Sign in Start free

LEGAL

Privacy Policy

How dOCR, Inc. collects, uses, and protects information.

This Privacy Policy is a template provided as a starting point and is not legal advice. dOCR, Inc. should have it reviewed by qualified counsel before relying on it.

Last updated: June 21, 2026

1. Introduction

This Privacy Policy explains how dOCR, Inc. (“dOCR”, “we”, “us”, or “our”) collects, uses, discloses, and safeguards information when you use the dOCR document-extraction service, our websites, dashboard, and API (collectively, the “Services”). By using the Services, you agree to the practices described here.

2. Information we collect

We collect information in the following ways:

  • Account information. When you create an account, we collect identifiers such as your name, email address, and organization details. Authentication is handled through our identity provider, Clerk.
  • Documents and extracted data. When you upload a document for extraction, we process the file and the structured data we extract from it in order to provide the Services.
  • Billing information. Payments are processed by Stripe. We do not store full payment card numbers on our own systems.
  • Usage and technical data. We collect logs, device and browser information, IP addresses, and usage metrics to operate, secure, and improve the Services.

3. How we use information

We use information to provide and maintain the Services, perform document extraction, authenticate users, process payments, meter usage and allowances, communicate with you, prevent abuse, comply with legal obligations, and improve our product.

4. Document processing and AI models

Document extraction is performed using optical character recognition and large language models accessed through Vercel AI Gateway, including Claude Opus 4.8 and Gemini 3 Flash. Documents and extracted data are processed to fulfill your extraction requests. We do not use your documents to train third-party foundation models.

5. Service providers

We rely on third-party providers to operate the Services, including Clerk (authentication), Stripe (payments), Cloudinary (file storage and processing), Vercel AI Gateway (model routing), and MongoDB (data storage). These providers process information on our behalf under their own terms and safeguards.

6. Data retention

We retain documents, extracted data, and account information for as long as your account is active or as needed to provide the Services, then delete or anonymize it in accordance with our retention practices and applicable law. You may request deletion of your data as described below.

7. Security

We protect the Services with measures including scoped API keys, HMAC-signed webhooks, optional IP whitelisting, encryption in transit, and role-based access for teams. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Your rights

Depending on your location, you may have rights to access, correct, export, or delete your personal information, and to object to or restrict certain processing. To exercise these rights, contact us using the details below.

9. International transfers

We may process and store information in countries other than where you live. Where required, we put appropriate safeguards in place for such transfers.

10. Children’s privacy

The Services are not directed to children, and we do not knowingly collect personal information from children.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above and, where appropriate, provide additional notice.

12. Contact us

Questions about this Privacy Policy can be sent to privacy@docr.dev or through our Contact page.