Privacy Policy

How Redact-It-PRO handles personal information and customer documents.

Redact-It-PRO is a business-to-business clinical redaction workbench operated by JAKITO LLC. This policy explains what we collect, how we use it, when we share it, and how customers and users can exercise privacy choices.

Effective date: July 9, 2026 Last updated: July 9, 2026

We use account, project, document, and technical information to provide and secure the redaction service. We do not sell personal information, use customer documents for targeted advertising, or train our own models on customer documents without a written agreement.

1. Scope

This Privacy Policy applies to Redact-It-PRO websites, hosted applications, REST API services, desktop launchers, Acrobat plugin workflows, customer support, demos, and related business communications operated by JAKITO LLC.

Redact-It-PRO is intended for organizations and their authorized business users, not for personal household use. When a customer uploads documents or configures projects, that customer controls the document content and user permissions. We process that content to provide the service and to follow the customer's instructions.

Customer content stays customer content. Uploaded PDFs, annotations, findings, and redacted outputs are used to operate the workbench.
Production access is role based. Users, projects, and administrative functions are scoped through customer and project permissions.
Advertising is not part of the design. The production workbench is not designed around ad profiles, ad cookies, or sale of user data.
Retention is configurable. Source files, analysis artifacts, temporary files, and redacted files are governed by retention classes.

2. Information We Collect

The information we collect depends on how you use Redact-It-PRO and how your organization configures the service.

Category Examples Source
Account and identity information Name, business email, organization, role, account status, authentication records, password reset records, and session metadata. You, your organization, and authentication systems.
Customer and project information Customer, client, project, team assignment, ruleset, prompt, benchmark, and review workflow metadata. Customer administrators and authorized users.
Uploaded documents and generated artifacts Source PDFs, extracted text, page images or geometry, candidate findings, annotations, decisions, review feedback, redacted PDFs, and temporary processing files. Authorized users and service processing.
Desktop and plugin workflow information Desktop launch identifiers, plugin session status, document handoff status, annotation sync status, installer version, and diagnostic messages. The web app, desktop launcher, Acrobat plugin, and API.
Technical and security information IP address, user agent, request identifiers, API route, timestamps, error details, queue status, health status, and audit-relevant logs. Browsers, devices, servers, infrastructure providers, and monitoring tools.
Support and commercial information Messages, attachments, business contact details, support tickets, subscription or contract records, and implementation notes. You, your organization, and support or sales channels.
Optional integration information Issue tracker metadata, model provider settings, integration job status, and records needed to synchronize with customer-approved services. Customer configuration, integrated services, and service processing.

3. How We Use Information

We use personal information and customer content to:

  • Provide, operate, maintain, and improve the Redact-It-PRO service.
  • Authenticate users, maintain sessions, manage roles, and enforce project access controls.
  • Upload, analyze, review, annotate, export, and finalize redacted documents.
  • Run queue-based analysis jobs and provide long-lived status updates for asynchronous work.
  • Support desktop launch, Acrobat plugin, annotation sync, and document handoff workflows.
  • Configure customer rulesets, prompt defaults, benchmark runs, and review workflows.
  • Provide customer support, respond to requests, and troubleshoot issues.
  • Secure the service, prevent misuse, investigate incidents, and maintain logs.
  • Meet legal, contractual, tax, audit, and compliance obligations.

4. Customer Documents

Customer documents may contain protected personal data, confidential commercial information, health-related information, business confidential information, or other regulated data. Customers are responsible for determining whether they have the right to upload and process a document in Redact-It-PRO, and for obtaining any agreements required for their industry or jurisdiction.

The production design stores document artifacts in private object storage separated for production use, blocks public object access, uses encryption at rest, and applies least-privilege service access. Document records and workflow metadata are stored in a managed production database with backups and restore procedures.

The service creates derived artifacts such as extracted text, analysis results, annotation manifests, review decisions, and finalized redacted PDFs. These artifacts are used to show reviewers candidate redactions, support auditability of review decisions, and produce final outputs.

5. AI And Model Processing

Redact-It-PRO can support model-assisted analysis when enabled for a customer or environment. If model-assisted analysis is enabled, selected document text, ruleset instructions, prompts, and related metadata may be sent to the configured model provider to generate candidate findings or benchmark results.

We do not use customer documents to train our own models unless the customer agrees in writing. Third-party model provider processing depends on the provider, account type, region, and customer configuration. Customers that require strict data residency, vendor restrictions, or model opt-out controls should confirm those requirements in their contract or implementation plan before enabling model-assisted analysis.

