Privacy Policy

Effective date: April 13, 2026 · Legibli v0.0.1

1. Who we are

Legibli is a service that converts PDF documents and images into structured, editable Markdown using AI vision models, and optionally exports the result to PDF or DOCX. This Privacy Policy explains what personal data we collect, why we collect it, and how we handle it.

2. Data we collect

2.1 Account information

When you register, we collect your email address, first name, last name, and a hashed password. We never store your password in plain text.

2.2 Uploaded files

To process a digitalization job, we temporarily store the PDF or image file you upload (PNG, JPEG, WebP, GIF, BMP, TIFF). Images are internally converted to PDF before processing. The processed output file is also stored so you can download it. Both the source and result files are associated with your account.

2.3 Usage and job metadata

We record metadata about each digitalization job: creation time, processing status, number of pages consumed, subscription tier at the time of queuing, and any errors. This data is used to track your monthly quota and billing.

2.4 Subscription and billing data

We integrate with RevenueCat to manage subscriptions (Free, Starter, Pro tiers) and page credits. RevenueCat sends us webhook events containing your in-app purchase details (product ID, entitlements, store, expiry). We store a snapshot of your subscriber state for quota enforcement. No payment card data ever reaches our servers.

2.5 Access logs

Our servers automatically log each HTTP request, including your IP address, request URL, HTTP method, response status, request duration, and User-Agent string. These logs are used for security monitoring, debugging, and abuse prevention.

2.6 Error and session data

The web front-end uses Sentry for error tracking. If an error occurs in your browser, Sentry may capture a session replay along with technical context (browser type, OS, page URL, stack trace). Sentry session replay is sampled and does not record keystrokes or passwords.

3. How we use your data

To create and authenticate your account (JWT tokens, email OTP verification).
To process your uploaded documents through our AI pipeline.
To enforce subscription quotas and page limits.
To send transactional emails (account activation, one-time codes). We do not send marketing emails without your explicit consent.
To detect and prevent abuse, fraud, and security incidents.
To debug application errors and improve the service.

4. AI processing and third-party models

The core of Legibli relies on large language model (LLM) vision APIs to analyze your document pages. Depending on configuration, your document content may be sent to one or more of the following providers:

OpenAI – Privacy Policy
Anthropic – Privacy Policy
Google Gemini – Privacy Policy
Mistral AI – Privacy Policy

We recommend avoiding uploading documents that contain sensitive personal data (health records, financial statements, government IDs, etc.) until you have reviewed the privacy policies of the active model provider.

5. Data retention

Uploaded files: retained while your account is active and for a reasonable period afterwards to allow you to re-download results. You may request deletion at any time.
Account data: retained until you delete your account.
Access logs: retained for up to 90 days for security purposes.
RevenueCat events: retained for billing audit purposes in accordance with applicable law.

6. Data sharing

We do not sell your personal data. We share data only with:

LLM providers – document page images for processing (see Section 4).
RevenueCat – subscription and purchase management.
Sentry – error and performance monitoring.
Email provider – transactional emails (activation, OTP).
Legal authorities – when required by applicable law or court order.

7. Security

Passwords are stored as cryptographic hashes. API access is protected by short-lived JWT tokens with refresh token rotation and blacklisting. File uploads are validated and restricted to supported formats. We apply server-side rate limiting and quota enforcement to prevent abuse.

8. Your rights

Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data, or to object to certain processing. To exercise any of these rights, please contact us at the address below.

9. Children

Legibli is not directed at children under 13 years of age. We do not knowingly collect personal data from children.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top. Continued use of the service after changes are posted constitutes your acceptance of the updated policy.

11. Contact

If you have questions or requests regarding your privacy, please contact us at:
privacy@legibli.com