Last updated: June 2026
Who we are
Geordi Scan processes legal document uploads to generate scenario diagrams and automated consistency notes. This policy describes how we handle personal data under the GDPR.
Data we collect
- Account: email address and password (stored hashed).
- Documents: uploaded PDF or text files you choose to analyze.
- Analysis results: structured JSON derived from your documents.
- Technical: session cookies required for authentication; cookieless page-view analytics (aggregated counts only, no cross-site tracking or personal profiles).
Why we process data
We process your data to provide the service you request (document analysis and saved projects), based on your account registration and consent at signup.
Analysis processing by plan
- Credit packs — document text is sent to Microsoft Azure OpenAI (EU, Sweden Central) for analysis and Ask AI. This is our processor for inference on the hosted path.
- Pro (BYOK) — you provide your own OpenAI API key. Document text is sent to your OpenAI account, not our Azure deployment. You are responsible for that provider's data residency, retention, and terms. We still store your documents and analysis results in EU infrastructure as below.
Processors
- Vercel — application hosting (configure EU region).
- Neon / PostgreSQL (EU) — account and project metadata.
- Cloudflare R2 (EU jurisdiction) — document file storage.
- Microsoft Azure OpenAI (EU) — document analysis on credit packs in production.
- OpenAI — development environments only; also used when you choose Pro (BYOK) with your own API key.
- Plausible Analytics — self-hosted in Falkenstein (EU); cookieless page-view statistics processed on our own infrastructure, not shared with advertising networks.
Retention
Data is kept until you delete your account or individual projects. Account deletion removes database records and stored files.
Your rights
You may export or delete your account from the Account page. You may also contact us to exercise access, rectification, restriction, or objection rights under GDPR.