6. How We Share Information

We may share information in these limited ways:

  • With your organization, including administrators and authorized project users.
  • With service providers that host, store, process, secure, email, monitor, or support the service.
  • With configured integrations, such as issue tracking or model providers, when enabled by a customer.
  • With professional advisers, auditors, insurers, and legal service providers.
  • When required to comply with law, enforce agreements, protect rights, or respond to legal process.
  • In connection with a merger, financing, acquisition, restructuring, or sale of assets, subject to appropriate confidentiality protections.
  • With consent or at the direction of the customer or user.

We do not sell personal information or share it for cross-context behavioral advertising. If that changes, we will update this policy and provide any required choices before the change applies.

7. Cookies And Local Storage

The web application may use cookies, browser storage, or similar technologies to keep users signed in, maintain application state, remember preferences, protect sessions, and troubleshoot service behavior. The production design does not rely on advertising cookies.

You can adjust browser settings to block or delete cookies, but parts of the workbench may not function correctly without authentication and session storage.

8. Retention And Deletion

We keep information for as long as needed to provide the service, meet contractual and legal obligations, resolve disputes, maintain security, and support backup and restore operations. Customer contracts, implementation plans, and retention settings may define more specific retention periods.

The hardened production design classifies document artifacts by retention class, such as source, analysis, redacted, and temporary files. Deletion workflows remove known storage paths and database records unless a retention obligation, legal hold, backup process, or customer instruction requires a different handling path.

9. Security

We use administrative, technical, and operational safeguards designed to protect customer information. These include private production storage, encryption in transit and at rest, role-based access controls, protected secrets, exact production CORS settings, monitored background queues, sanitized diagnostics, and backup and restore procedures.

No system can be guaranteed to be completely secure. If you believe you have found a security issue, please contact us at security@jakitollc.com. More detail is available on our Security Information page.

10. Privacy Rights

Depending on where you live and how your organization uses Redact-It-PRO, you may have rights to request access, correction, deletion, portability, restriction, objection, opt-out, or withdrawal of consent for certain personal information.

Because Redact-It-PRO is a business service, requests about customer-controlled documents or accounts may need to be handled by your organization. We may direct you to your organization's administrator or coordinate with the customer when we act as a service provider or processor.

To submit a privacy request, contact privacy@jakitollc.com. We may need to verify your identity and authority before completing a request. We will not discriminate against you for exercising privacy rights that apply to you.

11. California Notice At Collection

This section supplements the policy for California residents. We collect the categories described in the table below for the business and commercial purposes described in this policy.

CCPA Category Examples In Redact-It-PRO Disclosures
Identifiers Name, business email, user ID, customer ID, project ID, IP address, and device identifiers. Service providers, customer administrators, integrations when enabled, and legal or security recipients.
Commercial and account information Subscription, contract, support, customer, role, and usage records. Service providers, professional advisers, and customer-authorized recipients.
Internet or network activity Log data, API requests, authentication events, and diagnostic information. Infrastructure, logging, monitoring, security, and support providers.
Professional information Business contact details, organization, project roles, and support communications. Service providers and customer-authorized recipients.
Sensitive personal information Information that customers include in uploaded documents, which may include health-related or identifying data. Service providers and customer-authorized recipients as needed to provide the service.
Inferences Candidate findings or classifications generated from document analysis. Customer-authorized users, service providers, and configured model providers if enabled.

We do not sell personal information, share personal information for cross-context behavioral advertising, or use sensitive personal information to infer characteristics beyond the service purposes described in this policy.

12. International Users

Redact-It-PRO is operated from the United States. If you use the service from another country, your information may be processed in the United States or other locations where we, our customers, or our service providers operate.

Where required, customer agreements may include data processing terms or transfer mechanisms. Customers with data residency or transfer requirements should confirm those requirements before uploading regulated documents.

13. Children

Redact-It-PRO is not directed to children and is not intended for use by individuals under 16. If you believe a child has provided personal information directly to us, contact us so we can review and delete it as appropriate.

14. Changes To This Policy

We may update this Privacy Policy to reflect changes to the service, legal requirements, security practices, or business operations. The updated version will show the effective date. If a change materially affects how we process personal information, we will provide notice as required by law or contract.

15. Contact

JAKITO LLC operates Redact-It-PRO. For privacy requests or questions, contact privacy@jakitollc.com. For security reports, contact security@jakitollc.com.

This policy is a product and privacy summary for publication. Customers with regulated data, industry-specific requirements, or data processing terms should confirm those requirements in their contract before production use.