Comprendo document analysisComprendo
Back

Privacy Notice

Last updated: June 28, 2026

This Privacy Notice explains how Shepherd Digital Co. LLC ("we", "us", "our"), operator of Comprendo (the "Service"), collects, uses, and protects your personal data. Shepherd Digital Co. LLC is the data controller responsible for your personal data when you use the Service.

1. Personal Data We Collect

  • Account data: name, email address, and login credentials managed by our authentication provider.
  • Billing data: a record of credits purchased and redeemed (amount, currency, transaction ID). Card details are handled by Paddle, not by us.
  • Document content (transient only): the text or image you submit is sent to our AI provider to generate your analysis and is then immediately discarded. We do not store the document or the analysis on our servers.
  • Support communications: messages you send us for help.
  • Usage and technical data: pages visited, features used, error logs, IP address, browser type. Used to operate and secure the Service.

2. Documents Are Deleted Immediately

Comprendo is designed so that your documents are never retained:

  • Uploaded files, photos, and pasted text are sent over an encrypted connection to our AI provider for analysis.
  • As soon as the analysis returns, the document text and the analysis are discarded server-side. We do not write them to our database, log files, or backups.
  • The plain-English summary you see lives only in your browser. Closing or refreshing the page clears it.
  • We do not keep a history of documents you have analyzed.

3. We Never Share Documents With Third Parties

The contents of your documents are never sold, shared with advertisers, shared with data brokers, or used to train AI models. Document text is only transmitted to our AI provider for the seconds required to generate your analysis, and is then deleted.

4. How We Use Your Data

  • Provide the Service — create your account and run the one-time analysis of each document you submit (contract performance).
  • Customer support — respond to your inquiries (contract performance).
  • Security & fraud prevention — detect abuse and protect users (legitimate interests).
  • Service improvement — diagnose issues and improve features (legitimate interests).
  • Legal compliance — meet tax, accounting, and regulatory obligations (legal obligation).
  • Communications — send transactional and (with your consent) marketing emails (consent / legitimate interests).

5. Who We Share Data With

  • Service providers / subprocessors: hosting, database, AI inference, analytics, and email providers acting on our instructions. Document text is transmitted to our AI provider only for the duration of the analysis.
  • Paddle, our Merchant of Record, for sale of the product, payments, subscription management, tax compliance, invoicing, and refunds.
  • Professional advisers: legal, accounting, and tax advisers when needed.
  • Authorities, where required by law or to protect rights and safety.

6. International Transfers

Your personal data may be processed in countries outside your own. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions to protect your data.

7. Data Retention

  • Documents: not retained. Deleted immediately after analysis completes.
  • Account data (name, email, credit balance): retained for as long as your account is active, so we can provide the Service and honor purchased credits.
  • Billing records (purchases, redemptions): retained for up to 7 years where required by tax and accounting law.
  • Support messages and error logs: typically retained up to 12 months, then deleted or anonymized.
  • After you close your account, we delete or anonymize your personal data within 30 days, except for billing records we are required to keep for legal reasons.

8. Your Rights and How to Delete Your Data

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and personal data
  • Restrict or object to certain processing
  • Receive a portable copy of your data
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with your local data protection authority

To request deletion of your account and data, contact us through the support channel in your account with the email address registered to your account. We will verify your identity, delete your account, and permanently remove your personal data within 30 days, keeping only the billing records we are legally required to retain. We will respond to all rights requests within one month.

9. Security

We use encryption in transit (HTTPS/TLS), strict per-user database access rules, and secure infrastructure to protect your personal data. See our Security page for a plain-English overview.

10. Cookies

We use essential cookies needed to operate the Service (e.g., to keep you signed in). We may also use limited analytics cookies to understand how the Service is used. You can manage cookie preferences through your browser settings.

11. Changes to This Notice

We may update this Privacy Notice from time to time. Material changes will be communicated through the Service or via email.

12. Contact

For privacy questions or to exercise your rights, contact us through the support channel in your account.