Privacy Policy
Effective date: March 26, 2026
TensorHub Solutions Inc. · Canada
1. Introduction
TensorHub Solutions Inc. (“we,” “us,” or “our”) operates PenParse, a web-based handwriting-to-text conversion service available at penparse.com. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our service.
We are committed to complying with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and endeavour to meet the standards of the EU General Data Protection Regulation (GDPR) for all users regardless of location.
2. Information We Collect
2.1 Account Information
When you create an account, we collect your email address and, if you use social login (Google OAuth or GitHub OAuth), basic profile information provided by the identity provider (name and email). We do not store your OAuth provider password.
2.2 Uploaded Images
To provide our handwriting transcription service, you upload images of handwritten documents. These images are temporarily stored in Cloudflare R2 for processing. For authenticated single-page uploads, images are retained until you delete them. For anonymous batch uploads, images are automatically deleted after 24 hours.
2.3 Transcription Results
For signed-in users, transcription results (text output and confidence scores) are stored on our servers so you can access your documents and restore past work from the My Documents tab. You can delete any document and its associated data at any time.
2.4 Usage Data
We collect first-party analytics data including pages visited, features used, transcription counts, and general interaction patterns. IP addresses are hashed before storage and cannot be reversed to identify you. We do not use Google Analytics or any third-party analytics service.
2.5 Payment Information
Payment processing is handled entirely by Stripe. We do not store your full credit card number, CVV, or other sensitive payment credentials on our servers. We retain a Stripe customer ID and subscription metadata to manage your billing.
3. How We Use Your Information
- Provide and operate the service: process your uploaded images through our AI transcription pipeline to return text results.
- Improve accuracy: analyse aggregate error patterns and confidence scores to improve our transcription pipeline. This does not involve using your images for AI model training.
- Billing and account management: process payments, manage subscriptions, and enforce usage quotas.
- Communicate with you: send transactional emails (password resets, billing receipts) via Resend.
- Security and abuse prevention: detect and prevent fraudulent or abusive use of the service.
4. AI Training Statement
Your uploaded images are never used to train AI or machine learning models — by us or by any third party.
Images are sent to third-party AI providers (see Section 5) solely for real-time transcription and verification. These providers process the images under their enterprise/API terms, which prohibit using API inputs for model training.
5. Third-Party Services and Data Sharing
We share data with the following third-party services only to the extent necessary to operate PenParse:
| Service | Purpose | Data Shared |
|---|---|---|
| Google Gemini | Primary VLM transcription | Uploaded images (transient) |
| OpenAI GPT-4o | Fallback VLM transcription | Uploaded images (transient) |
| Anthropic Claude | Transcription verification | Transcription text |
| Supabase | Database and authentication | Account data, transcription results |
| Cloudflare R2 | Image storage | Uploaded images |
| Stripe | Payment processing | Billing and payment information |
| Resend | Transactional email | Email address |
| Vercel | Hosting and edge functions | Request metadata |
We do not sell, rent, or trade your personal information to any third party for marketing purposes.
6. Image Handling and Retention
- Authenticated uploads: images are stored in Cloudflare R2 and retained until you delete them or delete your account.
- Anonymous batch uploads: images are automatically and permanently deleted after 24 hours.
- Images sent to AI providers for transcription are processed in real time and are not retained by those providers under their API terms.
7. Cookies and Local Storage
We use a minimal set of browser storage mechanisms:
- Supabase authentication cookies: HTTP-only, secure cookies that manage your login session. These are essential for the service to function and cannot be disabled.
- Local storage (autosave): we store in-progress editing state in your browser’s localStorage so your work is not lost if you close the tab. This data never leaves your device.
We do not use any third-party tracking cookies or advertising pixels.
8. Data Security
We implement appropriate technical and organisational measures to protect your information:
- All data in transit is encrypted via TLS/HTTPS.
- Database access is governed by Supabase Row Level Security (RLS) policies, ensuring users can only access their own data.
- IP addresses are cryptographically hashed before storage and cannot be reversed.
- Passwords are hashed using industry-standard algorithms managed by Supabase Auth.
- Payment credentials are handled exclusively by Stripe and never touch our servers.
While no system can guarantee absolute security, we take reasonable steps to protect your data from unauthorised access, alteration, or destruction.
9. Data Retention and Deletion
We retain your personal information only as long as necessary to provide the service and fulfil the purposes described in this policy. When you delete your account, we will delete your personal data, uploaded images, and transcription history within 30 days. Some anonymised, aggregate data may be retained for analytics purposes.
10. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Access: request a copy of the personal data we hold about you.
- Correction: request that we correct inaccurate or incomplete data.
- Deletion: request that we delete your personal data and account.
- Export: request a portable copy of your data in a machine-readable format.
- Withdraw consent: where processing is based on consent, withdraw that consent at any time.
- Complaint: lodge a complaint with the Office of the Privacy Commissioner of Canada or your local supervisory authority.
To exercise any of these rights, please contact us at privacy@penparse.com. We will respond within 30 days.
11. Children’s Privacy
PenParse is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will promptly delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on our website and updating the effective date. Your continued use of PenParse after changes are posted constitutes acceptance of the revised policy.
13. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
- Email: privacy@penparse.com
- Entity: TensorHub Solutions Inc.
- Jurisdiction: Canada