Copilot Audit Privacy Policy

Last Updated: 04/22/2025

At NextBP, we place great importance on protecting your privacy. This Privacy Policy describes how we collect, use, and share information when you use our Excel add-in, Copilot Audit (the “Software”).

1. Information We Collect

We may collect the following types of information:

• Subscription Information: When you subscribe to the Software, we collect your name, email address, and information necessary for payment processing, which is managed by our third-party payment provider, Creem.io. We do not store your full credit card information.
• Usage Data: We collect information about how you use the Software (features used, frequency, etc.) as well as processing metadata (e.g., number of documents/pages processed) to manage usage quotas, ensure billing, improve the Software, and monitor its performance. This data is generally aggregated or anonymized.
• Documents and Extracted Data: To provide certain key features of the Software, including OCR (Optical Character Recognition) and data matching:
  • You may need to select areas of documents (“snipping”) locally on your computer.
  • Images or data extracted via snipping, or complete documents you submit for analysis, are securely transmitted to our servers for processing.
  • Our servers, where this processing (OCR, matching) takes place, are hosted by Hetzner Online GmbH in Germany.
  • Ephemeral Processing: The content of your documents is processed on our servers only for the time necessary to perform the requested task (OCR, matching). We do not permanently store the content of your documents on our servers after processing is complete. Data comes in, is processed, and the result is sent back to you. We do not retain a copy of the document content itself once the operation is finished, unless temporarily required for technical caching or operational logging purposes, which are managed securely and purged regularly.
• Feedback: If you choose to provide us with comments, suggestions, or report issues, we will collect the information you submit.

2. Use of Information

We use the collected information for the following purposes:

• Provide, maintain, and improve the features of the Software, including processing submitted documents.
• Manage your account, process your subscription transactions via Creem.io, and administer usage quotas.
• Perform requested processing on documents (OCR, matching) on our secure servers.
• Provide you with technical support and respond to your requests.
• Analyze usage data and processing metadata to improve the performance, reliability, and features of the Software.
• Communicate important information regarding the Software (updates, maintenance, changes).
• Ensure the security of our services, detect and prevent fraud or abuse.
• Comply with our legal and regulatory obligations.

3. Sharing of Information

We do not sell your personal information. We may share certain information with third parties only in the following cases:

• Service Providers: We use third-party companies to help us provide our services:
  • Payment Processing: We use the Creem.io platform to securely process your subscription payments. When you make a payment, your information is submitted directly to Creem and its use is governed by their Privacy Policy and Terms of Service. We encourage you to review them.
  • Infrastructure Hosting: Our processing servers are hosted by Hetzner Online GmbH in Germany. They provide the physical and network infrastructure but do not have access to the content of the data we process, except under very limited conditions defined in their contract and to ensure the security/maintenance of the infrastructure.
  • Other providers may assist us with usage data analysis (aggregated/anonymized), customer support management, etc. We only give them access to the strictly necessary information and contractually require them to protect this information.
• Legal Compliance and Security: We may disclose information (including potentially processing metadata or, in exceptional and legally required cases, temporarily held content) if we believe in good faith that it is necessary to comply with a law, regulation, legal process, or enforceable governmental request; to protect our rights, property, or safety, as well as those of our users or the public; or to detect and address fraud or security issues.

4. Data Transfer and Processing Location

By using the Software for functions requiring server processing (such as OCR or matching), you understand and agree that relevant data (snipped images, submitted documents) will be transferred to and processed on our servers located in Germany, hosted by Hetzner Online GmbH. We take measures to ensure these transfers and processing are secure and comply with applicable regulations (including GDPR, given the location in Germany).

5. Data Security

We implement appropriate technical (e.g., TLS encryption for data transfers) and organizational security measures to protect your information, whether in transit or on our servers in Germany. This includes protection against unauthorized access, disclosure, alteration, or destruction. We commit to processing the content of your documents only ephemerally for the required task. However, no transmission or storage method is infallible. You are also responsible for the security of your own IT environment.

6. Your Rights Regarding Your Personal Information

In accordance with applicable laws (including GDPR), you have rights over your personal information that we hold (account information, subscription, usage logs). These rights may include access, rectification, erasure, restriction of processing, objection, and portability. Regarding the content of processed documents, as we do not store it after processing, the rights of access, rectification, or erasure primarily apply to the other categories of data. To exercise your rights, contact us at the address below.

7. Data Retention

We retain your personal information (account, subscription, usage logs) for as long as necessary to provide the Software, fulfill our contractual and legal obligations, resolve disputes, and enforce our policies. As previously stated, the content of documents submitted for OCR/matching processing is not retained on our servers after the task is completed. Operational logs containing metadata may be kept for a limited period for security and troubleshooting purposes.

8. Changes to the Privacy Policy

We may update this Privacy Policy. In the event of a substantial change, we will notify you via the Software, by email, or by posting the updated version on our website, indicating the new effective date.

9. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

[email protected]