Working draft. This page describes how PathReader handles your data today. The final, legally-reviewed Privacy Policy and Data Processing Agreement are in preparation. For pilot-specific terms, see your pilot agreement or contact us.

Data Handling

What happens to the documents and data you put into PathReader.

Policy documents you upload

  • Uploaded PDFs are stored securely in object storage scoped to your workspace.
  • The text extracted from each document is sent to an AI service to propose rule candidates. By default this uses PathReader's AI vendor account.
  • If you provide your own AI provider key (BYOK), that extraction call is made through your own vendor account instead, so your document text is processed under your existing agreement with that vendor.
  • Documents and their rules remain visible only to members of your workspace.

Action checks

  • When an agent action is checked against your policy, the deterministic evaluation runs without an AI model in the decision path.
  • Each check is recorded as an audit entry. By default PathReader stores a summary and a request hash rather than the full action payload.

Retention & deletion

Data retention periods per data type are being finalized as part of the Privacy Policy.

You can request erasure of your workspace data or of an individual user's personal data at any time by contacting your PathReader representative. On an erasure request we remove the workspace's documents, policies, evaluation history, API keys, and stored files, and we scrub personal data from a removed user's records. Erasure requests are fulfilled by PathReader staff (there is no self-serve hard delete) and recorded for our own audit trail.

Questions about data handling? See How It Works or contact your PathReader representative.