Privacy Policy

How we collect, use, and protect your information.

Effective date: March 3, 2026

1. Introduction

This Privacy Policy describes how Engular LLC (“we,” “us,” “our”), operating as PartParse, collects, uses, and protects your personal information when you use our Service at partparse.com.

We act as a data processor on your behalf with respect to the content of documents you submit. You are the data controller and are responsible for ensuring you have a lawful basis to submit any personal data contained in your documents. Our Data Processing Agreement (“DPA”) is incorporated into our Terms of Service and governs our processing of personal data from the EEA, UK, or Switzerland.

2. Information We Collect

Account Information

  • Name, email address, company name, and subdomain (provided during registration)
  • Hashed password (stored using bcrypt; we never store plaintext passwords)

Uploaded Documents

  • PDF files you upload or forward via email for RFQ parsing
  • Extracted data generated by AI processing of your documents (stored as structured JSON)

Usage and Analytics Data

  • Pages visited, features used, and interaction patterns (via Google Analytics)
  • RFQ submission counts and processing history

Server Logs

  • IP addresses, browser type, operating system, and request timestamps
  • These logs are retained for security and debugging purposes

Payment Information

  • Payment details are collected and processed directly by Stripe. We store your Stripe customer ID but never store credit card numbers or full payment details on our servers.

3. How We Use Your Information

We use your information to:

  • Provide and operate the Service, including AI-powered document parsing
  • Process payments and manage your subscription
  • Send transactional emails (account verification, password resets, parsed results)
  • Monitor usage against plan limits
  • Improve the Service and fix bugs
  • Comply with legal obligations

We do not use your information to:

  • Train AI models on your documents
  • Sell your personal information to third parties
  • Send unsolicited marketing emails (unless you opt in)

4. Third-Party Service Providers

We share data with the following providers as necessary to operate the Service:

Provider Purpose Privacy Policy
Anthropic AI document processing (Claude API) anthropic.com/privacy
Stripe Payment processing stripe.com/privacy
Google Analytics Website analytics policies.google.com/privacy
Postmark Transactional email delivery postmarkapp.com/privacy-policy
Hetzner Server hosting (Virginia, US) hetzner.com/legal/privacy-policy

We require all third-party providers to handle your data in accordance with applicable privacy laws.

Anthropic data use: Documents sent to Anthropic’s Claude API are processed according to Anthropic’s commercial API terms. Per Anthropic’s policy, data submitted through the API is not used to train their models.

Webhook data: If you configure webhooks, parsed data (which may include personal data extracted from your documents) is transmitted to endpoints you specify. We are not responsible for data once it leaves our systems via your configured integrations. See our Terms of Service Section 11 for details.

5. Data Retention

  • Account data: Retained for as long as your account is active. Deleted within 30 days of a deletion request.
  • Uploaded PDFs: Automatically purged within 24 hours of processing (for completed and failed submissions). Deleted within 30 days of account deletion for any remaining files.
  • Extracted data: Retained as long as your account is active. Deleted within 30 days of account deletion.
  • Server logs: Retained for up to 90 days.
  • Analytics data: Governed by Google Analytics’ retention policies.

6. Data Security

We implement the following security measures:

  • Encryption in transit: All data is transmitted over HTTPS/TLS.
  • Password hashing: Passwords are hashed using bcrypt with a secure salt.
  • Session management: Sessions expire after 12 hours of use or 30 minutes of inactivity. Session tokens are rotated on password change.
  • Access controls: Role-based access within accounts. All data queries are scoped to the authenticated user’s account.
  • Rate limiting: Login attempts, registrations, and API access are rate-limited to prevent abuse.

While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Update or correct inaccurate information via your account settings.
  • Deletion: Request deletion of your account and associated data by contacting us. Deletion is completed within 30 days of request.
  • Data portability: Export your extracted RFQ data in CSV format at any time through the Service.
  • Withdraw consent: Stop using the Service at any time by cancelling your subscription and requesting account deletion.

To exercise these rights, contact us at privacy@partparse.com.

8. Cookies and Local Storage

We use the following:

  • Session cookies: Required for authentication. These are essential and cannot be disabled.
  • Local storage (theme preference): Stores your light/dark mode preference. No personal data is involved.
  • Google Analytics cookies: Used for anonymous usage analytics. You can opt out using Google’s opt-out browser add-on.

We do not use advertising cookies or tracking pixels.

9. Children’s Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. International Data Transfers

Our servers are hosted by Hetzner in Virginia, United States. Document processing via the Anthropic API also occurs in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States.

For users in the EEA, UK, or Switzerland: international data transfers are governed by our Data Processing Agreement, which incorporates the European Commission’s Standard Contractual Clauses (2021/914). See the DPA for full details on transfer mechanisms and safeguards.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service at least thirty (30) days before the changes take effect. The “Effective date” at the top of this page indicates when the policy was last updated.

12. Contact

If you have questions or concerns about this Privacy Policy, contact us at privacy@partparse.com.