Executive Summary — Data Integrity & Sovereignty

  • IP Ownership: Users retain 100% ownership and Intellectual Property (IP) rights of any uploaded content and documents.
  • Zero-Training Policy: We strictly prohibit the use of user-submitted content to train, refine, or improve any machine learning models. All AI processing is conducted through enterprise-tier provider agreements that contractually prohibit the use of customer data for model development.
  • User-Controlled Retention: Parallang does not perform automated deletion of successfully processed files. Users maintain control over the retention and removal of their completed documents through the dashboard interface. Note: Documents that fail during processing may be automatically marked as failed and their credits refunded by our system recovery processes.
  • Financial Isolation: All financial transactions are managed exclusively through a PCI-DSS Level 1 certified payment processor. Parallang does not store, process, or transmit credit card data.

I Statutory Compliance Framework

Parallang is committed to aligning with the following global data protection regulations:

  1. Australia: Privacy Act 1988 and the Australian Privacy Principles (APPs).
  2. European Union & UK: General Data Protection Regulation (GDPR) — we are actively working toward full compliance including Data Processing Agreements with all sub-processors.
  3. United States: California Consumer Privacy Act (CCPA/CPRA) — we honor data deletion and access requests from all users regardless of jurisdiction.
For inquiries regarding our compliance framework or to request a copy of our sub-processor list, contact contact@parallang.com.

II Processing Architecture

Parallang employs a multi-stage automated workflow for document digitalization and translation:

  • Isolated Processing Infrastructure: Document processing is handled by dedicated, purpose-built services running on isolated container instances within our cloud infrastructure. Each service communicates through encrypted channels, ensuring strict separation of concerns throughout the processing pipeline.
  • Organizational Isolation: Processing tasks are strictly segregated on a per-organization basis, ensuring that one organization's data is never mixed with another's during processing.
  • AI Processing Privacy: All AI-powered linguistic processing is conducted through enterprise-tier agreements with our providers. Under these agreements, providers are contractually prohibited from logging, storing, or utilizing document content for their own model development or any purpose beyond fulfilling the immediate processing request.
  • No Human-in-the-Loop: Parallang personnel do not have access to user document content during normal operations. Staff access to document data occurs only when a user formally initiates a technical support request.

III Infrastructure & Data Residency

  • Cloud Hosting & Data Residency: Our core infrastructure is hosted within the Asia-Pacific (Sydney) region, ensuring data residency within Australia's borders. This provides alignment with the Australian Privacy Act and low-latency access for users in the Asia-Pacific region.
  • Database Security: We utilize dedicated, enterprise-grade database clusters with built-in security features including network isolation, authentication enforcement, and encrypted storage volumes.
  • Provider Certifications: Our cloud and database infrastructure providers maintain SOC 2 Type II and ISO 27001 certifications for their respective platforms. Parallang leverages these certified environments to protect user data, but does not independently hold these certifications at this time.

IV Cryptographic Controls & Technical Security

We implement a layered security strategy to safeguard data assets:

  1. Encryption In-Transit: All data transmitted between the user interface and our servers is protected via TLS 1.2/1.3 (Transport Layer Security) protocols, enforced at the infrastructure level through our CDN and load balancer configuration.
  2. Encryption At-Rest: Documents stored in our object storage and database records are encrypted at rest using AES-256 encryption as provided by default by our infrastructure providers. This means all stored data, including documents, metadata, and backups, is encrypted at the storage layer.
  3. Deletion Protocol: When a user deletes a file through the platform interface, a cascading deletion is performed: the document record, all associated page records, version data, and the corresponding binary files in object storage are permanently removed from the active production environment. Standard database backup retention policies from our infrastructure providers may retain residual data for a limited period as part of disaster recovery provisions.

V Data Retention and User Control

  • Persistence by Choice: Successfully processed documents remain securely stored in your dashboard until you choose to manually remove them. Parallang does not impose automated deletion cycles on completed documents.
  • Automated Recovery: Documents that encounter technical issues during processing may be automatically marked as "failed" by our system recovery service and associated credits refunded. This is a reliability mechanism and does not affect successfully processed documents.
  • Backup Retention: Our database provider maintains automated backup snapshots for disaster recovery purposes. Following a user-initiated deletion, residual data in backup snapshots is overwritten as backups naturally rotate per the provider's retention schedule.

VI Global User Rights

In alignment with international data protection standards, we provide the following rights to all users regardless of jurisdiction:

  • Right to Deletion: Users may request the deletion of their account and all associated personal data, including documents, processing history, and account metadata, by contacting contact@parallang.com.
  • Right to Access: Users may request a summary of the personal data we hold about them.
  • Document Download: Users may download their processed documents (DOCX format) at any time through the platform interface.
  • Inquiry & Redress: Privacy-related concerns can be directed to contact@parallang.com. We commit to acknowledging inquiries within 5 business days and resolving them within 15 business days.

VII Governing Law and Jurisdiction

This policy is governed by the laws of Queensland, Australia. Any disputes arising from this policy or the use of Parallang services shall be subject to the exclusive jurisdiction of the courts in Brisbane, QLD.