Privacy Policy
Last updated: 19 March 2026
1. Who we are
Sidrun Systems OĆ ("Sidrun", "we", "us") is a company registered in Estonia. We operate the website sidrun.ai and the Sidrun Extract and Sidrun Insight applications. You can reach us at contact@sidrun.ai.
2. What data we collect
Contact and demo requests
When you submit a demo request or contact us by email, we collect your email address and any information you include in the message. We use this solely to respond to your enquiry and follow up on the demo.
Account information
When you sign in via Google or email, we collect your email address and, where provided by Google, your name. We do not receive or store your Google password.
Uploaded documents
Documents you upload for extraction are processed entirely in memory on our backend. They are written to a temporary file solely for the duration of conversion, then deleted immediately once processing is complete. Document content is never persisted to a database or long-term storage. Extraction results and project data are stored only in your browser's local storage (IndexedDB) and are not transmitted to or held on our servers.
For activity logging purposes, we record a one-way hash of the file name, the file type, and the file size. The actual file name and content are never stored in our logs.
Usage analytics
We log usage events (such as login, document conversion, extraction runs, and errors) to understand how the product is used and to diagnose issues. Each log entry may include your user ID, IP address, browser user agent, session ID, event type, and metadata about the action performed (e.g. number of documents processed, model used, processing duration). Logs are automatically deleted after 360 days.
3. Legal basis for processing
We process your data under the following GDPR legal bases:
- Contract performance ā to provide the service you signed up for.
- Legitimate interests ā to improve the product, respond to enquiries, and maintain service security.
- Consent ā where we ask for it explicitly (e.g. marketing emails).
4. Sub-processors and third parties
We use the following sub-processors to operate the service:
| Provider | Purpose | Location |
|---|---|---|
| Google (OAuth) | Authentication | USA |
| Google (Gemini API) | AI-powered data extraction from documents | USA |
| Supabase | Database, authentication, and user management | EU |
When you use Sidrun Extract, document content converted to text is sent to the Google Gemini API for AI extraction. This content is subject to Google's data processing terms. We do not send raw uploaded files to Google ā only the converted text representation.
We do not sell your data to any third party.
5. Data retention
- Uploaded documents ā deleted immediately after processing. Never stored on our servers.
- Extraction results and projects ā stored only in your browser (IndexedDB). Deleted when you clear them in the application or clear your browser data.
- Activity logs ā automatically deleted after 360 days.
- Account data ā retained for the duration of your account and deleted within 30 days of account closure.
- Contact enquiries ā retained for up to 2 years for business correspondence purposes.
6. Your rights under GDPR
As an EU/EEA resident you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion ("right to be forgotten")
- Restrict or object to processing
- Receive your data in a portable format
- Withdraw consent at any time
To exercise any of these rights, email us at contact@sidrun.ai. We will respond within 30 days. You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (aki.ee).
7. Security
All data is encrypted in transit (TLS) and at rest. Access to production systems is restricted to authorised personnel only. Uploaded documents are never persisted beyond the duration of a single processing request. Authentication is handled via short-lived JWT tokens verified on every request.
8. Changes to this policy
We may update this policy as the product evolves. Material changes will be communicated by email or via a notice in the application. The "last updated" date at the top of this page reflects the most recent revision.
9. Contact
Sidrun Systems OĆ
Tallinn, Estonia
contact@sidrun.ai