Effective date: June 1, 2026.
Redactly is operated by Douglas Fullington, MD ("we," "us," "Redactly"). For privacy questions, contact Doug@redactly.pro.
Stripe, our payment processor, handles checkout. Stripe collects from you:
Stripe shares with us only what's needed to issue your license key and manage your subscription: your name, email, country, subscription status, and a Stripe-assigned customer identifier. We receive notifications when your subscription is created, paid, canceled, or refunded. See Stripe's privacy practices at stripe.com/privacy.
Pasting a key into the license bar sends one HTTPS request to our verification function containing only the key text. The function returns a yes/no answer. This request never carries your clinical text. Once a key is verified, it is cached in your browser's local storage and the tool can be used offline indefinitely.
Our host, Netlify, automatically records technical request data such as IP address, user agent, timestamp, and the URL or function path requested. This is used only for security, abuse prevention, and operating the site, and is retained for a short period per Netlify's standard practices. See netlify.com/privacy.
We do not use your information for advertising, profiling, or sale to third parties, and we do not perform automated decision-making with legal effects on you.
These are the only two processors that handle data on our behalf. We do not sell, rent, or trade your information.
Depending on where you live, you may have rights to access, correct, delete, export, or restrict processing of your personal information, and to object to certain uses. These include rights under the EU GDPR, UK GDPR, and the California Consumer Privacy Act (CCPA) among others. To exercise any of these rights, email Doug@redactly.pro. We'll respond within the time required by applicable law.
You can also:
Where the GDPR applies, our legal basis for processing the limited data described above is performance of a contract (delivering the Pro subscription you purchased) and our legitimate interests in operating the service securely and preventing abuse.
Stripe and Netlify operate globally and may process data in the United States. Both rely on standard contractual clauses and other recognized safeguards for international transfers as described in their privacy notices.
Redactly is intended for use by licensed healthcare professionals and is not directed to children under 16. We do not knowingly collect personal information from children.
Redactly is delivered over HTTPS with HSTS. The site loads no third-party scripts at
runtime and enforces a strict Content Security Policy (see netlify.toml in our
public repository). Payments are handled by Stripe, a PCI Level 1 certified processor.
No system is perfectly secure — if you believe you've found a vulnerability, please email
Doug@redactly.pro.
If we make material changes, we'll update the effective date above and, for active subscribers, send a notice by email. Continued use after an update means you accept the revised policy.
This policy describes what happens to your personal data. Redactly is not a HIPAA Business Associate, and using it does not by itself make your prompts to a non-BAA large language model HIPAA-compliant. You remain responsible for verifying that the de-identified output is acceptable before pasting it into any third-party tool.