Security & Use Disclaimer

1. Security Overview
2. Data Security Disclaimers
3. Document Handling & Privacy
4. Third-Party Service Risks
5. User Security Responsibilities
6. Prohibited Content & Usage
7. Account Security Warnings
8. Network & Transmission Security
9. Compliance & Regulatory Disclaimers
10. Security Incident Response
11. Security Limitations
12. Recommended Security Practices
13. Security Contact Information

CRITICAL SECURITY NOTICE: InkDecoder is designed for defensive security and legitimate document processing purposes only. Any misuse for malicious activities is strictly prohibited and may result in immediate account termination and legal action.

1. Security Overview

This Security & Use Disclaimer outlines important security considerations, limitations, and user responsibilities when using InkDecoder's AI-powered document transcription service. Your security and privacy are important to us, but you must understand the inherent risks and limitations.

Defensive Security Focus:

InkDecoder is intended for legitimate document digitization and defensive security analysis
The service supports security professionals in analyzing documents for threats
We do not support or facilitate any malicious or offensive security activities
All usage must comply with applicable laws and ethical standards

1.1 Security Risk Classification

We classify security risks as follows:

High Risk Critical security vulnerabilities or data exposure risks
Medium Risk Moderate security concerns requiring user attention
Low Risk Minor security considerations with minimal impact

2. Data Security Disclaimers

2.1 Data Transmission Security Medium Risk

Data in Transit: While we use HTTPS/TLS encryption for data transmission, internet communications are inherently insecure. Sensitive or classified documents should not be transmitted over public networks without additional encryption.

Data transmission risks include:

Network interception by malicious actors
Man-in-the-middle attacks on compromised networks
DNS poisoning or routing attacks
Government surveillance or interception
ISP logging or monitoring activities

2.2 Data Storage Security Medium Risk

While we implement industry-standard security measures, we cannot guarantee absolute protection against:

Advanced persistent threats (APTs)
Zero-day vulnerabilities in our infrastructure
Insider threats or unauthorized access
Cloud provider security breaches
Physical security compromises
State-sponsored cyber attacks

2.3 Image Processing Security Low Risk

Temporary Processing: Uploaded images are processed in memory and immediately deleted after transcription. However, temporary data may briefly exist in system memory, logs, or cache.

3. Document Handling & Privacy

3.1 Sensitive Document Warnings High Risk

DO NOT UPLOAD:

Classified or government documents without proper authorization
Medical records containing protected health information (PHI)
Financial documents with account numbers or SSNs
Legal documents subject to attorney-client privilege
Corporate confidential or trade secret materials
Personal identification documents (passports, licenses)
Documents containing passwords or security credentials

3.2 Document Redaction Requirements

Before uploading documents, users must:

Redact or remove all sensitive personal information
Obtain proper authorization for processing confidential materials
Ensure compliance with data protection regulations (GDPR, HIPAA, etc.)
Verify they have the legal right to process the documents
Consider the potential impact of data exposure

3.3 Metadata and Hidden Information Medium Risk

Document images may contain hidden metadata including:

Camera EXIF data with location information
Device identifiers and timestamps
Software version information
Previous editing history or layers
Embedded text or annotations not visible in the image

4. Third-Party Service Risks

4.1 AI Processing Risks Medium Risk

OpenAI Integration: Document images are sent to OpenAI for processing. While OpenAI has security measures in place, this creates additional data exposure risks beyond our direct control.

Third-party AI processing risks include:

Data retention policies of AI providers
Model training on user-submitted content
Jurisdictional differences in data protection laws
Potential AI provider security breaches
Changes in third-party privacy policies
Government access to third-party data

4.2 Payment Security Low Risk

Payment processing through Stripe creates additional security considerations:

Financial data is handled by Stripe, not InkDecoder
Payment information may be subject to different jurisdiction laws
Transaction logs may be retained for financial compliance
Chargeback disputes may expose some account information

4.3 Infrastructure Dependencies

Our service relies on various third-party infrastructure providers, creating potential points of failure or security compromise in the supply chain.

5. User Security Responsibilities

5.1 Document Security Assessment

Users are solely responsible for:

Conducting security risk assessments before uploading documents
Determining the appropriate classification level of documents
Ensuring compliance with organizational security policies
Obtaining necessary approvals for document processing
Implementing additional security controls when required

5.2 Access Control High Risk

Account Security: Users must maintain strict access controls and immediately report any unauthorized access or suspicious activity.

User access control responsibilities:

Use strong, unique passwords for accounts
Enable two-factor authentication when available
Monitor account activity for unauthorized access
Log out from shared or public computers
Regularly review and audit account permissions
Report security incidents immediately

5.3 Network Security

Users should:

Use secure, trusted networks for sensitive document processing
Avoid public Wi-Fi for confidential document uploads
Consider using VPN services for additional protection
Ensure endpoint security on devices accessing the service
Keep browsers and security software updated

6. Prohibited Content & Usage

6.1 Strictly Prohibited Uses High Risk

FORBIDDEN ACTIVITIES:

Processing stolen, hacked, or illegally obtained documents
Attempting to exploit or reverse engineer our security measures
Using the service for offensive security or malicious purposes
Processing documents for identity theft or fraud
Uploading documents containing malware or malicious code
Circumventing usage limits or access controls
Sharing account credentials or unauthorized access

6.2 Regulated Content Restrictions

Users must not upload documents containing:

Export-controlled technical information (ITAR, EAR)
Classified government or military documents
Protected financial information (credit cards, bank accounts)
Copyrighted material without proper authorization
Personal data of minors without parental consent
Information subject to legal privilege or confidentiality

6.3 Defensive Security Applications

Acceptable defensive security uses include:

Digitizing security policies and procedures
Processing incident response documentation
Analyzing threat intelligence reports
Digitizing security audit findings
Processing security training materials
Converting security compliance documentation

7. Account Security Warnings

7.1 Authentication Security Medium Risk

Password Security: Weak passwords, password reuse, or compromised credentials can lead to unauthorized account access and potential data exposure.

Authentication security risks:

Brute force attacks on weak passwords
Credential stuffing from other breached services
Session hijacking on unsecured networks
Social engineering attacks targeting account recovery
Keylogger malware capturing credentials

7.2 Session Security

Users should be aware of session security risks:

Session tokens may be vulnerable to theft or replay attacks
Prolonged sessions increase exposure window
Shared computer usage may leave session data
Browser vulnerabilities may expose session information

7.3 Account Monitoring

Users should regularly monitor for:

Unusual login locations or times
Unexpected document processing activity
Changes to account settings or preferences
Suspicious email notifications
Unauthorized subscription changes

8. Network & Transmission Security

8.1 Network Vulnerabilities Medium Risk

Network-based security risks include:

Public Wi-Fi Risks: Unencrypted or compromised public networks
Man-in-the-Middle Attacks: Interception of data transmission
DNS Attacks: Redirection to malicious servers
BGP Hijacking: Route manipulation for traffic interception
SSL/TLS Vulnerabilities: Weak cipher suites or certificate issues

8.2 Corporate Network Considerations

Enterprise Users: Corporate firewall policies, proxy servers, and network monitoring may affect service functionality and data privacy.

Corporate network factors:

Deep packet inspection may expose document content
Corporate proxies may cache or log transmitted data
Network access controls may block service functionality
Compliance monitoring may flag document uploads
Shadow IT policies may prohibit cloud service usage

8.3 International Data Routing

Data may traverse multiple international jurisdictions during transmission, subject to various:

Government surveillance programs
Data localization requirements
Varying privacy protection standards
National security restrictions
Cross-border data transfer regulations

9. Compliance & Regulatory Disclaimers

9.1 Regulatory Compliance Responsibility High Risk

User Compliance: Users are solely responsible for ensuring their use of InkDecoder complies with all applicable laws, regulations, and industry standards in their jurisdiction.

Compliance considerations include:

GDPR: European data protection regulations
HIPAA: Healthcare information privacy (US)
SOX: Financial reporting requirements (US)
ITAR/EAR: Export control regulations (US)
PCI DSS: Payment card data security standards
ISO 27001: Information security management standards
Industry-specific regulations: Banking, healthcare, government, etc.

9.2 Audit and Compliance Monitoring

InkDecoder does not provide:

Compliance certification or attestation services
Audit trails for regulatory compliance purposes
Data residency guarantees for specific jurisdictions
Legal advice regarding regulatory compliance
Compliance monitoring or reporting services

9.3 Cross-Border Data Transfer Compliance

Users must consider:

Data localization requirements in their jurisdiction
Cross-border data transfer restrictions
Adequacy decisions for international data flows
Standard contractual clauses requirements
Binding corporate rules compliance

10. Security Incident Response

10.1 Incident Reporting

Report Security Issues: If you discover any security vulnerabilities or incidents, please report them immediately to our security team.

Report security incidents including:

Suspected unauthorized access to accounts
Unusual system behavior or errors
Potential data breaches or exposures
Malicious activity or attacks
Vulnerability discoveries
Compliance violations

10.2 Incident Response Limitations

Our incident response capabilities are limited to:

InkDecoder-controlled systems and data
Incidents directly affecting our service
Best-effort notification of affected users
Coordination with law enforcement when required

We cannot provide incident response for:

User device or network compromises
Third-party service security incidents
User-caused security violations
Incidents outside our technical control

10.3 User Incident Response Responsibilities

Users must:

Maintain their own incident response capabilities
Have procedures for potential data exposure incidents
Be prepared to notify relevant authorities as required
Maintain adequate cyber insurance coverage
Have backup and recovery procedures in place

11. Security Limitations

11.1 Technical Security Limitations

InkDecoder's security is limited by:

Current state of cybersecurity technology
Third-party service provider security capabilities
Cloud infrastructure security limitations
Budget and resource constraints
Threat landscape evolution
Regulatory and legal compliance requirements

11.2 No Security Guarantees High Risk

NO ABSOLUTE SECURITY: InkDecoder cannot and does not guarantee absolute security or protection against all possible threats, attacks, or vulnerabilities.

