This Privacy Policy ("Policy") describes how Perspic AI Engineering Limited ("Perspic", "we", "us", "our") collects, uses, discloses, retains, and protects personal data when you interact with Perspic Audit AI (the "Service"), available at https://audit.perspic.net and https://perspic-audit.web.app.
This Policy applies to all users of the Service, whether you are accessing the Service as an individual, as a sole proprietor, or on behalf of a partnership, company, or other legal entity. It is incorporated by reference into our Terms of Service.
By using the Service, you confirm that you have read, understood, and agree to this Policy. If you do not agree, you must not use the Service.
Data Controller: Perspic AI Engineering Limited, a private company limited by shares incorporated under the laws of the Hong Kong Special Administrative Region.
Email: info@perspic.net (general), raynor.yip@perspic.net (legal / data protection matters)
Postal address: available on request to the email above.
For any privacy-related question, complaint, data access request, or correction request, contact us by email. We will respond within thirty (30) calendar days of receipt.
Perspic processes the following categories of personal data, broken down by where the data resides and what control we have over it.
The following categories of data never reach our servers in any persistent form. They are stored in your browser's local storage facilities (HTML5 Web Storage, IndexedDB) on your device, under your sole physical control:
We affirmatively confirm that we do not collect:
Perspic Audit AI is built on a privacy-by-architecture principle that we summarise as: "Your bank statements never leave your device." This is not marketing language — it is a verifiable technical reality.
When you upload a PDF to the Service:
The local-first design has trade-offs you should understand:
The exhaustive list of data items we hold server-side, with specific retention and purpose:
| Data item | Purpose | Storage | Retention |
|---|---|---|---|
| Email address | Identify your account; password reset; service announcements | Firebase Authentication (Google Cloud, US/multi-region) | Lifetime of account; deleted within 30 days of termination request |
| Password (salted hash only) | Authenticate you on sign-in | Firebase Authentication | Same as account; we never see plaintext |
| Display name (optional) | UI personalization | Firebase Authentication | Same as account |
| UID | Internal identifier | Firebase Authentication | Same as account |
| IP address (transiently) | Network routing; rate limiting; fraud detection | Firebase Hosting / Cloud Functions / Cloudflare logs | Maximum 30 days; aggregated thereafter |
| Error telemetry | Diagnose crashes and bugs | Firebase Crashlytics | 90 days; aggregated thereafter |
| AI request payload (transient) | Run AI extraction / chat | Cloud Functions memory (US-central1) | Held only during request lifetime; not persistently logged |
| AI request payload (forwarded to z.ai) | Run inference | z.ai inference servers | Per z.ai's policy; generally not retained after inference response |
| Payment record | Process subscription / one-time payments | Stripe (regulated payment processor) | 7 years (regulatory requirement) |
| Anonymous usage metrics | Product improvement | Firebase Analytics (aggregated) | Aggregated indefinitely; never personally identifying |
The Service uses third-party large language models to perform OCR-style extraction, categorization, and chat features. As of the effective date of this Policy, AI inference is provided by z.ai (Beijing Zhipu Huazhang Technology Co., Ltd. and its affiliates), the operator of the GLM family of models.
AI processing occurs only when you take a specific action that requires it, namely:
The minimum payload required for the inference task. We do not send: the raw PDF binary file (we extract the text layer client-side first); your email or account identifier (the request is associated with your account only at our proxy layer, not forwarded to z.ai); your custom rules or workspace metadata (unless directly relevant to the AI prompt).
We have entered into a service agreement with our AI provider that specifies their data handling. Per their policy as of the effective date: data sent for inference is processed in memory; not used to train future models without explicit opt-in; not retained after the inference response is returned, except as required for transient operational logging.
You may opt out of AI processing by simply not using AI features. The non-AI rule-based extraction and recon flows remain available.
The Service uses the following client-side storage technologies on your device:
We do not use third-party advertising cookies, retargeting pixels, or cross-site tracking beacons. You can clear all storage at any time via your browser's settings or via the Service's "Settings > DELETE all data" feature.
The following sub-processors receive limited categories of data to deliver specific functions of the Service. We have selected each based on its security posture, contractual data-protection commitments, and regulatory compliance record.
| Sub-processor | Function | Data shared | Location |
|---|---|---|---|
| Google Cloud Platform (Firebase Authentication, Hosting, Cloud Functions, Crashlytics, Firestore) | Identity, hosting, serverless compute, crash reporting | Email, password hash, UID, transient request data, anonymous telemetry | United States (multi-region for Auth); us-central1 for Cloud Functions |
| Cloudflare, Inc. | DNS resolution, CDN, DDoS protection (audit.perspic.net only; not proxied through CF as of this revision) | IP address (transiently for DNS); request metadata | Global anycast network |
| z.ai (Beijing Zhipu Huazhang Technology Co., Ltd.) | AI inference (GLM family of large language models) | System prompt + text payload at time of AI feature invocation; never bank statement binary, never user identifier | Mainland China / international as applicable |
| Stripe, Inc. | Payment processing | Email, card token (we do not see card number); transaction amount and metadata | United States; payments may be processed via Stripe's regional sub-entities |
| Squarespace, Inc. | Domain registration only (no DNS hosting since 2026-05-18 NS migration) | Domain registration metadata (registrant name, address, email) | United States |
| Google Workspace (Google LLC) | Corporate email infrastructure for our team | Email correspondence you initiate with us | United States / multi-region |
We may engage additional sub-processors or change existing ones from time to time. Material changes will be reflected in the next revision of this Policy.
As a Hong Kong SAR-based controller using globally-hosted sub-processors, your personal data may be transferred to, processed in, and stored in jurisdictions outside Hong Kong, including the United States, Mainland China, and the European Union (where Stripe maintains regional infrastructure).
By using the Service, you consent to such international transfer. We require each sub-processor to maintain data-protection standards commensurate with the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong, and where applicable the GDPR, UK GDPR, or other comparable law.
Where the Personal Data (Privacy) Ordinance, GDPR, or other applicable law requires us to specify a lawful basis for each processing activity, we rely on:
Under the Personal Data (Privacy) Ordinance of Hong Kong SAR, and (where applicable) the GDPR, UK GDPR, and other privacy laws, you have the following rights:
To exercise any right listed in Section 11, contact us at info@perspic.net with the subject line "Privacy Request — [your right]". Please include the email address associated with your account so we can verify your identity. We will respond within thirty (30) calendar days. There is no fee for reasonable requests; we may charge a reasonable fee or refuse manifestly unfounded or excessive requests (e.g., repeated requests for the same data).
We employ industry-standard security measures appropriate to the nature, sensitivity, and volume of personal data we process, including:
No system is perfectly secure. Despite our efforts, we cannot guarantee absolute security against all threats. Your own security hygiene (strong unique passwords, screen locking, anti-malware, OS updates) is equally important.
Retention periods for each data category are specified in Section 5. Summary:
When you request account deletion:
"Hard delete" means we will not maintain a backup copy of your account data after the deletion period, except as required to defend a legal claim or to satisfy a continuing legal obligation.
We collect aggregated, anonymized usage metrics to understand how the Service is used and to prioritize improvements. Examples: how many users logged in this week, how many uploads occurred today, average extraction time, error counts by category. We do not aggregate by individual user; metrics are aggregated at the population level.
If you wish to opt out of even anonymous metrics, contact us at info@perspic.net; we can adjust your account flags accordingly.
The Service is not directed to children under eighteen (18) years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, contact us at info@perspic.net immediately and we will delete the data promptly.
We may send transactional emails relating to your account (e.g., password reset, security alerts, billing receipts, material change notifications). You cannot opt out of strictly transactional emails while your account remains active.
We may, but as of this revision do not currently, send marketing or product-update emails. If we begin sending such emails, you will be able to unsubscribe from each, and we will obtain consent where required by applicable law (e.g., UK PECR, EU ePrivacy).
We do not make any decisions about you that produce legal or similarly significant effects based solely on automated processing. AI-generated extraction results, categorization suggestions, and chat responses are advisory; they do not by themselves produce binding consequences against you, and human review by you (or by your professional advisor) is always recommended.
We do not engage in profiling for the purpose of targeted advertising, credit scoring, or behavioural prediction.
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected individuals, we will: (a) notify the Privacy Commissioner for Personal Data, Hong Kong, where required; (b) notify affected users within seventy-two (72) hours of becoming aware of the breach, where feasible; and (c) describe the nature of the breach, the categories of data and approximate number of affected individuals, the likely consequences, and the measures taken or proposed to address the breach.
We may revise this Policy from time to time to reflect changes in law, our practices, or our sub-processors. The "Last Updated" date at the top indicates when this Policy was last revised. Material changes will be notified via in-Service notification, email to your registered address, or website posting. Continued use of the Service after the effective date of any modification constitutes your acceptance.
If you have a concern about our handling of your personal data, please first contact us at info@perspic.net. We aim to resolve all complaints internally within thirty (30) days.
If you are not satisfied with our response, you may lodge a complaint with:
© 2026 Perspic AI Engineering Limited. All rights reserved.
Perspic AI Engineering Limited · info@perspic.net · Hong Kong SAR
This Privacy Policy is incorporated by reference into our Terms of Service.
For questions, contact info@perspic.net.
Effective Date · 18 May 2026 · v2.0