• Data Protection Inquiries: josh@pinnaclepeak.co