Is Airparser GDPR compliant?

Yes. Airparser is GDPR compliant by design. This includes AES-256 encryption at rest, TLS 1.2+ in transit, configurable data retention (1–180 days), no training on customer data, Standard Contractual Clauses (SCCs) for EU data transfers, and a Data Processing Agreement (DPA) available for enterprise customers.

Where is my data stored?

Airparser's primary databases and object storage are located in the United States, hosted on Amazon S3, Google Cloud Platform, and DigitalOcean. All data is encrypted with AES-256 at rest. For EU customers, cross-border data transfers are covered by Standard Contractual Clauses (SCCs) — the GDPR-approved legal mechanism for transfers to third countries. You can also configure automatic deletion per inbox to minimise retention.

Can I set automatic data deletion?

Yes. Each inbox has configurable data retention settings. You can set documents and extracted data to be automatically deleted after 1 day, 7 days, 30 days, or a custom period. This helps satisfy GDPR's data minimization requirements.

What kind of sensitive documents can I safely process with Airparser?

Airparser is used by customers to process invoices, contracts, KYC documents (passports, ID cards), resumes, medical forms, and financial documents — all under GDPR-compliant terms. The DPA, encryption, and retention controls make it appropriate for regulated use cases.

How does Airparser compare to using ChatGPT for GDPR-sensitive documents?

Uploading sensitive documents to ChatGPT means OpenAI processes that data under their terms, which may not satisfy GDPR data processor requirements for your use case. Airparser provides a DPA, configurable retention, no model training, and audit logs — the compliance infrastructure that generic AI chat products don't offer.

GDPR Compliant · AES-256 · No training on your data

GDPR-compliant document parsing for regulated industries

Airparser extracts structured data from your documents without sending them to AI models under uncontrolled terms. GDPR compliant by default — with encryption, configurable retention, audit trails, and a DPA.

Start for free → View security overview

GDPR compliant

AES-256 encryption

No training on your data

Configurable data retention

DPA available

SCCs for EU transfers

Why document parsing is a GDPR risk — and how to manage it

Document parsing almost always involves personal data. Invoices contain customer names and addresses. Resumes contain candidate details. Contracts contain party information. KYC documents contain identity data.

When you send these documents to an AI model — via ChatGPT, Claude, or a raw API call — several questions arise that GDPR requires you to answer:

Who is the data processor?

Under GDPR, any service that processes personal data on your behalf must sign a Data Processing Agreement (DPA). Many generic AI APIs don't offer this — or offer terms that aren't compatible with EU requirements.

Where is data stored and for how long?

GDPR requires you to know where personal data goes and to limit retention to what's necessary. With a generic LLM API, data retention and storage jurisdiction are controlled by the provider.

Is the data used to train models?

Some AI providers use API data to improve their models by default. Under GDPR, using personal data for model training requires a clear legal basis and often explicit consent.

Can you demonstrate compliance to auditors?

Enterprise customers and regulated industries need audit trails — logs showing what data was processed, when, and how. A chat-based workflow doesn't produce these records.

How Airparser handles GDPR compliance

Data Processing Agreement (DPA)

Airparser provides a signed DPA for enterprise customers, establishing the legal framework for processing personal data under GDPR Article 28. Available on request for Business and custom plans.

AES-256 encryption at rest and TLS 1.2+ in transit

All documents and extracted data are encrypted with AES-256 at rest and TLS 1.2 or higher in transit. Data is never stored unencrypted at any point in the processing pipeline. Object storage uses encrypted Amazon S3.

Configurable data retention

Set automatic deletion policies per inbox — delete documents and extracted data after 1 day, 7 days, 30 days, or never store them at all. Retention is enforced automatically.

No training on your data

Your documents are never used to train or improve AI models — by Airparser or its underlying model providers. This is a firm policy, not a default that needs to be opted out of.

Audit trail

Every document processed is logged with timestamps, extraction results, and delivery status. Logs are available via the dashboard and API for compliance review.

Standard Contractual Clauses (SCCs) for international transfers

Airparser's primary infrastructure is hosted in the United States (Amazon S3, Google Cloud Platform, DigitalOcean). For EU customers, data transfers are covered by Standard Contractual Clauses (SCCs) — the GDPR-approved mechanism for lawful cross-border data processing.

Limited, vetted subprocessors

Only a minimal set of vetted subprocessors is used: cloud hosting (Amazon S3, Google Cloud, DigitalOcean), payments (Stripe), support (Crisp), and AI services (OpenAI, Anthropic). Only the minimum necessary data is shared with each. Full subprocessor list available on request.

Industries that require GDPR-compliant document parsing

🏦

Finance & accounting

Invoice processing, bank statement extraction, financial document parsing for audit and reconciliation workflows.

Invoices · Bank statements · Financial reports

⚖️

Legal & contracts

Contract data extraction, clause analysis, and document review for law firms and in-house legal teams.

Contracts · NDAs · Court documents

🏥

Healthcare

Patient form processing, insurance document extraction, and clinical data capture with strict data handling.

Patient forms · Insurance docs · Referrals

🛂

KYC & identity

Identity document extraction for onboarding, AML workflows, and customer verification at scale.

Passports · ID cards · Proof of address

🏢

HR & recruiting

Resume parsing and employee document processing with candidate data protection requirements.

Resumes · Employment contracts · Offer letters

🚚

Logistics

Shipping document extraction for supply chains operating across multiple jurisdictions and regulatory frameworks.

Bills of lading · Customs docs · Manifests

Airparser vs. generic LLM API — compliance comparison

Compliance requirement	Generic LLM API	Airparser
Data Processing Agreement (DPA)	✗	✓
AES-256 encryption at rest	Varies	✓
TLS 1.2+ encryption in transit	Varies	✓
Configurable data retention (1–180 days)	✗	✓
No training on your data	✗	✓
Audit trail / processing logs	✗	✓
Standard Contractual Clauses (SCCs)	Varies	✓
Per-document deletion on request	✗	✓
Limited vetted subprocessors	✗	✓

Parse documents with confidence — GDPR compliant by default

Free trial — 30 documents included. DPA and security documentation available on request.

Start for free → Security overview

GDPR-compliant document parsing for regulated industries

Why document parsing is a GDPR risk — and how to manage it

How Airparser handles GDPR compliance

Data Processing Agreement (DPA)

AES-256 encryption at rest and TLS 1.2+ in transit

Configurable data retention

No training on your data

Audit trail

Standard Contractual Clauses (SCCs) for international transfers

Limited, vetted subprocessors

Industries that require GDPR-compliant document parsing

Finance & accounting

Legal & contracts

Healthcare

KYC & identity

HR & recruiting

Logistics

Airparser vs. generic LLM API — compliance comparison

Parse documents with confidence — GDPR compliant by default

Frequently asked questions

Ready to grow your business? This is where you start.