Legal

Privacy Policy

How we collect, process, and protect your data.

Last updated: January 5, 2026

Copilot Audit Privacy Policy

Last updated: January 5, 2026

At Next BP, we place great importance on protecting your privacy. This Privacy Policy explains how we collect, use and share information when you use our Excel add-in, Copilot Audit (the "Software").

1. Information We Collect

We may collect the following types of information:

  • Subscription Information
    When you subscribe to the Software, we collect your name, email address and certain information needed to process your payment, which is handled by our third‑party payment provider Stripe. We do not store your full credit card information; it is processed directly by Stripe in accordance with their own terms and privacy policy.

  • Referral Information
    If you arrive via a referral link, we collect referral identifiers (e.g., a Rewardful referral code) and related attribution data. We may store these identifiers in your browser (e.g., local storage) to attribute purchases and rewards.

  • Usage Data
    We collect information about how you use the Software (features used, frequency, session duration, technical settings, etc.) as well as processing metadata (for example: number of documents/pages processed, processing time) in order to:

    • ensure billing and track your subscription,
    • improve the Software and monitor its performance,
    • prevent abuse and ensure the security of our services.
      Where possible, this data is aggregated or anonymized.

  • Documents and Extracted Data
    To provide certain key features of the Software, particularly OCR (Optical Character Recognition) and certain automated analysis features:

    • you may need to select areas of documents locally on your computer ("snipping");
    • images or data extracted via snipping, or full documents that you submit for analysis, are securely transmitted to our servers to be processed;
    • our processing servers are hosted by Hetzner Online GmbH in Germany;
    • certain compute‑intensive operations (for example OCR) may be executed on GPU infrastructure provided by our sub‑processor Modal.com, acting on our behalf.

    Ephemeral Processing
    The content of your documents is processed on our servers only for as long as necessary to perform the requested task (OCR, matching, analysis, etc.). We do not permanently store the content of your documents after processing is completed. Data is received, processed and the result is returned to you. We do not keep a copy of the document content after the operation, except where temporarily required for technical reasons (caching, operational logging), which are handled securely and regularly purged.

  • Feedback
    If you choose to provide feedback, suggestions or problem reports, we collect the information you send to us (message content, email address, etc.).

2. How We Use Information

We use the information we collect for the following purposes:

  • to provide, maintain and improve the Software’s features, including processing of submitted documents;
  • to manage your account, process your subscription payments via Stripe, and track your subscription;
  • to attribute referrals and administer affiliate rewards;
  • to perform the requested processing of documents (OCR, matching, analysis) on our secure servers and, where applicable, via Modal.com’s compute infrastructure;
  • to provide technical support and respond to your requests;
  • to analyze usage data and processing metadata in order to improve performance, reliability and features of the Software;
  • to send you important information about the Software (updates, maintenance, changes);
  • to ensure the security of our services and detect and prevent fraud or abuse;
  • to comply with our legal and regulatory obligations.

3. Information Sharing

We do not sell your personal information. We may share certain information with third parties only in the following cases:

  • Service Providers
    We rely on third‑party companies to help us provide our services, in particular:

    • Payment Processing
      We use Stripe to securely process your subscription payments. When you make a payment, your information is transmitted directly to Stripe, and its use is governed by Stripe’s own Terms of Use and Privacy Policy. We encourage you to review them.

    • Referral/Affiliate Tracking
      We use Rewardful to track referrals and attribute purchases and rewards. Rewardful may receive referral identifiers and related purchase metadata necessary for attribution.

    • Infrastructure Hosting
      Our processing servers are hosted by Hetzner Online GmbH in Germany. Hetzner provides the physical and network infrastructure but does not access the content of the data we process, except in very limited circumstances defined in their contract and solely to ensure security/maintenance of the infrastructure.

    • OCR and GPU Compute
      Certain processing operations (notably OCR and other compute‑intensive tasks) may be executed using Modal.com, which provides GPU compute infrastructure. Modal.com acts as our sub‑processor and is contractually bound by security and confidentiality obligations.

    • Other providers may assist us with analysis of aggregated/anonymous usage data, support ticket management, transactional email sending, etc. We only grant them access to the information strictly necessary for their role and contractually require them to protect this information.

  • Legal Compliance and Security
    We may disclose information (including processing metadata or, in exceptional and legally required cases, temporarily held content) if we believe in good faith that such disclosure is necessary to:

    • comply with any law, regulation, legal process, or enforceable governmental request;
    • protect our rights, property or safety, or those of our users or the public;
    • detect, prevent and address fraud, security or technical issues.

4. Data Transfers and Location of Processing

When you use the Software for functions requiring server‑side processing (such as OCR or certain automated analysis features), you understand and agree that the relevant data (snipped images, submitted documents) will be transferred to and processed on our servers located in Germany, hosted by Hetzner Online GmbH, and, where applicable, on Modal.com’s compute infrastructure.

We take steps to ensure that such transfers and processing are secure and comply with applicable regulations (in particular the GDPR, given the hosting in Germany and any use of sub‑processors).

5. Data Security

We implement appropriate technical (e.g. TLS encryption for data transfers) and organizational measures to protect your information, whether in transit or on our servers. These measures are designed to protect against unauthorized access, disclosure, alteration or destruction.

We commit to processing the content of your documents only on an ephemeral basis for the task requested. However, no method of transmission or storage is completely secure. You are also responsible for the security of your own IT environment (workstation, network, passwords, etc.).

6. Your Rights

In accordance with applicable law (in particular the GDPR), you have certain rights regarding the personal information we hold about you (account, subscription and usage log data). These rights may include:

  • right of access;
  • right to rectification;
  • right to erasure;
  • right to restriction of processing;
  • right to object;
  • right to data portability.

With respect to the content of processed documents, since we do not store it after processing, these rights apply primarily to other categories of data (account, subscription, usage logs, etc.).

To exercise your rights, please contact us at the address given in Section 9.

7. Data Retention

We retain your personal information (account, subscription, usage logs) for as long as necessary to:

  • provide the Software;
  • fulfill our contractual and legal obligations (billing, accounting, etc.);
  • resolve disputes and enforce our policies.

As stated above, the content of documents submitted for OCR/analysis is not retained on our servers after the requested task has been completed. Operational logs containing metadata may be retained for a limited time for security and troubleshooting purposes.

8. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. In the event of any material change, we will inform you through the Software, by email, or by publishing the updated version on our website, indicating the new effective date.

Your continued use of the Software after the effective date of the updated Policy constitutes your acceptance of it.

9. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, or if you wish to exercise your rights, please contact us at: