Parselo
Tarifs Documentation
Se connecter Commencer gratuitement

Parselo — Privacy Policy

Effective date: June 10, 2026 Last updated: June 9, 2026

PARSELO (“Parselo.io”, “Parselo”, “we”, “us”, “our”) provides a software development kit (SDK) and platform that lets developers add machine-readable identity-document scanning to their own applications. This Privacy Policy explains what personal information Parselo collects as a business operating the platform, how we use and protect it, and your rights.

This Policy is written to reflect a deliberate design choice that is central to how Parselo works:

The data scanned from an identity document is processed on the end user’s device and is never sent to, stored by, or accessible to Parselo.

Section 2 explains this in detail and explains the boundary between what Parselo handles and what our customers handle.

1. Who this Policy covers

This Policy applies to personal information we handle about:

  • Customers — the developers, businesses, and their authorized users who create accounts, use the dashboard and developer portal, obtain licence keys, and pay for the Service; and
  • Website visitors — people who visit parselo.io and related pages.

This Policy does not govern how our customers handle the personal information of their end users. When a business integrates the Parselo SDK into its own application, that business decides why and how identity documents are scanned and is responsible for its own privacy practices and notices. If you are an end user whose ID was scanned by an app that uses Parselo, please refer to that app’s privacy policy.

2. The on-device model — data we never receive

2.1 Scanning happens on the device. The Parselo SDK decodes barcodes and machine-readable zones on the end user’s device, using the device’s own capabilities. The structured fields it produces — for example, name, date of birth, document number, address, expiry, MRZ content, or magnetic-stripe content (together, “document data”) — are returned inside the customer’s application, on the device.

2.2 Document data does not flow to Parselo. Parselo does not receive, transmit, store, log, or have access to document data. There is no Parselo endpoint that document data is sent to. We cannot read it, retrieve it, or produce it, because we never hold it.

2.3 Licence checks are offline. The licence credential that authorizes SDK use is verified on the device against an embedded public key, with no call to Parselo at the time of verification. A licence check does not transmit document data or other personal information to us.

2.4 What this means for you. Because document data stays on the device and is handled by the customer’s application, the customer — not Parselo — is the organization responsible for that information under applicable privacy law. Parselo’s responsibilities under this Policy relate to the limited information described in Section 3.

3. Personal information we collect

We collect the following, depending on how you interact with us:

3.1 Account information. When you register, we collect your email address and authentication information through our managed identity service, and any name, company, or profile details you provide. Passwords are handled by the identity service and are not stored by us in plain text.

3.2 Billing information. When you subscribe, billing is handled by our third-party payment processor (Stripe). We receive limited billing metadata such as a customer identifier, subscription plan and status, invoices, and the result of payments. We do not collect or store full payment-card numbers; card details are handled by the payment processor.

3.3 Usage Data (PII-free). The Service measures use through metadata-only events generated by the SDK and platform — for example, scan counts, timestamps, document-type category, platform, and your application’s bundle identifier. These events are designed to contain no personal information about end users and no document data. Usage Data is associated with your Parselo account so we can report your usage and calculate billing.

3.4 Website and technical data. When you visit our website or use the dashboard, we and our infrastructure providers may collect technical information such as IP address, device and browser information, and log data, and may use cookies or similar technologies as described in Section 12.

3.5 Communications. If you contact us (for example, by email or support request), we collect the information you provide and our correspondence.

4. Information we do not collect

For clarity, Parselo does not collect, store, or have access to:

  • document data scanned by the SDK (name, date of birth, document number, address, expiry, MRZ, or magnetic-stripe content) — see Section 2;
  • images of identity documents or of end users; or
  • biometric identifiers. The SDK reads encoded or printed text; it does not perform facial recognition, fingerprinting, or other biometric matching.

5. How we use personal information

We use the information in Section 3 to:

  • provide, operate, secure, and improve the Service;
  • create and manage your account and authenticate you;
  • measure usage, calculate billing, process payments, and manage subscriptions;
  • generate aggregate and statistical insights about platform usage (which do not identify end users);
  • communicate with you about your account, the Service, security, and support, and — where permitted — about features and offers;
  • detect, prevent, and address fraud, abuse, security, and technical issues; and
  • comply with legal obligations and enforce our Terms.

