ScribeArc is committed to full compliance with the General Data Protection Regulation (GDPR). We protect your data with enterprise-grade security and transparent practices.
Last updated: May 1, 2026 · Effective: May 1, 2026
Need a signed DPA for your compliance records? We offer a standard Data Processing Agreement incorporating the latest Standard Contractual Clauses (SCCs).
We only process the data necessary to provide our intelligent document processing services. We do not collect extraneous personal data or use financial documents for unrelated AI training.
Our platform provides built-in tools to help you fulfill data subject requests (DSRs) including the right to access, rectify, restrict processing, and the right to be forgotten.
GDPR mandates state-of-the-art security. We enforce TLS 1.3 in transit, AES-256 at rest, strict RBAC, and zero-trust principles across all infrastructure layers.
We stringently vet all sub-processors. All vendors must sign a Data Processing Agreement (DPA) and prove their GDPR compliance before touching any platform data.
You can request an export of all personal data we hold about you. Exports are generated in standard CSV/JSON formats within 30 days.
Also known as the 'right to be forgotten'. Deleting your account triggers a complete wipe of your data and documents after a 30-day grace period.
You have full control to update your personal details and billing information directly from your account dashboard.
Download your processed data and configurations at any time to transfer them to another controller.
To exercise your GDPR rights or ask questions about our privacy practices, contact our Data Protection Officer at support@scribearc.com