Trust Center
How We Handle Your Data
No marketing claims. No false certifications. Here's exactly what happens to your documents — and what you can control.
Step-by-step
Data Lifecycle
Step 1 / 4
⬆️
Upload
Document sent via HTTPS (TLS 1.3) to our backend
Step 2 / 4
⚙️
Process
Text extracted and sent to LLM API for analysis
Step 3 / 4
🔐
Store
Results stored in encrypted PostgreSQL database
Step 4 / 4
🗑️
Expire / Delete
Auto-purged per retention policy, or manual deletion
Cifratura end-to-end
Encryption Posture
TLS 1.3In TransitAll connections: frontend, backend, database, LLM API
AES-256At RestVia Railway managed PostgreSQL (inherited from provider)
FernetOAuth TokensSymmetric encryption for stored provider tokens
Evidence pack
Per il tuo team di vendor risk
Politica di retention
30 / 90 / 365 / illimitato. Configurabile per account; eliminazione manuale via /account.
Richiedi DPA →Lista sub-processor
Google (Gemini API), OpenAI (legacy), Railway (DB + hosting), Vercel (frontend), Stripe (billing).
Lista completa →Penetration test
Annuale via partner CREST. Report sintetico disponibile sotto NDA per piani Business+.
Accesso al report →Domande aperte sul trattamento dati?
Inviaci una mail a dpo@pak4l.ai o apri un ticket commerciale per un colloquio col DPO.