TableForge

Data Processing Notice

Detailed Privacy Policy

1. Information We Collect

TableForge is designed with privacy in mind. We collect minimal information necessary to provide our service:

  • Documents: PDFs, Word docs, PowerPoint, images - encrypted with AES-256 and processed in secure sessions
  • Payment Information: Processed securely through Stripe (we don't store card details)
  • Account Information: Email address and encrypted password for registered users (optional)
  • Usage Analytics: Aggregated, anonymized usage statistics (only with consent)
  • Technical Data: IP address, browser type, and device information for security and optimization

2. How We Use Your Information

  • Process your documents and extract table data from any supported format
  • Provide customer support and respond to inquiries
  • Process payments and manage subscriptions
  • Improve our service through analytics (with consent)
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

3. Data Processing Location

Current Region: EU (West Europe)

Your data is processed in the European Union in compliance with GDPR regulations.

All data is currently processed in the United States:

  • US Region: All data is processed in the United States. AI processing via Google Cloud Vertex AI in Iowa (us-central1). Storage via Azure in East US 2.
  • EU Region (Coming Soon): EU data residency for AI processing is planned and will be available when our AI provider supports regional data residency guarantees for our current model.

4. Data Retention and Deletion

Zero Data Retention Policy*

๐Ÿ” Your documents and extracted data are designed for zero retention - they exist only during your browser session and are designed to be automatically removed with automated cleanup systems as backup safeguards.

  • Document Files: Encrypted with AES-256 and stored in temporary session only - designed to be automatically destroyed when browser session ends (maximum 24 hours)
  • Extracted Data: Encrypted and linked to browser session only - no server-side persistence beyond session duration
  • Session Data: Designed to be automatically purged when you close browser tab, navigate away, or within 24 hours maximum
  • Account Data: Optional - only if you choose to create an account, retained until deletion requested
  • Payment Data: Managed by Stripe according to their retention policies (we never see or store card details)
  • Analytics Data: Aggregated and anonymized, retained for up to 2 years (no personal or document data)

5. Your Rights Under GDPR

We respect the privacy rights of all users, including those protected under GDPR. Regardless of where your data is processed, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing of your data
  • Right to Restriction: Request limitation of processing
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at privacy@tableforge.ai

6. Zero Data Retention Architecture

๐Ÿ›ก๏ธ Enterprise-Grade Security Architecture

Our zero-retention architecture is designed for sensitive data processing with automated cleanup systems. Google Cloud does not use your data to train AI models.

  • AES-256 Encryption: All documents encrypted immediately upon upload with industry-standard encryption
  • Session-Based Storage: Encrypted temporary files stored only in secure session containers
  • Automated Cleanup: Session data designed to be securely wiped when browser session ends with backup TTL policies
  • Memory-Only Processing: Document processing happens in encrypted memory, designed to not be permanently stored
  • Secure Key Management: Encryption keys exist only for session duration, designed to be automatically destroyed
  • Minimal Disk Persistence: Document and extracted data designed to not persist on our servers beyond session with automated cleanup systems
  • Hourly Secure Erasures: Backend systems run automated secure deletion jobs hourly to purge any orphaned session data
  • Best-Effort Guarantee: We make our best efforts to purge all user data immediately on session end, with multiple redundant cleanup mechanisms as safeguards

โš ๏ธ Important Disclaimer

While we make commercially reasonable efforts to implement zero data retention and the security measures described above, we cannot guarantee:

  • Immediate or complete data deletion in all circumstances
  • Perfect security or prevention of all unauthorized access
  • Zero vulnerabilities or complete protection from all threats

Technical issues, system backups, caching, or unforeseen circumstances may result in data persisting longer than intended. You acknowledge that you use our service at your own risk. Do not upload documents containing highly sensitive information unless you accept the inherent risks of cloud-based processing. See ourTerms of Service for complete disclaimers and limitations of liability.

