Skip to main content

Privacy Policy

Last updated: March 6, 2026

1. Introduction

Purgit, Inc. ("Purgit," "we," "us," or "our") operates the document metadata scanning and sanitization service available at purgit.io. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services. By accessing or using Purgit, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our services.

2. Information We Collect

We collect information in the following categories:

  • Account information: When you create an account, we collect your email address and name through our authentication provider, Clerk. This information is used to manage your account, communicate with you, and provide customer support.
  • Usage data: We use Plausible Analytics, a privacy-focused, cookieless analytics service, to collect aggregated data about pages visited, features used, and scan counts. Plausible does not collect any personal data or use cookies. No individual user can be identified from this data.
  • Payment information: Billing details are handled directly by Stripe, our payment processor. Purgit never sees, receives, or stores your credit card numbers, bank account details, or other payment credentials. We receive only a confirmation of payment status and subscription tier from Stripe.
  • Uploaded file content: How we handle your files depends on your subscription tier. See "How We Process Your Files" below for critical details about our data handling practices.

3. How We Process Your Files

Purgit's core architecture is designed around the principle that your file content should remain under your control. How files are processed depends on your subscription tier:

  • Free tier: ALL file processing happens entirely in your browser using WebAssembly technology. Your file is never transmitted to our servers. Zero file data ever leaves your device. We have no ability to access, read, or store files processed on the free tier.
  • Pro and Team tiers: Files are transmitted to our processing servers over TLS 1.3 encryption. Files are processed in RAM only and are never written to disk or any form of persistent storage. Processing results (the scan report) are stored for your reference. The original uploaded file and any sanitized output are deleted from server memory within 60 seconds of request completion.

We do not:

  • Read, inspect, or analyze file content for any purpose other than metadata detection and sanitization as requested by you;
  • Train AI models or machine learning systems on your files;
  • Share, sell, or provide your files to any third party for any reason;
  • Log, record, or retain the content of your files beyond the processing window described above.

4. Data Retention

  • File content: 0 days. File content is never persistently stored. Free-tier files never leave your browser. Pro/Team files are deleted from server memory within 60 seconds of processing.
  • Scan reports: Stored for 90 days for Pro and Team subscribers. Reports are permanently deleted when your account is deleted.
  • Account data: Your email address and subscription status are retained while your account is active. Upon receiving a deletion request, all account data is removed within 30 days.
  • Billing records: Transaction records are retained for 7 years as required by applicable tax and financial reporting laws.
  • Analytics data: Aggregated, non-identifiable usage data collected by Plausible is retained indefinitely. This data cannot be linked to any individual user.

5. Third-Party Services

We use the following third-party services to operate Purgit. Each service has its own privacy practices:

  • Clerk (clerk.com): Authentication and user management. Clerk processes your email address and login credentials. Subject to Clerk's Privacy Policy.
  • Stripe (stripe.com): Payment processing. We share only the information necessary for billing (email, subscription tier). Subject to Stripe's Privacy Policy.
  • Plausible Analytics (plausible.io): Website analytics. Plausible is cookieless, fully GDPR-compliant, and collects no personal data. There is no cross-site or cross-device tracking.
  • Vercel: Hosting infrastructure for our web application. Subject to Vercel's data processing agreement.
  • Sentry: Error tracking and performance monitoring. Error reports may include non-personally-identifiable technical data such as stack traces and request metadata. Sentry does not receive your file content.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right to access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your personal data (GDPR Article 17). We will delete your account and all associated data within 30 days.
  • Right to data portability: Receive your personal data in a structured, commonly used, machine-readable format.
  • Right to object: Object to certain types of processing of your personal data.
  • CCPA rights (California residents): You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell your personal information.

To exercise any of these rights, email privacy@purgit.io with "Privacy Request" in the subject line. We will respond to verified requests within 30 days.

7. Cookies and Tracking

  • Session cookies: Clerk sets session cookies strictly for authentication purposes. These cookies are necessary for you to remain signed in and are cleared when you sign out.
  • Analytics: Plausible Analytics uses no cookies and collects no personal data. Page views are counted without identifying individual visitors.

We do NOT use:

  • Google Analytics or any Google tracking services;
  • Facebook Pixel or any social media tracking pixels;
  • Advertising cookies or retargeting cookies;
  • Cross-site tracking cookies of any kind;
  • Browser fingerprinting techniques.

8. Children's Privacy

Purgit is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal information, please contact us at privacy@purgit.io.

9. Data Security

We implement industry-standard security measures to protect your personal data, including:

  • TLS 1.3 encryption for all data in transit;
  • AES-256 encryption for stored data at rest;
  • Role-based access controls limiting employee access to personal data;
  • Regular security audits and vulnerability assessments;
  • In-memory-only file processing with automatic deletion within 60 seconds.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

10. International Data Transfers

Our servers are located in the United States. If you access Purgit from outside the United States, your information may be transferred to, stored, and processed in the United States. For users in the European Union and European Economic Area, such transfers are covered by Standard Contractual Clauses (SCCs) as approved by the European Commission, ensuring an adequate level of data protection.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. For material changes, we will notify you via email and through an in-app notice at least 30 days before the changes take effect. Your continued use of Purgit after the effective date of a revised policy constitutes acceptance of the updated terms.

12. Contact

If you have questions about this Privacy Policy or our data practices, please contact us: