Privacy Policy

Last Updated: November 7, 2025

1. Introduction

This Privacy Policy describes how My Typo ("we," "our," or "us") collects, uses, and protects your personal information when you use the My Typo service, including the My Typo Microsoft Store add-in for Microsoft Word (the "Service"). My Typo is an AI-powered service designed to help legal professionals and other users identify typos and errors in their documents.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Data Controller Information

The data controller responsible for processing your personal information is Pierre TOURÉ.

Email: pierre@my-typo.com

For any questions, concerns, or requests regarding your personal data, please contact us using the email address above or through our contact page.

3. How We Collect Data

We collect personal information through the following methods:

• Direct User Input: When you create an account, you provide your email address and create a password. When you contact us, you may provide additional information.
• Forms: Information collected through account registration forms, contact forms, and subscription forms.
• Cookies and Tracking Technologies: We use cookies and similar tracking technologies to collect usage analytics and maintain your authentication session. See Section 6 for detailed information about cookies.
• API Interactions: When you use the Service to analyze documents, data is transmitted through our API for processing.
• Payment Processors: Payment and billing information is collected by our payment processor when you make a purchase.
• Automatic Collection: Device information, browser type, IP address, and usage patterns are automatically collected through analytics services.

4. Information We Collect

We collect the following types of personal information:

4.1 Account Information

When you create an account with My Typo, we collect:

• Email address
• Encrypted password (stored securely using industry-standard encryption)

This information is collected and stored by Supabase, our authentication and database service provider.

4.2 Payment and Billing Information

When you make a purchase or subscription payment, we collect payment and billing information through Stripe, our payment processing service provider. Stripe handles all payment card information in accordance with PCI DSS standards. We do not store your full payment card details on our servers.

4.3 Usage Analytics

We collect usage analytics and telemetry data through PostHog, our analytics service provider. This information may include:

• Feature usage and interactions
• Performance metrics
• Error logs and diagnostics
• Device and browser information
• IP address

This data helps us improve the Service and understand how users interact with My Typo. You can opt out of analytics tracking as described in Section 10.

4.4 Document Content

When you use My Typo to analyze documents, the document content is processed temporarily in memory during analysis. We do not store your documents, their content, or analysis results on our servers.

5. Legal Basis for Processing

Under the GDPR and other applicable data protection laws, we process your personal information based on the following legal bases:

• Contract Performance: We process your account information, payment information, and document content to perform our contract with you and provide the Service you have requested. This includes authentication, payment processing, and document analysis.
• Legitimate Interest: We process usage analytics data based on our legitimate interest in improving our Service, understanding user behavior, and ensuring service security and performance. You have the right to object to this processing as described in Section 10.
• Legal Obligation: We may process your information to comply with legal obligations, such as tax reporting, fraud prevention, or responding to legal requests.
• Consent: Where we rely on consent for specific processing activities (such as optional analytics), you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

If you have questions about the legal basis for any specific processing activity, please contact us using the information provided in Section 15.

6. How We Use Your Information

We use the collected information for the following purposes:

• Service Provision: To provide, maintain, and improve the My Typo service
• Authentication: To authenticate your identity and manage your account
• Payment Processing: To process payments and manage subscriptions
• Analytics: To analyze usage patterns and improve service performance
• Communication: To send you service-related notifications and respond to your inquiries
• Legal Compliance: To comply with applicable laws and regulations

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information about your use of the Service. This section explains what cookies we use and why.

7.1 Types of Cookies We Use

Essential Cookies

These cookies are necessary for the Service to function properly. They enable core functionality such as authentication and security.

• Supabase Authentication Cookies: These cookies are used to maintain your login session and authenticate your identity. They are essential for account access and cannot be disabled.

Analytics Cookies

These cookies help us understand how visitors interact with the Service by collecting and reporting information anonymously.

• PostHog Cookies: PostHog uses cookies to track usage patterns, feature interactions, and performance metrics. These cookies help us improve the Service. You can opt out of PostHog tracking as described in Section 10.

7.2 Cookie Management

You can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. However, disabling essential cookies may affect your ability to use certain features of the Service.

For more information about managing cookies, please visit:

• Google Chrome
• Mozilla Firefox
• Microsoft Edge
• Safari

8. Data Processing and Storage

8.1 AI Model Processing

My Typo uses AI models hosted on Microsoft Azure to process your documents for typo detection and analysis.

Data Storage Location: Document content processed by Azure AI models is stored in data centers located in Europe. This data may be retained by Azure for up to 30 days.

Data Access: Azure may access document content only if they detect usage violations (e.g., attempts to misuse the service for malicious purposes). Under normal circumstances, Azure does not access your document content.

Computation: While data storage is limited to Europe, computation may occur worldwide on Azure's global infrastructure to ensure optimal performance and availability.

8.2 Local Storage

Analysis history and preferences are stored locally in your web browser or device. We do not have access to this locally stored data, and it will not be available if you switch browsers or devices.

9. Third-Party Services

We use the following third-party services to operate My Typo. We do not sell your personal information to third parties. We only share data with these service providers as necessary to provide the Service:

• Supabase: Authentication and database services for account management. Supabase processes your account information to enable authentication and account management.
• Stripe: Payment processing and billing management. Stripe processes payment information to facilitate transactions and subscription management.
• PostHog: Usage analytics and product analytics. PostHog processes usage data to help us understand how the Service is used and improve user experience. You can opt out as described in Section 10.
• Microsoft Azure: AI model hosting and document processing. Azure processes document content temporarily to provide the AI services.

These third-party services have their own privacy policies governing the collection and use of your information. We encourage you to review their privacy policies to understand how they handle your data:

• Supabase Privacy Policy
• Stripe Privacy Policy
• PostHog Privacy Policy
• Microsoft Privacy Statement

10. International Data Transfers

Your personal information may be transferred to and processed in countries outside your country of residence, including the United States and other jurisdictions where our service providers operate.

European Economic Area (EEA) Transfers: When we transfer personal data from the EEA to countries outside the EEA, we ensure appropriate safeguards are in place. Microsoft Azure stores data in Europe and operates under GDPR-compliant data processing agreements. Our other service providers (Supabase, Stripe, PostHog) have implemented appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules (where applicable)
• Certification schemes and codes of conduct
• Adequacy decisions by the European Commission

United States Transfers: For transfers to the United States, we rely on appropriate safeguards such as Standard Contractual Clauses and ensure our service providers comply with applicable data protection requirements.

If you have questions about international data transfers or wish to obtain a copy of the safeguards we use, please contact us using the information in Section 15.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of passwords
• Secure authentication protocols
• Regular security assessments
• Access controls and monitoring
• Secure data transmission (HTTPS/TLS)
• Regular security updates and patches

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

12. Data Retention and Deletion

Account Information: We retain your account information for as long as your account is active or as needed to provide you with the Service. You may request deletion of your account at any time.

Document Content: We do not store your document content. Documents are processed in memory only during analysis. Azure may retain document content for up to 30 days in cases where abuse is detected.

Analytics Data: Usage analytics data is retained in accordance with PostHog's data retention policies. You can request deletion of your analytics data by contacting us.

Upon account deletion, we will delete or anonymize your personal information, except where we are required to retain it for legal compliance purposes (such as tax records, fraud prevention, or legal disputes).

13. Your Rights

Depending on your location, you may have certain rights regarding your personal information, including:

• Access: The right to access and receive a copy of your personal information
• Correction: The right to correct inaccurate or incomplete personal information
• Deletion: The right to request deletion of your personal information (also known as the "right to be forgotten")
• Portability: The right to receive your personal information in a structured, commonly used, and machine-readable format
• Objection: The right to object to processing of your personal information, particularly for direct marketing or legitimate interest-based processing
• Restriction: The right to request restriction of processing of your personal information
• Withdrawal of Consent: The right to withdraw consent where processing is based on consent
• Opt-Out (CCPA): If you are a California resident, you have the right to opt out of the "sale" of your personal information. We do not sell your personal information.

To exercise these rights, please contact us using the information provided in Section 15. We will respond to your request within the timeframes required by applicable law (typically 30 days for GDPR requests, 45 days for CCPA requests).

14. Opt-Out Mechanisms

You have several options to control how your data is collected and used:

14.1 Opt-Out of Analytics Tracking

To opt out of PostHog analytics tracking, you can contact us at pierre@my-typo.com and request to opt out of analytics.

14.2 Disable Cookies

You can disable cookies through your browser settings. However, disabling essential cookies (such as authentication cookies) may prevent you from using certain features of the Service. See Section 7 for more information about managing cookies.

14.3 Account Deletion

You can request deletion of your account at any time by contacting us. Upon account deletion, we will delete your personal information except where retention is required by law. Note that some information may remain in backup systems for a limited period before permanent deletion.

14.4 Data Export

You can request a copy of your personal data in a structured, machine-readable format. Contact us to initiate a data export request.

15. Supervisory Authority and Complaint Rights

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with data protection laws, you have the right to lodge a complaint with your local data protection supervisory authority if you believe that our processing of your personal information violates applicable data protection laws.

European Economic Area: You can find your local data protection authority at the European Data Protection Board website.

United Kingdom: The Information Commissioner's Office (ICO) is the UK's supervisory authority. You can contact them at ico.org.uk.

United States (California): California residents can file complaints with the California Attorney General's Office regarding CCPA violations.

We encourage you to contact us first if you have any concerns about our data practices, as we are committed to resolving any issues directly with you.

You also have the right to seek a judicial remedy if you believe your rights have been violated, regardless of whether you have lodged a complaint with a supervisory authority.

16. Children's Privacy

My Typo is not intended for use by children under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at pierre@my-typo.com, and we will take steps to delete such information.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated Privacy Policy on this page
• Updating the "Last Updated" date at the top of this policy
• Sending you an email notification if the changes are significant (if you have provided an email address)

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

18. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, or if you wish to exercise your rights regarding your personal information, please contact us at pierre@my-typo.com.

We aim to respond to all privacy-related inquiries within 30 days, in accordance with applicable data protection laws.