11.3 Evolving Threat Landscape

Security threats continuously evolve, and new vulnerabilities may be discovered that affect:

Our service infrastructure and applications
Third-party dependencies and integrations
Encryption and security protocols
AI processing systems and models
User devices and networks

12. Recommended Security Practices

12.1 Document Security Best Practices

We recommend users:

Classify Documents: Assess sensitivity before upload
Redact Sensitive Information: Remove PII and confidential data
Use Secure Networks: Avoid public Wi-Fi for sensitive documents
Verify Authorization: Ensure you have rights to process documents
Monitor Usage: Regularly review account activity
Backup Important Data: Maintain local copies of critical transcriptions

12.2 Account Security Best Practices

Use strong, unique passwords with password managers
Enable two-factor authentication when available
Regularly review and audit account access
Log out from shared or public devices
Keep contact information updated for security notifications
Monitor account statements and usage reports

12.3 Organizational Security Practices

Organizations should:

Develop clear policies for cloud service usage
Conduct security risk assessments
Provide security training for users
Implement data loss prevention (DLP) controls
Maintain incident response procedures
Consider additional encryption for sensitive documents

13. Security Contact Information

For security-related inquiries, vulnerability reports, or incident notifications:

Security Email: security@inkdecoder.com
General Support: support@inkdecoder.com
Subject Line: Use "SECURITY" prefix for urgent matters
Response Time: Security issues will be prioritized and addressed promptly

Vulnerability Disclosure: We welcome responsible security research and will work with researchers to address legitimate security concerns.

🇪🇺 GDPR Compliance Notice

European Union General Data Protection Regulation (GDPR) Compliance: This Security Disclaimer is designed to comply with GDPR requirements for EU residents. You have specific rights regarding your personal data including the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data.

Your GDPR Rights: You may exercise these rights at any time by contacting our Data Protection Officer. We will respond to all legitimate requests within one month as required by GDPR. For detailed information about how we process your data, please review our Privacy Policy.

Data Protection Officer: For GDPR-related inquiries, contact our Data Protection Officer at privacy@inkdecoder.com with "GDPR" in the subject line.

FINAL SECURITY REMINDER: InkDecoder is designed for defensive security and legitimate document processing only. Users assume all responsibility for security risks and must implement appropriate safeguards for their specific use cases.

InkDecoder Security & Use Disclaimer - Effective as of
Security is a shared responsibility between InkDecoder and our users.

🛡️ Security & Use Disclaimer

Table of Contents

1. Security Overview

1.1 Security Risk Classification

2. Data Security Disclaimers

2.1 Data Transmission Security Medium Risk

2.2 Data Storage Security Medium Risk

2.3 Image Processing Security Low Risk

3. Document Handling & Privacy

3.1 Sensitive Document Warnings High Risk

3.2 Document Redaction Requirements

3.3 Metadata and Hidden Information Medium Risk

4. Third-Party Service Risks

4.1 AI Processing Risks Medium Risk

4.2 Payment Security Low Risk

4.3 Infrastructure Dependencies

5. User Security Responsibilities

5.1 Document Security Assessment

5.2 Access Control High Risk

5.3 Network Security

6. Prohibited Content & Usage

6.1 Strictly Prohibited Uses High Risk

6.2 Regulated Content Restrictions

6.3 Defensive Security Applications

7. Account Security Warnings

7.1 Authentication Security Medium Risk

7.2 Session Security

7.3 Account Monitoring

8. Network & Transmission Security

8.1 Network Vulnerabilities Medium Risk

8.2 Corporate Network Considerations

8.3 International Data Routing

9. Compliance & Regulatory Disclaimers

9.1 Regulatory Compliance Responsibility High Risk

9.2 Audit and Compliance Monitoring

9.3 Cross-Border Data Transfer Compliance

10. Security Incident Response

10.1 Incident Reporting

10.2 Incident Response Limitations

10.3 User Incident Response Responsibilities

11. Security Limitations

11.1 Technical Security Limitations

11.2 No Security Guarantees High Risk

11.3 Evolving Threat Landscape

12. Recommended Security Practices

12.1 Document Security Best Practices

12.2 Account Security Best Practices

12.3 Organizational Security Practices

13. Security Contact Information

🇪🇺 GDPR Compliance Notice