Privacy Policy

Last updated: 28 February 2026

Algoza Solutions OPC Private Limited ("we", "us", "our") operates the AlgoOCR web platform at algoocr.com, and the AlgoOCR web dashboard (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

1. Information We Collect

1.1 Information You Provide

  • Email address — provided when you create an account or request a password reset. Your email is used for account authentication, email verification, and service communications.
  • Full name (optional) — if you provide your name during registration, it is used to personalise your dashboard experience and service communications.
  • Password — when you register a full account. Passwords are stored using industry-standard one-way hashing and are never stored in plain text.
  • Phone number (optional) — if you provide your phone number during registration, it is stored for future service notifications and support contact.
  • Payment information — processed entirely by our payment partner Razorpay. We do not store your card number, UPI ID, or bank details on our servers. We retain only transaction references and billing metadata necessary for record-keeping and displaying your payment history.

1.2 Information Collected Automatically

  • Device identifier — when you use the free demo conversion on our website, we generate a random device identifier and store it in your browser's local storage. This identifier is combined with basic locale information (timezone and language) and then converted into a one-way hash (SHA-256). The resulting hash is used solely to enforce the demo page limit and prevent abuse. It does not identify you personally, is not derived from your browser or hardware characteristics, and is not linked to your account unless you later sign up.
  • IP address — collected during demo conversions. IP addresses are stored alongside conversion records for rate limiting and abuse prevention.
  • Usage metadata — number of pages converted, conversion timestamps, file formats selected, and subscription status. This data is used to enforce plan limits, display usage statistics in your dashboard, and improve the Service.
  • Client-side storage — your browser's local storage is used to keep your authentication session token, basic profile information (such as your name and email), and device identifier. This data stays on your device and is not transmitted to third parties.
  • Google Ads conversion tracking — we use a Google Ads tag on our website to measure advertising effectiveness and understand visitor traffic. This tag may use cookies and collect anonymised usage data such as pages visited, referral source, and conversion events. You can opt out by using the Google Analytics Opt-out Browser Add-on or by adjusting your Google Ads settings.

1.3 Information We Do NOT Collect

  • We do not read, store, or retain the content of your documents on our servers after processing. Document images are transmitted to Microsoft Azure Document Intelligence and Google services (Gemini and Cloud Vision) solely for the purpose of OCR and text structuring. These services process data transiently and do not retain your document content.
  • We do not use tracking cookies for advertising on the AlgoOCR website beyond the Google Ads conversion tag described above.
  • We do not sell, rent, or share your personal information with third parties for their marketing purposes.

2. How We Use Your Information

  • To create and manage your user account.
  • To verify your email address when you register.
  • To authenticate you when you log in to the web dashboard.
  • To enforce page-based usage limits for your plan tier (Starter, Standard, Professional, or Max).
  • To enforce demo conversion limits (1 page per user) using a device identifier and IP address.
  • To process subscription payments via Razorpay and manage billing cycles.
  • To send transactional emails via MSG91 (email verification, password reset, welcome, and subscription activation). These emails may include your name, plan details, and verification or reset links.
  • To communicate important service updates or security notices via email.
  • To respond to your support requests.
  • To improve the Service through aggregated, anonymised usage analytics.

3. Third-Party Service Providers

We share the minimum necessary data with the following categories of service providers to operate the Service:

Provider Purpose Data Shared
Razorpay Payment processing Payment details (handled directly by Razorpay; we receive only order/payment IDs)
MSG91 Transactional emails Email address, name, and email template variables (verification/reset links, plan details)
Microsoft Azure Document Intelligence Document text extraction (OCR) Document page images (processed transiently, not retained)
Google Gemini Document structure analysis and formatting Extracted text and document page images (processed transiently, not retained)
Google Cloud Vision Fallback document text extraction (OCR) Document page images (processed transiently, not retained)
Google Ads Conversion tracking Anonymised browsing data (pages visited, referral source)
Amazon Web Services (S3) File storage No personal data; only application binaries

4. Data Storage & Security

  • User account records (including email, name, hashed password, phone number, subscription details, and usage counts) are stored in a secured database hosted in India.
  • All data in transit is encrypted using TLS/HTTPS.
  • Passwords are hashed using bcrypt with a per-user salt. We never store plain-text passwords.
  • Authentication tokens (JWT) are used for session management and transmitted via HTTPS only.
  • Payment data is handled entirely by Razorpay, a PCI-DSS Level 1 certified payment processor.

5. Data Retention

  • User account records are retained for as long as your account is active. If your account is inactive (no logins and no active subscription) for 12 months, we may delete it after sending a notification email.
  • Demo conversion records (device identifier hash, page count, timestamps) are retained for up to 12 months for abuse prevention.
  • Payment records are retained as required by Indian tax and accounting regulations.
  • Converted documents are not retained on our servers. Uploaded files are processed in memory and the converted output is returned directly in the response. No document files are written to persistent server storage.
  • You may request deletion of your account and associated data by emailing info@algozasolutions.com.

6. Your Rights

Under applicable Indian law, including the Information Technology Act, 2000 (and its rules) and the Digital Personal Data Protection Act, 2023, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your personal data (subject to legal retention requirements and legitimate business purposes).
  • Withdraw consent for non-essential communications at any time.
  • Nominate another person to exercise your rights on your behalf, as provided under the DPDP Act, 2023.

To exercise these rights, contact us at info@algozasolutions.com. We will respond within 30 days.

7. Children's Privacy

AlgoOCR is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. If we make material changes, we will notify you via email or a prominent notice on the Service. Continued use of AlgoOCR after changes constitutes acceptance of the revised policy.

9. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Algoza Solutions OPC Private Limited
Email: info@algozasolutions.com
Website: algoocr.com