Privacy Policy

Last updated: 19 March 2026  ·  Version 1.0

1. Who we are (Data Controller)

Second Read is developed and operated by:

[COMPANY NAME]
[Street address]
[Postcode] [City], Germany
E-Mail: info@secondread.eu

If you have any questions about this privacy policy or how we handle your data, please contact us at the address above.

2. What data we collect and why

2.1 Document content

When you scan, photograph, import, or dictate a document in the app, the content of that document is sent to a large language model (AI) service for analysis. The purpose is to generate a plain-language summary and urgency rating.

Legal basis: Art. 6(1)(b) GDPR — processing is necessary to perform the service you requested.

2.2 AI processing by a third party

Document content is processed by OpenAI, L.L.C. (San Francisco, USA) via their API. OpenAI acts as a data processor on our behalf. We have a Data Processing Agreement (DPA) in place with OpenAI. Data may be transferred to the United States under Standard Contractual Clauses (SCCs) approved by the European Commission.

OpenAI's privacy policy: openai.com/privacy

Note: update the AI provider name if you switch to a different model or provider.

2.3 Data stored on your device

Scanned documents, summaries, and your app settings are stored locally on your device only. We do not operate a cloud sync service and do not have access to documents stored on your device.

2.4 API key (optional)

If you enter your own API key in Settings, it is stored securely in your device's Keychain. It is never transmitted to us.

2.5 Website analytics

This website [does / does not — choose one] use analytics tools. [If yes: We use [tool name] to understand how visitors use our site. This may involve processing your IP address. Legal basis: Art. 6(1)(f) GDPR — legitimate interest in improving our product. You can opt out via [link].]

3. How long we keep your data

Document content sent to the AI API is not stored by us after the analysis is returned. OpenAI retains API inputs for up to 30 days for safety purposes, after which they are deleted, unless you have opted out of this retention via OpenAI's settings.

Data stored on your device remains until you delete it within the app or uninstall the app.

4. Your rights under GDPR

You have the right to:

  • Access — request a copy of any personal data we hold about you (Art. 15)
  • Rectification — ask us to correct inaccurate data (Art. 16)
  • Erasure — ask us to delete your data ("right to be forgotten") (Art. 17)
  • Restriction — ask us to limit how we process your data (Art. 18)
  • Portability — receive your data in a portable format (Art. 20)
  • Objection — object to processing based on legitimate interests (Art. 21)

To exercise any of these rights, contact us at info@secondread.eu. We will respond within 30 days.

5. Children's privacy

Second Read is not directed at children under the age of 16. We do not knowingly collect data from children. If you believe a child has submitted personal data to us, please contact us and we will delete it promptly.

6. Right to lodge a complaint

If you believe we are processing your personal data unlawfully, you have the right to lodge a complaint with a data protection supervisory authority. In Germany, the relevant authority is the supervisory authority of the state in which our company is registered. A list of all German supervisory authorities is available at: www.bfdi.bund.de.

7. Changes to this policy

We may update this privacy policy from time to time. We will notify users of significant changes via a notice in the app. The date at the top of this page reflects when it was last updated.