Privacy Policy

Last updated: March 2026

Overview

passport-ocr.com ("we", "our", "the Service"), operated by Pixel Analytics LLC (Wyoming), is an OCR-as-a-service that extracts structured data from passport Machine Readable Zones (MRZ). We are committed to protecting your privacy and handling data responsibly. This policy explains what data we collect, how we use it, and your rights.

Zero Data Retention for Images

All passport images submitted to our API are processed entirely in-memory. We never store uploaded images or OCR output to disk, database, or any persistent storage. Once your API request completes, the image data and extraction results are immediately discarded from server memory. There are no logs, backups, or caches of your passport images.

Anonymous Rate Limiting

For anonymous (free) requests, we generate a SHA-256 hash derived from your IP address, User-Agent, Accept-Language, and Accept-Encoding headers. This hash is used solely to enforce the daily rate limit of 10 free requests. The hash is a one-way function and cannot be reversed to recover your original information. No personally identifiable information (PII) is stored for anonymous users. These hashes are automatically deleted at midnight UTC each day.

Account Data

If you create an account (to purchase credits), we store the following:

  • Email address — used for authentication (magic link login), purchase receipts, and low-credit notifications.
  • API key hashes — your API keys are stored as SHA-256 hashes. We cannot recover the original key.
  • Credit balance and purchase history — the number of credits in your account and records of purchases.
  • Request metadata — timestamps, response status, and processing time for API requests. No image data or OCR results are logged. Metadata is retained for 90 days.

Payment Processing

All payments are processed by Stripe. We do not store credit card numbers, CVVs, or full payment details on our servers. Stripe handles all sensitive payment information in accordance with PCI DSS standards. We only store a reference to your Stripe customer ID to link purchases to your account.

Cookies

We use cookies solely for session management when you are logged into your dashboard. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

Third-Party Services

We use the following third-party services:

  • Stripe — payment processing
  • Resend — transactional email delivery (magic links, receipts, alerts)

Data Security

All API communication is encrypted via TLS (HTTPS). API keys are stored as irreversible SHA-256 hashes. Our infrastructure runs on Kubernetes with network isolation between services. Redis data (rate limits, caches) uses short TTLs and is automatically purged.

Your Rights

You may request deletion of your account and all associated data at any time by contacting us. Since we do not store any passport images or OCR results, there is no image data to delete. Upon account deletion, your email, API key hashes, credit balance, and request metadata will be permanently removed.

Contact

For privacy-related inquiries, contact us at [email protected].