We collect and use personal information with your consent and as otherwise permitted or required by applicable law, including Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec’s Act respecting the protection of personal information in the private sector (as amended by Law 25). Where we rely on consent, you may withdraw it as described in Section 11, subject to legal and contractual limits.

7. How we share personal information

7.1 We do not sell personal information.

7.2 We share personal information only:

(a) with service providers that process information on our behalf to run the Service (see Section 8); (b) for legal reasons — to comply with applicable law, legal process, or a lawful request, or to protect the rights, safety, or property of Parselo, our customers, or others; and (c) in a business transfer — in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate confidentiality and continuity of this Policy.

8. Service providers (sub-processors)

We use the following categories of service providers.

ProviderPurposeProcessing location
Amazon Web ServicesHosting, storage, identity, analytics infrastructureCanada — ca-central-1 region
StripeSubscription billing and payment processingUnited States

We require service providers to protect personal information and to use it only to provide services to us.

9. Where your information is processed; cross-border transfers

9.1 We host the core Service in the Canada (ca-central-1) region.

9.2 Some service providers (for example, our payment processor) may process personal information outside Quebec or outside Canada (for example, in the United States). Where we transfer personal information outside Quebec, we will assess the protection it will receive and put appropriate measures in place, as required by Law 25.

10. Retention

10.1 We keep personal information only as long as necessary for the purposes in this Policy or as required by law.

10.2 Account information is kept while your account is active and for a reasonable period afterward; billing records are kept as required for tax and accounting purposes; Usage Data is kept for 1 year for reporting, billing, and analytics. We then delete or de-identify it, although we’ll provide you with means to export your dashboard data before deletion.

11. Your privacy rights

Subject to applicable law, you may:

  • access the personal information we hold about you;
  • correct inaccurate or incomplete information;
  • withdraw consent to certain processing;
  • request deletion of your information, subject to legal and contractual limits; and
  • request a copy of certain information in a structured, commonly used, machine-readable format (data portability), where applicable.

To exercise these rights, contact privacy@parselo.io. We will verify your identity and respond within the timeframe required by law (generally 30 days under Quebec law).

If you are an end user asking about data scanned by an application that uses Parselo, please contact the operator of that application; Parselo does not hold that data (see Section 2).

12. Cookies and similar technologies

12.1 Our website and dashboard use cookies and similar technologies for authentication, security, preferences, and basic analytics. The dashboard requires authentication cookies/tokens to function.

12.2 You can control cookies through your browser settings; disabling some cookies may affect functionality.

13. Children

The Service is intended for businesses and developers and is not directed to children, and we do not knowingly collect personal information from children through the Service.

14. Automated decision-making

Parselo does not use the limited personal information it holds (Section 3) to make decisions about you based solely on automated processing that produce legal or similarly significant effects. The SDK is a tool that customers use within their own applications; any automated decision-making in a customer’s application is the customer’s responsibility.

15. Security

We use technical and organizational measures designed to protect personal information, including encryption in transit and at rest, managed authentication, access controls, key management through a hardware-backed key service, and the deliberate practice of keeping Usage Data PII-free to reduce risk. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

16. Changes to this Policy

We may update this Policy from time to time. If we make a material change, we will update the “Last updated” date and provide notice where required via your registered email.

17. Privacy officer, contact, and complaints

17.1 Person responsible for privacy. Parselo has designated a person responsible for the protection of personal information, as required by Quebec law. You can reach them at:

Esteban Garro egarro@parselo.io 3465 Ridgewood Ave. Montreal, QC

17.2 Complaints. If you have a concern, please contact us first. You also have the right to contact the relevant regulator:

  • the Office of the Privacy Commissioner of Canada (OPC); and/or
  • for Quebec residents, the Commission d’accès à l’information du Québec (CAI).