Upcero.← upcero.co

Privacy Policy

Effective date: 12 June 2026

1. The short version

We process the data needed to run Upcero, store it in the European Union, share it only with the short list of service providers below, never sell it, and never use your documents to train AI models.

2. Who is responsible

For your account data, Upcero is the data controller (contact: collabteam.media2025@gmail.com). For the content of the documents your business uploads, your business is the controller and Upcero acts as its processor on the instructions given through the Service.

3. What we process

  • Account data — email address, name if provided, role, workspace membership, language preference.
  • Documents and extracted data — the invoices, receipts, and delivery notes your business uploads, and the structured data extracted from them (suppliers, line items, prices, totals). Business documents may incidentally contain personal data.
  • Activity and audit data — actions taken in your workspace (for example, who approved a document), kept so your business has a reliable audit trail.
  • Technical data — IP address, browser information, and security logs used to keep the Service safe.

4. Why, and on what legal basis

  • Providing the Service — including sign-in codes by email and AI extraction — performance of a contract.
  • Securing the Service and keeping audit trails — legitimate interest.
  • We do not use your data for advertising and send no marketing without consent.

5. AI processing

Uploaded documents are processed by Google’s Gemini API to extract their content. They are sent for processing only; under the terms that apply to our use of this API, they are not used to train AI models.

6. Service providers (subprocessors)

  • Supabase — database, authentication, file storage — Frankfurt, Germany (EU)
  • Render — API hosting — Frankfurt, Germany (EU)
  • Vercel — web application hosting and delivery — global network
  • Google (Gemini API) — AI document extraction
  • Brevo — transactional email (sign-in codes) — EU

7. Where data lives

Your documents and database records are stored in the European Union (Frankfurt). Some providers (web delivery, AI processing) may process data outside the EU under appropriate safeguards such as the EU standard contractual clauses.

8. How long we keep data

For as long as your business’s account is active. If you close your account or ask us to, we delete your workspace data within 30 days; residual copies in encrypted backups expire on a rolling basis shortly after.

9. Your rights

You can ask for access, correction, deletion, portability, or restriction of your personal data, and object to processing based on legitimate interest, by writing to collabteam.media2025@gmail.com. You can also lodge a complaint with your data protection authority — in France, the CNIL.

10. Security

Data is encrypted in transit; files live in private storage accessible only through the application; workspaces are strictly separated; sign-in uses one-time codes instead of stored passwords; administrative actions are logged.

11. Cookies

The application uses only the local storage strictly necessary to keep you signed in and remember your preferences. The public website sets no analytics or advertising cookies.

12. Changes and contact

If this policy changes in a meaningful way, we will tell you in the application or by email. Questions: collabteam.media2025@gmail.com.