Privacy Policy

Last updated: January 2, 2026

At Onomastic, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our book indexing service.

Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • First and last name
  • Password (encrypted)
  • Payment information (processed securely through Stripe)

OAuth Information

If you sign in with Google, we collect:

  • Email address from your Google account
  • First and last name from your Google profile
  • Google account ID (for authentication purposes)
  • Profile picture URL (if provided)

Document Content

When you upload documents for indexing, we store:

  • The uploaded PDF files
  • Extracted text content from your documents
  • Generated index entries and metadata
  • Processing status and history

Usage Information

We automatically collect certain information about your use of our service:

  • Session data and authentication tokens
  • API usage and processing history
  • Browser type and operating system
  • IP address and geographic location (for security purposes)

How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our indexing service
  • Process your documents and generate indexes using AI technology
  • Process payments and prevent fraudulent transactions
  • Send you service-related notifications and updates
  • Respond to your comments, questions, and customer support requests
  • Improve and optimize our service based on usage patterns
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our Terms of Service

AI Processing and Third-Party Services

Anthropic Claude API

We use Anthropic's Claude API to analyze your document content and extract index entries. Your document text is sent to Anthropic's servers for processing. Anthropic's data usage policies apply to this processing. According to Anthropic's terms, they do not train models on customer data submitted via the API.

Amazon Web Services (AWS)

We store your uploaded documents and generated indexes on Amazon S3, which is encrypted at rest and in transit. AWS's privacy and security policies apply to this storage.

Stripe

Payment processing is handled by Stripe. We do not store your complete credit card information on our servers. Stripe's privacy policy governs their handling of your payment data.

Google OAuth

If you choose to sign in with Google, Google's privacy policy governs their handling of your authentication data.

Data Security

We implement appropriate technical and organizational measures to protect your information:

  • All data transmission is encrypted using HTTPS/TLS
  • Passwords are hashed using bcrypt before storage
  • Document storage on AWS S3 is encrypted at rest
  • Session data is stored securely in PostgreSQL
  • Access to user data is restricted to authorized personnel only
  • We regularly review and update our security practices

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Your Rights and Choices

Access and Correction

You can access and update your account information at any time through your account settings page.

Data Deletion

You can delete your uploaded documents at any time from your workspace. To delete your entire account and all associated data, please contact us at privacy@onomastic.com.

Data Export

You can export your index data at any time using our export functionality. For a complete copy of your personal data, contact us at privacy@onomastic.com.

Marketing Communications

We only send service-related emails (e.g., processing notifications, security alerts). We do not send marketing emails without your explicit consent.

Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy:

  • Account information is retained until you delete your account
  • Uploaded documents and generated indexes are retained until you delete them
  • Payment transaction records are retained for 7 years for accounting and legal compliance
  • Session data expires after 30 days of inactivity
  • Deleted documents and accounts are permanently removed from our systems within 30 days

Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@onomastic.com.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically for any changes.

Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: