Legal

Privacy Policy

Last updated: March 16, 2026

1. Overview

Ocilar ("we", "our", "us") operates ocilar.com and provides CAPTCHA solving, OCR extraction, and document AI services via API. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights regarding that data.

By using our website or API, you agree to the practices described in this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (optional)
  • Password (hashed, never stored in plain text)
  • Billing information (processed by our payment provider — we do not store card numbers)

2.2 API Usage Data

When you use our API, we collect:

  • API key identifier (not the key itself in logs)
  • Request timestamps, response times, and HTTP status codes
  • CAPTCHA type and solve result (success/failure)
  • IP address of the request origin
  • Token consumption and billing units

We do not store the content of images, documents, or CAPTCHA challenges you submit beyond what is necessary to process the request. Submitted content is deleted from our systems within 60 seconds of processing.

2.3 Website Analytics

We use Google Analytics 4 to collect anonymous usage data about how visitors interact with our website, including pages visited, session duration, and device type. This data is aggregated and cannot be used to identify you personally.

2.4 Cookies

We use the following cookies:

  • Session cookies — required for authentication, deleted when you close your browser
  • Analytics cookies — set by Google Analytics, used to understand traffic patterns

You can disable analytics cookies through your browser settings without affecting service functionality.

3. How We Use Your Information

  • To provide, operate, and improve our API services
  • To authenticate your identity and manage your account
  • To process payments and send billing receipts
  • To monitor for abuse, fraud, or violations of our Terms of Service
  • To send transactional emails (account creation, password reset, billing alerts)
  • To analyze aggregate usage patterns and improve service performance
  • To comply with legal obligations

We do not sell your personal data. We do not use your data to train AI models. We do not share your data with third parties for marketing purposes.

4. Data Sharing

We share data only with the following categories of service providers, strictly to operate our services:

  • Payment processors — to handle billing (e.g. Stripe). They operate under their own privacy policies and PCI-DSS compliance.
  • Cloud infrastructure providers — to host our servers and databases. Data is stored with encryption at rest.
  • Analytics providers — Google Analytics for anonymous website traffic analysis.

We may disclose your information if required by law, court order, or to protect the rights and safety of Ocilar and its users.

5. Data Retention

  • Submitted content (images, documents) — deleted within 60 seconds of processing
  • API request logs — retained for 90 days for billing verification and abuse detection, then deleted
  • Account data — retained while your account is active. Deleted within 30 days of account deletion request
  • Billing records — retained for 7 years as required by financial regulations

6. Security

We implement the following security measures to protect your data:

  • All data in transit is encrypted via TLS 1.2 or higher (HTTPS)
  • All data at rest is encrypted using AES-256
  • API keys are hashed before storage
  • Passwords are hashed using bcrypt with a minimum cost factor of 12
  • Access to production systems is restricted to authorized personnel only
  • We conduct regular security reviews and dependency audits

No system is 100% secure. If you discover a security vulnerability, please report it to security@ocilar.com.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Deletion — request deletion of your account and associated personal data
  • Portability — request your data in a machine-readable format
  • Objection — object to processing of your data for certain purposes
  • Opt-out of analytics — disable Google Analytics via browser settings or the Google Analytics opt-out browser add-on

To exercise these rights, contact us at privacy@ocilar.com. We will respond within 30 days.

8. International Data Transfers

Our services are operated from servers located in the United States. If you access our services from outside the United States, your data may be transferred to and processed in the United States or other countries. We ensure appropriate safeguards are in place for such transfers in accordance with applicable law.

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us at privacy@ocilar.com and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users via email of material changes. The "Last updated" date at the top of this page will always reflect the most recent revision. Continued use of our services after changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions or requests: