Privacy Policy

Effective Date: January 5, 2026

1. Introduction

This Privacy Policy explains how The Deep Lab, Inc. ("The Deep Lab", "we", "our", or "us") collects, uses, and discloses information about you when you use our Cuerate platform and other products and services (collectively, the "Services"). Cuerate is a product of The Deep Lab, Inc. By accessing or using any part of our Services, you acknowledge you have been informed of our practices with regard to your personal information and data.

Cuerate is a document-to-structured-data conversion platform that processes financial documents such as bank statements, credit card statements, invoices, and receipts, converting them to structured data formats (XLSX, CSV, QBO, OFX, QIF, JSON).

2. Our Privacy-First Commitment

"We delete your documents after 24 hours. Guaranteed."

  • Source PDFs: Deleted 24 hours after upload
  • OCR results: Deleted 7 days after job completion
  • Exports: Available for 30 days (you can delete immediately)
  • Audit logs: Retained per compliance requirements (encrypted)
  • No third-party data sharing (ever)
  • No AI training on customer data (opt-in only)

3. Information We Collect

3.1 Information You Provide to Us

We collect information that you directly provide to us when using the Services:

  • Account Information: Name, email address, and password when you create an account
  • Organization Details: Company name, organization details (for business accounts)
  • Payment Information: Billing details (processed securely through Stripe, our payment processor)
  • User Inputs: Documents you upload for processing (PDFs, images), text inputs, prompts, and processing instructions
  • AI-Generated Content: Structured data, extracted transactions, and other outputs generated by the Service based on your inputs
  • User Feedback: Corrections, feedback on extracted data, feature requests, and bug reports
  • Communications: Messages you send to us (support requests, inquiries)

3.2 Information We Collect Automatically

When you use our Services, we automatically collect certain technical information:

  • Device Information: Device type, operating system, browser type and version
  • Log Data: IP address, access times, pages viewed, features used
  • Usage Statistics: Pages processed, API calls made, feature usage patterns
  • Performance Data: Error logs and performance metrics (with PII redacted)
  • Location Information: Approximate location based on IP address

3.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to provide and improve our Services:

  • Essential Cookies: Required for authentication, session management, and security
  • Analytics Cookies: Help us understand usage patterns and improve the Service (opt-out available)
  • No Advertising Cookies: We do not use cookies for third-party advertising or tracking

What We DON'T Collect:

  • Sensitive personal information (social security numbers, financial account credentials)
  • Information from individuals under 18 years of age
  • Data from sources other than you and your use of the Services

4. How We Use Your Information

  • Service Delivery: Process documents, provide exports, manage your account
  • Document Processing: Create embeddings and process your uploaded documents to enable OCR and data extraction
  • AI Response Generation: Generate structured data outputs using configured AI providers (OpenAI, Google Vertex AI, Azure Document Intelligence)
  • Improvement: Improve accuracy through adaptive learning (only with opt-in consent)
  • Support: Respond to inquiries, troubleshoot issues
  • Billing: Process payments, send invoices
  • Security: Detect fraud, prevent abuse, enforce Terms of Service
  • Communication: Send transactional emails (receipts, status updates)
  • Legal Compliance: Comply with applicable laws and regulations

🔒 Critical Commitment: AI Model Training

We will NOT use your document content, uploaded files, or extracted data to train AI models (ours or third-party), unless you explicitly opt-in.

Limited exceptions where we may review your data:

  • Security review: When our automated systems flag potential security issues or Terms violations
  • Explicit feedback: When you explicitly report an error or submit feedback about processing results
  • Opt-in training: If you explicitly consent to allow your data to be used for service improvement

The AI responses are generated by third-party AI models (OpenAI, Google Vertex AI, or Azure Document Intelligence). We configure these providers to not use your data for training their models. Please refer to Section 5 for how data is shared with these providers.

5. Data Sharing and Disclosure

5.1 With AI Providers

To provide AI-powered document processing for the Cuerate service, we send your uploaded documents, extracted text (via OCR), and processing context to our third-party AI service providers (currently OpenAI, Google Vertex AI, or Azure Document Intelligence, depending on your tier and configuration). These providers process this data to generate structured outputs. Their use of your data is governed by their respective privacy policies. We encourage you to review them:

5.2 With Service Providers

We work with third-party service providers to help us operate, provide, improve, and secure our Services. These include:

  • Cloud hosting: Google Cloud Platform (Cloud Run, Cloud SQL, Cloud Storage)
  • Authentication: Clerk (user authentication and session management)
  • Payment processing: Stripe (billing and subscription management)
  • Analytics: BigQuery (aggregated usage metrics, audit logs)

These providers have access to your information only to perform services on our behalf and are obligated not to disclose or use it for any other purpose.

5.3 For Legal Reasons

We may disclose your information if we believe disclosure is in accordance with, or required by, any applicable law, regulation, legal process, or governmental request.

5.4 To Protect Rights and Property

We may disclose your information if we believe it's necessary to protect the rights, property, or safety of The Deep Lab, Inc. (and its Cuerate Services), our users, or others.

5.5 Business Transfers

In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company, your information may be transferred.

5.6 We DO NOT Share With

  • Third-party advertisers
  • Data brokers
  • AI training partners (unless you explicitly opt-in)

6. Data Security

  • Encryption: TLS 1.3 in transit, AES-256 at rest
  • Sandboxed Processing: PDF processing in isolated containers (gVisor runtime)
  • Access Controls: Role-based access control (RBAC), least privilege principle
  • Monitoring: 24/7 security monitoring, intrusion detection
  • Compliance: SOC 2 Type II (in progress), GDPR, CCPA

7. Your Rights and Choices

You have the following rights regarding your personal data. Depending on your location, these rights are granted under laws such as GDPR (EU), CCPA (California), and other applicable privacy regulations:

7.1 Access and Portability

You can request a copy of your personal data in a structured, commonly used, and machine-readable format. We will provide your data within 30 days of your request.

7.2 Correction

You can update or correct inaccurate personal information through your account settings or by contacting us.

7.3 Deletion

You can request deletion of your personal data ("right to be forgotten"). Note that some data may be retained as required by law or for legitimate business purposes (e.g., billing records, audit logs).

7.4 Withdraw Consent

Where we rely on your consent to process your data, you can withdraw that consent at any time. This will not affect the lawfulness of processing before your withdrawal.

7.5 Object to Processing

You can object to processing of your data for direct marketing purposes or on grounds relating to your particular situation.

7.6 No Sale of Personal Data

We do not sell your personal data to third parties for advertising or marketing purposes.

7.7 Automated Decision-Making

We do not use your personal data for automated decision-making that produces legal or similarly significant effects.

To exercise these rights, contact us at:

Email: legal@thedeeplab.ai

We will respond to your request within 30 days. If we need additional time, we will notify you of the extension and the reason for it.

8. Data Retention

Data TypeRetention Period
Source PDFs24 hours
OCR Results7 days
Exports30 days
Account DataUntil account deletion
Audit Logs7 years (compliance)

9. International Data Transfers

Your data is stored in Google Cloud Platform data centers. You can choose your preferred region:

  • US: SOC 2, CCPA compliant
  • EU: GDPR compliant, data residency in EU
  • Asia: Regional compliance (GDPR, local laws)

10. Children's Privacy

Cuerate is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Email notification to your registered address
  • Prominent notice on our website
  • In-app notification

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

If you have any questions about this Privacy Policy, please contact us at legal@thedeeplab.ai

The Deep Lab, Inc.
San Francisco, CA, USA

Last updated: January 5, 2026