Security
A transparent overview of how we handle your data, what infrastructure we use, and what we do and do not certify.
Authentication
We support two sign-in methods: email/password and Google OAuth.
Passwords are hashed with bcrypt before storage. We never store plain-text passwords. Session management is handled via NextAuth.js using HTTP-only cookies.
Email verification is required for email/password accounts. Verification codes are sent via Azure Communication Services.
Infrastructure
All infrastructure providers listed above are enterprise-grade cloud services with their own security certifications and compliance programs.
Data handling
Documents you upload are sent to our cloud-hosted OCR engine for text extraction and to an AI language model for layout reconstruction. These services process the data and return results. We do not use your documents for model training or any purpose beyond delivering your processed output.
Exported files (PDF, DOCX) are temporarily stored in Azure Blob Storage with time-limited access URLs. These URLs expire after a short period.
Saved documents in your history are stored in Azure Blob Storage and are subject to auto-deletion. If you do not explicitly save, outputs are only available during your active session.
Account data (name, email, wallet balance, transaction history) is stored in MongoDB (Azure Cosmos DB).
Payment data: We do not store your card numbers, UPI IDs, or bank details. All payment processing is handled entirely by Razorpay.
What we do not have
We want to be upfront about what we do not currently offer:
We are an early-stage product. If your use case requires formal compliance certifications, please evaluate accordingly before uploading sensitive documents.
What we do have
Report a security issue
If you discover a security vulnerability, please report it to [email protected]. We take all reports seriously and will respond promptly.