Privacy Policy

Last updated: 29 March 2026

1. Who We Are

Logismos (“we”, “us”, or “our”) is the data controller for personal data processed through this service. If you have any questions about this Privacy Policy or how we handle your data, please contact us at the address provided in Section 9.

2. What Data We Collect

We collect only the minimum personal data necessary to operate this service:

  • Authentication data — when you sign in with Google, we receive your Google account email address. We do not receive or store your Google password.
  • Invoice documents — PDF files you upload are transmitted to the Anthropic Claude API for data extraction and then stored on our server. These documents may contain personal or business information depending on their content.
  • Server logs — our web server automatically records standard technical information including IP addresses, browser type, pages accessed, and timestamps. These logs are used solely for security and operational monitoring.

3. How We Use Your Data

We use the data we collect for the following purposes:

  • To authenticate your identity and control access to the service.
  • To process invoice PDFs and extract key information using AI.
  • To look up domain registration information via the Cloudflare API where domains are referenced in invoices.
  • To maintain the security and integrity of the system.

4. Legal Basis for Processing

We process your personal data under the following legal bases (UK GDPR Article 6):

  • Legitimate interests (Article 6(1)(f)) — to operate a secure, internal business tool and protect the service from unauthorised access.
  • Contract performance (Article 6(1)(b)) — where data processing is necessary to provide the service you have requested.

5. Third-Party Processors

We share data with the following third-party processors solely to deliver the service:

  • Anthropic — invoice PDF content is sent to the Anthropic Claude API for automated data extraction. Anthropic processes this data under its own privacy policy and data processing terms.
  • Google — sign-in is handled via Google OAuth 2.0. Google processes authentication data under its own privacy policy.
  • Cloudflare — domain names identified in invoices are queried against the Cloudflare Registrar API to retrieve registration details.

6. Data Retention

We retain personal data only for as long as necessary:

  • Authentication data (email address) is held for the duration of your active session and is cleared on sign-out.
  • Uploaded invoices are stored in the /uploads directory until manually removed by an administrator.
  • Server logs are retained for up to 30 days and then automatically deleted.

7. Data Security

Access to this service is restricted to authorised users via Google OAuth authentication. All data in transit is protected by TLS encryption. Access to uploaded files requires an active authenticated session.

8. Your Rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights:

  • Right of access — to request a copy of the personal data we hold about you.
  • Right to rectification — to request correction of inaccurate data.
  • Right to erasure — to request deletion of your personal data where there is no legitimate reason to continue processing it.
  • Right to restriction — to request that we restrict processing of your data in certain circumstances.
  • Right to object — to object to processing based on legitimate interests.
  • Right to data portability — to receive your data in a structured, machine-readable format.

To exercise any of these rights, please contact us using the details in Section 9. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection.

9. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact the system administrator responsible for this installation.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The date at the top of this page will always reflect the most recent revision. Continued use of the service after any changes constitutes acceptance of the updated policy.