Privacy Policy

Last updated: 6 April 2026

OCR Forge ("we", "us", "our") is operated by BoerTech. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our OCR platform and website at ocrforge.co.za.

1. Information We Collect

We collect information you provide directly to us:

• Account information: Name, email address, company name when you sign up.
• Documents: Files you upload for OCR processing. These are encrypted at rest and in transit.
• Usage data: API call logs, page counts, processing times (no document content is logged).
• Payment information: Billing details processed securely by our payment providers (Stripe, PayFast).

2. How We Use Your Information

• To provide and maintain our OCR processing service
• To manage your account and API access
• To process payments and generate invoices
• To communicate service updates and support responses
• To monitor and improve platform performance

3. Document Processing & Data Handling

Your documents are processed using a zero-knowledge architecture:

• Documents are encrypted with AES-256 at rest (AWS KMS)
• All data transfer uses TLS 1.3 encryption
• Document content is never logged or stored beyond the processing result
• Source documents are automatically deleted after processing
• Results are retained for 30 days, then permanently deleted

4. Data Storage & Location

All data is stored in AWS af-south-1 (Cape Town, South Africa). Your data does not leave South African jurisdiction unless you explicitly configure cross-region delivery.

5. Data Sharing

We do not sell, trade, or rent your personal information. We may share data only:

• With service providers who assist in operating our platform (AWS, payment processors)
• When required by South African law or valid legal process
• To protect our rights, privacy, safety, or property

6. Your Rights (POPIA)

Under the Protection of Personal Information Act (POPIA), you have the right to:

• Access your personal information we hold
• Request correction of inaccurate information
• Request deletion of your personal information
• Object to the processing of your personal information
• Lodge a complaint with the Information Regulator

7. API Keys & Security

API keys are cryptographically generated and can be rotated at any time. We recommend rotating keys every 90 days. If you suspect your key has been compromised, contact us immediately to suspend and rotate it.

8. Cookies

Our website uses minimal cookies for essential functionality (session management, preferences). We do not use third-party tracking cookies or analytics that collect personal data.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice on our website.

10. Contact Us

For privacy inquiries or to exercise your rights:

• Email: support@ocrforge.co.za
• Website: www.ocrforge.co.za