7. Additional Security Measures

  • End-to-end encryption for data in transit (TLS 1.3)
  • Secure file deletion with cryptographic wiping
  • Periodic security reviews and vulnerability assessments
  • Access controls and authentication for all systems
  • Application performance monitoring and error tracking
  • Built on SOC 2 Type II certified cloud infrastructure (Google Cloud, Microsoft Azure)

8. Third-Party Services and Data Processors

To provide our service, we share certain data with trusted third-party service providers who act as data processors on our behalf. These providers are contractually obligated to process data only as instructed and to maintain appropriate security measures.

Microsoft Azure (Cloud Infrastructure)

  • Services Used: Cloud storage, compute services, and application hosting
  • Data Shared: Your uploaded documents (encrypted), extracted data (encrypted), usage analytics, error logs
  • Purpose: Document processing and storage, application hosting, performance monitoring
  • Data Location: European Union (Azure EU regions)
  • Retention: Data designed to be automatically deleted when your session ends (typically within 1 hour), with backup automated cleanup systems
  • Privacy Policy: Microsoft Privacy Statement
  • Security: Microsoft Azure is SOC 2, ISO 27001, and GDPR compliant. Microsoft acts as a data processor under EU Standard Contractual Clauses.

Stripe (Payment Processing)

  • Services Used: Payment processing, subscription management, invoicing
  • Data Shared: Payment information (credit card details, billing address), email address, transaction amounts
  • Purpose: Secure payment processing and subscription billing
  • Data Location: Stripe processes data globally with data centers in multiple regions
  • Important: We do NOT store your full credit card details - Stripe handles all payment data directly
  • Privacy Policy: Stripe Privacy Policy
  • Security: Stripe is PCI-DSS Level 1 certified (highest security standard for payment processors)

Google Cloud Vertex AI (AI Document Processing)

  • Services Used: Gemini AI models via Vertex AI for table detection and data extraction
  • Data Shared: Your uploaded documents are sent to Vertex AI for AI-powered analysis and extraction
  • Purpose: AI-powered table detection, OCR, and structured data extraction from documents
  • Data Location: European Union (europe-west4, Netherlands)
  • Data Retention: Documents uploaded to Vertex AI are automatically deleted within 48 hours. Google does not use your data to train AI models.
  • Privacy Policy: Google Cloud Privacy Notice
  • Security: Google Cloud is SOC 2 Type II, ISO 27001, and GDPR compliant. Data is encrypted in transit and at rest.

Azure Application Insights (Analytics & Monitoring)

  • Services Used: Performance monitoring, error tracking, usage analytics
  • Data Shared: Anonymized usage patterns, error logs, performance metrics, browser type, approximate location (country level)
  • Purpose: Monitor application performance, detect errors, improve user experience
  • Data Location: European Union
  • PII Protection: We configure Application Insights to exclude personally identifiable information from logs
  • Privacy Policy: Microsoft Privacy Statement

โš ๏ธ Third-Party Liability Disclaimer

While we carefully select trusted third-party providers with strong security and privacy practices, we are not responsible for their privacy practices or security incidents. Each third-party service has its own privacy policy and terms of service. By using our service, you acknowledge that your data may be processed by these third parties as described above. We encourage you to review their privacy policies through the links provided.

๐Ÿ‡ช๐Ÿ‡บ GDPR Compliance for EU Users

For users in the European Union, all third-party data processors listed above either:

  • Process data within the EU (Azure EU regions), or
  • Are covered by EU-US Data Privacy Framework or Standard Contractual Clauses (Microsoft, Stripe), or
  • Have been deemed adequate by the European Commission for data protection

We have Data Processing Agreements (DPAs) in place with all data processors to ensure GDPR compliance.

9. Compliance Certifications

GDPR CompliantSOC 2 AlignedAES-256 Encryption

Our service is built on cloud infrastructure certified to meet industry-leading security and privacy standards, including Google Cloud and Microsoft Azure.

10. Contact Information

For any privacy-related questions or requests:

Email: privacy@tableforge.ai
Response Time: Within 48 hours
Data Protection Officer: Available upon request

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by:

  • Posting the new policy on this page
  • Sending an email notification for significant changes
  • Displaying a prominent notice on our website

Last updated: April 21, 2026