At Smartes, we know that trust is everything when it comes to handling your data. Our OCR for NetSuite processes important business documents like purchase orders, invoices, and sales orders — and these often contain personal data. The General Data Protection Regulation (GDPR) requires us to protect that data — and doing so is more than good practice.
That’s why we designed Smartes OCR to be a GDPR friendly OCR solution. We minimize what data we handle, store it only briefly, and secure it with strong technical and organizational measures — giving you automation without sacrificing compliance.
Why Data Privacy Is Important to Us
Our mission is to automate document processing without ever compromising on security or privacy. We understand that when you entrust us with data, you expect us to:
- Keep it safe from unauthorized access or misuse.
- Use it only for the purpose you intended.
- Delete it when it’s no longer needed.
- Support your compliance obligations under GDPR.
That’s why we designed Smartes OCR with short data retention windows, minimal permanent storage, and clear accountability. For us, data privacy isn’t an afterthought — we bake it into our GDPR friendly OCR solution.
How Smartes OCR Handles Your Data
We keep things simple, and we keep them transparent:
- Temporary metadata: Stored only while a document is being processed. Automatically deleted within 2 hours.
- System logs: Retained for 30 days to troubleshoot errors and support operations. Automatically expire after that.
- Billing metadata: We permanently store just the document name and job ID, nothing else, to track usage.
- Core documents and personal data: Always remain in your NetSuite account, which is your system of record.
In other words, we don’t keep your customer or supplier data outside of NetSuite.
GDPR Principles We Follow
The GDPR sets out seven guiding principles for data protection. We’ve built Smartes OCR to align with them and ensure we remain a GDPR friendly OCR platform:
- Lawfulness, fairness, transparency: Our processing is based on your business need (contract or legitimate interest), and we explain what data we handle and why.
- Purpose limitation: Data is used only for OCR extraction and NetSuite automation. We don’t repurpose or resell it.
- Data minimization: We only capture fields needed for transaction automation. We limit permanent storage to metadata.
- Accuracy: OCR output is mapped directly into NetSuite, where you remain in full control to correct errors.
- Storage limitation: Metadata expires after 2 hours; logs after 30 days. Nothing is kept indefinitely.
- Integrity and confidentiality: TLS encryption in transit, encryption at rest, and strict access controls keep data secure.
- Accountability: We maintain processing records, enforce retention policies, and provide transparency to regulators and customers alike.
How Does Smartes OCR Comply With GDPR?
GDPR applies to any organization that processes personal data of individuals in the EU, UK, EEA, or Switzerland. Here’s how our GDPR friendly OCR solution aligns with GDPR requirements:
- Data minimization: We only capture what’s necessary to automate NetSuite transactions.
- Storage limitation: Metadata and logs are automatically deleted; no indefinite retention.
- Transparency: Our privacy policy clearly explains what we collect, why, and how long we keep it.
- Security: Data is encrypted in transit (TLS) and at rest. Role-based access controls and audit logging are in place.
- Rights support: We enable you to meet data subject requests, from access to erasure.
- Accountability: We maintain processing records and policies, and we can demonstrate compliance if regulators ask.
Even though our infrastructure may use global providers, we implement GDPR-approved safeguards like data minimization, encryption, and contractual commitments.
GDPR Compliance: Our Responsibilities vs. Your Responsibilities
GDPR makes a clear distinction between the roles of data controllers (that’s you) and data processors (that’s us).
- You, the customer, are the data controller.
You decide what data goes into NetSuite, why it’s processed, and how long you retain it. - We, Smartes OCR, act as a data processor.
We process data on your behalf and according to your instructions.
Our GDPR Responsibilities
- Keep data safe: Encryption, access controls, monitoring.
- Tell you about problems: Incident response plans meet GDPR’s 72-hour breach notification rule.
- Support your compliance: Short retention windows, exportable metadata, deletion by design, trained support staff.
Your GDPR Responsibilities
As the controller, you remain responsible for:
- Choosing a lawful basis for processing (contract or legitimate interest).
- Informing your customers and suppliers how their data is used.
- Handling data subject access requests (DSARs), with our support as needed.
- Defining your retention policies inside NetSuite.
Security and Data Subject Rights
Security is one of the cornerstones of being a GDPR friendly OCR solution. We apply strong safeguards while also helping you uphold individual rights.
Security
- Encryption: TLS for data in transit; AES for logs and metadata at rest.
- Access controls: Role-based, least privilege, and multi-factor authentication for high-risk systems.
- Monitoring: Audit logs to track who accessed what.
- Testing: Regular vulnerability scans and internal security reviews.
- Incident response: Documented playbooks to ensure timely detection, containment, and reporting.
Data Subject Rights
We help you honor requests such as:
- Access: We can provide the metadata we process.
- Rectification: You can correct OCR-mapped data in NetSuite.
- Erasure: Temporary data automatically deletes on schedule.
- Portability: Billing metadata exportable in machine-readable formats.
- Restriction/objection: You control when processing happens, since we act only on your instructions.
Together, these measures protect your customers’ and suppliers’ personal data and uphold their rights.
What This Means for You
Using Smartes OCR doesn’t replace your GDPR responsibilities as a controller, but it makes compliance much easier. By minimizing what we store, deleting it quickly, securing everything, and supporting data subject rights, we reduce your compliance burden and give you peace of mind.
GDPR is about protecting people’s rights while enabling businesses to operate responsibly. At Smartes, we believe automation and compliance go hand in hand. By choosing a GDPR friendly OCR solution like Smartes OCR, you get the best of both worlds: automation that saves time and compliance features that keep your data safe. Contact us to learn how you can install this solution in your NetSuite environment.