This is a convenience translation. The German version is the legally binding one.
Legal & Compliance
All HexRead legal documents in one place — and how we prove our central privacy commitment.
Documents
- Legal Notice — Provider identification under §5 DDG (German Digital Services Act).
- Privacy Policy — How we process data (Art. 13/14 GDPR) + our zero-retention promise + cookie notice.
- Terms of Service — General terms and conditions (B2C/B2B).
- Withdrawal Notice — Consumer right of withdrawal + model withdrawal form.
- Service providers — Service providers and recipients we share data with to run the service.
Data sovereignty (EU-only)
HexRead processes documents entirely within the EU: all document processing — upload, transient staging and GPU conversion — happens on Scaleway infrastructure in fr-par-2 (France). There is no third-country processing of document content; third-country transfers exist only outside the document path (payment processing — see the privacy policy).
We operate HexRead in accordance with the GDPR: the privacy policy documents every processing activity with its purpose, legal basis and retention period.
Evidence
The central privacy feature is our falsifiable zero-retention promise: your documents are not stored. Every property of that promise is proven by automated checks against the running system — the published promise can never out-run the provable behaviour. The individual properties and the single deliberate exception (statutory retention of inbound invoices) are documented in the privacy policy, section 1.