← Back to Home

Privacy Policy

Last updated: February 28, 2026

DocuSearch AI ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

DocuSearch AI acts as the data controller for the personal data processed through the Service. For data protection inquiries, contact us at: privacy@docusearch-ai.com

2. Data We Collect

2.1 Account Data

• Email address — used for authentication, communication, and account recovery
• Password — stored as a secure bcrypt hash; we never store or have access to your plain-text password
• Account creation date

2.2 Uploaded Documents

• Documents you upload for OCR processing (PDFs, images, Word files)
• OCR output (markdown text and extracted images)
• Document embeddings stored in our vector database for search functionality

2.3 Usage Data

• Pages processed, queries made, and features used
• Subscription plan and billing history
• Chat conversations with the AI assistant (used only during your active session)

2.4 Technical Data

• Browser type and version
• IP address (server logs)
• Access timestamps

3. How We Use Your Data

Purpose	Legal Basis (GDPR)
Provide OCR, embedding, and chat services	Performance of contract (Art. 6(1)(b))
Account authentication and security	Performance of contract (Art. 6(1)(b))
Send transactional emails (verification, password reset, receipts)	Performance of contract (Art. 6(1)(b))
Send usage alerts and service notifications	Legitimate interest (Art. 6(1)(f))
Usage tracking and billing	Performance of contract (Art. 6(1)(b))
Service improvement and debugging	Legitimate interest (Art. 6(1)(f))
Legal compliance	Legal obligation (Art. 6(1)(c))

4. Third-Party Services

We use the following third-party services to provide the Service:

Service	Purpose	Data Shared
Mistral AI	OCR processing, document embeddings, AI chat	Document content for processing
Qdrant	Vector database for document search	Document embeddings and metadata
Resend	Transactional email delivery	Email address, email content
Dropbox (optional)	Cloud file import (user-initiated)	OAuth tokens, file access as authorized by user

Each third-party service processes data according to their own privacy policies. We only share the minimum data necessary for each service to function.

5. Data Retention

• Account data: Retained while your account is active and for 30 days after deletion
• Uploaded documents and OCR output: Stored until you delete them or close your account
• Document embeddings: Stored until you delete the collection or close your account
• Usage logs: Retained for 12 months for billing and support purposes
• Server logs: Retained for 90 days
• Chat history: Stored in your browser session only; not persisted on our servers

6. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

• Right of Access (Art. 15) — Request a copy of all personal data we hold about you
• Right to Rectification (Art. 16) — Request correction of inaccurate data
• Right to Erasure (Art. 17) — Request deletion of your personal data ("right to be forgotten")
• Right to Data Portability (Art. 20) — Request your data in a structured, machine-readable format
• Right to Restrict Processing (Art. 18) — Request limitation of processing in certain circumstances
• Right to Object (Art. 21) — Object to processing based on legitimate interest
• Right to Withdraw Consent — Where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at privacy@docusearch-ai.com. We will respond within 30 days.

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Passwords are hashed using bcrypt with salt
• Authentication via JWT tokens with limited expiry
• User data is isolated — each user can only access their own documents and collections
• Database access is restricted to the application layer
• Third-party API keys are stored as environment variables, not in code

8. Cookies and Local Storage

We do not use traditional cookies. The Service uses browser localStorage to store:

• Your authentication token (for maintaining your login session)
• Your email address (for display purposes)

This data is stored locally on your device and is not transmitted to third parties. You can clear this data at any time by logging out or clearing your browser storage.

9. International Data Transfers

Your data may be processed by third-party services located outside the European Economic Area (EEA). Where such transfers occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission.

10. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the Service at least 30 days before taking effect. The "Last updated" date at the top indicates when the policy was last revised.

12. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority.

13. Contact

For privacy-related questions or to exercise your data rights:

• Email: privacy@docusearch-ai.com
• General support: support@docusearch-ai.com