Data Protection
We appreciate your confidence and work hard to keep your information secure.
Security at Parsio
At Parsio, the security of your data is foundational to how we design, build, and operate our platform. We combine strong technical controls with disciplined operational practices to protect confidentiality, integrity, and availability.
AI and data use
We never train or enhance our AI or LLM models with your data, and we never sell it. Your data remains exclusively yours and is processed only to deliver the services you request.
Data storage and encryption
Data at rest is encrypted using AES-256 and stored in encrypted Amazon S3 buckets. Data in transit is protected end-to-end over HTTPS using modern TLS (TLS 1.2 or higher) and valid digital certificates. Passwords are stored using strong one-way hashing, and payment details never touch our servers—billing is handled by Stripe, a PCI-DSS compliant provider.
Cloud security
We operate on trusted cloud infrastructure from Google Cloud Platform and DigitalOcean, benefiting from their physical data center protections, network security, and compliance controls. We leverage provider capabilities such as VPC isolation, granular IAM, key management, and detailed access logging to minimize risk and enforce least-privilege access.
Availability and resilience
Parsio uses distributed cloud databases and horizontally scalable services to handle load and maintain uptime. We take frequent, automated backups and routinely verify restore procedures to reduce the risk of data loss. Our systems are monitored around the clock with alerting to ensure rapid response to anomalies.
Downtime and scheduled maintenance
We ship changes through CI/CD pipelines and rely on rolling and blue/green deployments to keep updates seamless. Our infrastructure scales dynamically without service shutdowns. When maintenance or incidents occur, we communicate openly via our Status page with real-time availability updates.
Monitoring and logging
We maintain comprehensive system and application logs to support security, reliability, and troubleshooting. Access and key actions are auditable, and customers can review processing activity within the product to understand what happened, when, and by whom.
Data ownership, retention, and deletion
You retain ownership of all emails, documents, and extracted data processed through Parsio. For our parsing services, you act as the Data Controller and Parsio acts as your Data Processor—we process your data strictly according to your instructions. You can delete documents, templates, or your account at any time. Retention policies are configurable to match your legal and business needs, with options typically ranging from 1 to 180 days for automated disposal.
Privacy and confidentiality
We never sell or rent customer data. Employee access is tightly restricted on a need-to-know basis and is governed by confidentiality obligations. Team members receive regular security and privacy training to maintain a strong security culture.
Compliance
Parsio aligns with GDPR requirements and offers Data Processing Agreements upon request. When international data transfers are necessary, we rely on appropriate safeguards such as Standard Contractual Clauses. Our cloud providers maintain widely recognized certifications (for example, ISO 27001 and SOC 2), which we build upon with our own controls.
Secure development and code management
Security is integrated into our software development lifecycle. Every feature, product update, and bug fix undergoes peer review before release. We perform regular code audits, maintain unit and integration test coverage, and use static analysis and dependency scanning to identify and remediate vulnerabilities early.
Incident response
We follow documented incident response and escalation procedures. Continuous monitoring helps us detect unusual activity quickly, and if a data breach were to occur, we would notify affected customers and—where required—regulators within 72 hours, in line with GDPR.
Trusted subprocessors
We work with a small number of trusted providers who meet our security and privacy standards and only access the minimum data necessary to provide their services: Amazon S3 (data storage), Crisp (customer support), DigitalOcean (cloud infrastructure), Google Cloud Platform (cloud services), Microsoft (cloud computing), Mistral (AI services), MongoDB Atlas (database infrastructure), OpenAI (AI services), and Stripe (payment processing). We keep this list up to date and communicate material changes.
Questions?
If you have questions about security at Parsio or need more details for your security review, contact us at [email protected].