Privacy Policy

Your privacy is our priority. Learn how we protect your data while providing Vision AI-powered image extraction services.

Last updated: January 15, 2025

No Image Storage

Images processed and deleted within 5-30 seconds

TLS 1.3 Encryption

Military-grade encryption for all data transmission

Full Data Ownership

You retain complete ownership of all your data

GDPR & HIPAA Ready

Built for global compliance standards

How We Process Your Data

Vision AI Processing Pipeline

Your Image → Secure Upload → Vision AI Analysis → Structured Data → Immediate Deletion

Types of Data We Process

  • Image Data: Digital images you upload for data extraction (deleted within 5-30 seconds)
  • Extracted Data: Structured information extracted from your images (returned to you immediately)
  • Task Configurations: Custom schemas and extraction parameters you define
  • Usage Metadata: API call logs, processing timestamps, and performance metrics
  • Account Information: User profiles, authentication data, and billing information

Data Retention Policy

Images: 0 Storage

Images are processed in memory and immediately deleted. No permanent storage.

Usage Logs: 90 Days

API usage logs for billing and support purposes only.

Account Data: Active

Account information retained while your account is active.

Image2API Logo
Vision AI Model Processing

Important: No Training Data Usage

Your images are never used to train or improve AI models. Vision AI providers process your data solely to return the requested structured information and do not retain any data after processing.

Third-Party Data Processing

  • Vision AI Models: Process images to extract structured data (no retention, no training)
  • Cloud Infrastructure: Secure processing environments with SOC 2 compliance
  • Authentication Services: Secure API access and user authentication
  • Payment Processing: Stripe for billing (no image data shared)

Data Processing Agreements

All third-party processors are bound by strict data processing agreements that:

  • Prohibit use of customer data for their own purposes
  • Require immediate deletion after processing
  • Mandate SOC 2 Type II compliance
  • Include regular security audits and monitoring

Security & Compliance

Technical Safeguards

  • TLS 1.3 encryption for all data transmission
  • AES-256 encryption for data at rest
  • Multi-factor authentication for admin access
  • Regular security audits and penetration testing
  • Isolated processing environments
  • Real-time security monitoring

Compliance Standards

  • SOC 2 Type II certified
  • GDPR compliant data processing
  • CCPA privacy rights support
  • HIPAA ready with BAA available
  • ISO 27001 security standards
  • Regular compliance audits

Your Data Rights

Data Ownership

  • Complete ownership of uploaded images
  • Full ownership of extracted data
  • Right to request metadata deletion
  • Control over data sharing permissions

GDPR/CCPA Rights

  • Right to access your personal data
  • Right to rectify inaccurate data
  • Right to erasure (delete account)
  • Right to data portability

Contact & Legal

Data Protection Officer

Email: privacy@kastana.software
Response Time: Within 48 hours

For privacy inquiries, data requests, and compliance questions.

Legal & Compliance

Email: legal@kastana.software
Address: [Business Address]

For legal matters, compliance documentation, and BAAs.

Terms of ServiceContact UsAPI Documentation

This privacy policy is effective as of January 15, 2025 and incorporates our comprehensive data usage framework.