Last updated: June 2026

Who we are

Geordi Scan processes legal document uploads to generate scenario diagrams and automated consistency notes. This policy describes how we handle personal data under the GDPR.

Data we collect

  • Account: email address and password (stored hashed).
  • Documents: uploaded PDF or text files you choose to analyze.
  • Analysis results: structured JSON derived from your documents.
  • Technical: session cookies required for authentication; cookieless page-view analytics (aggregated counts only, no cross-site tracking or personal profiles).

Why we process data

We process your data to provide the service you request (document analysis and saved projects), based on your account registration and consent at signup.

Analysis processing by plan

  • Credit packs — document text is sent to Microsoft Azure OpenAI (EU, Sweden Central) for analysis and Ask AI. This is our processor for inference on the hosted path.
  • Pro (BYOK) — you provide your own OpenAI API key. Document text is sent to your OpenAI account, not our Azure deployment. You are responsible for that provider's data residency, retention, and terms. We still store your documents and analysis results in EU infrastructure as below.

Processors

  • Vercel — application hosting (configure EU region).
  • Neon / PostgreSQL (EU) — account and project metadata.
  • Cloudflare R2 (EU jurisdiction) — document file storage.
  • Microsoft Azure OpenAI (EU) — document analysis on credit packs in production.
  • OpenAI — development environments only; also used when you choose Pro (BYOK) with your own API key.
  • Plausible Analytics — self-hosted in Falkenstein (EU); cookieless page-view statistics processed on our own infrastructure, not shared with advertising networks.

Retention

Data is kept until you delete your account or individual projects. Account deletion removes database records and stored files.

Your rights

You may export or delete your account from the Account page. You may also contact us to exercise access, rectification, restriction, or objection rights under GDPR.

Back to home