Privacy Policy

Last Updated

April 18, 2026

Information We Collect

DocAssessment collects the following information:

• Documents you upload: PDF, DOCX, images, or text for analysis
• Account information: Email address and password (if you create an account)
• Context information: Optional details about your document and location
• Usage data: How you interact with our service

How We Use Your Information

We use your information to:

• Analyze documents and extract relevant information
• Provide risk assessments and comparisons
• Improve our extraction algorithms
• Provide and maintain the service

Data Retention and Deletion

Auto-Delete: By default, all documents are automatically deleted within 24 hours of upload.

Manual Deletion: You can delete your documents and account at any time.

Anonymous Usage: You can use DocAssessment without creating an account. Documents uploaded anonymously are subject to the same 24-hour auto-delete policy.

Data Security

We implement appropriate security measures to protect your information, including:

• Encryption at rest for stored documents
• Secure HTTP-only cookies for session management
• Secure file handling practices

No AI Training

We do not train AI models on your uploaded documents. Your documents are used solely for providing analysis results to you.

Third-Party Services

We use third-party services to operate our platform, including:

• OpenRouter (AI gateway): Routes AI explanation and summary requests to large-language-model providers (which may include OpenAI, Anthropic, Google, and others). OpenRouter and the downstream model provider receive only pre-extracted structured data from your documents — never the raw document files.
• Amazon Web Services (AWS S3): Temporary document storage with server-side encryption. Documents are automatically deleted within 24 hours of upload.
• Amazon Web Services (AWS SES): Transactional email delivery for receipts, report access links, password reset, and email-change confirmations.
• Amazon Web Services (AWS Lambda + API Gateway): Receives contact form submissions and relays the message to our support inbox via AWS SES.
• Vercel: Application hosting and content delivery network (CDN).
• Upstash: Redis-based queue processing for asynchronous document analysis jobs, and IP-keyed rate-limiting for account quotas.
• Arcjet: Security layer that applies bot detection, WAF shielding, and IP-based rate limiting on AI and authentication endpoints. Arcjet receives request metadata (IP address, headers, method, path) to make access decisions.
• Sentry: Server-side error monitoring. When an unexpected error occurs, technical context about the request (URL, status, stack trace, and in some cases IP address) is sent to Sentry so we can diagnose and fix the issue.
• PayPal: Payment processing for credit pack purchases.
• Google Analytics 4: Aggregate usage analytics (page views, session duration, referrer) to help us improve the product. IP addresses are anonymised by GA4 by default. You can opt out by using your browser's Do Not Track or Global Privacy Control settings, or by installing the Google Analytics Opt-out Browser Add-on.

These services have access to your information only as necessary to perform their functions.

Your Rights

You have the right to:

• Access your personal information
• Correct inaccurate information
• Delete your account and associated data
• Opt out of communications

Children's Privacy

DocAssessment is not intended for children under 18. We do not knowingly collect information from children under 18.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page.