Privacy Policy for DocExtract

1. Introduction

DocExtract (“we”, “us”, “our”) provides an AI‑powered invoice extraction service. We respect your privacy and are committed to protecting your personal data in accordance with the Information Technology Act, 2000 and the IT Rules, 2023.

2. Definitions

Personal Data: Any information relating to an identified or identifiable individual (e.g. name, email).

Sensitive Personal Data or Information (SPDI): As per IT Rules, 2023, includes financial data (e.g. GSTIN), biometric data, etc.

Payment Data: Info relating to payment transactions — plan, amount, timestamp, IP metadata. Sensitive card data is managed by Razorpay and not stored by DocExtract.

3. Data We Collect

• Account Data: Name, email, password (hashed), profession, optional bio; for businesses: GSTIN, company name.
• Usage Data: Logins, session cookies, usage logs.
• Uploaded Files: Invoice images/PDFs (scanned/handwritten).
• Derived Data: Extracted CSV invoice fields.

4. Purpose of Collection

• Authenticate and manage your account
• OCR + AI-based invoice data extraction
• Feature access based on subscription tier
• Improve and secure services
• Secure payment processing via Razorpay

5. Legal Basis & Consent

Consent is obtained at registration and before uploads. You may withdraw anytime in settings.

6. Cookies & Session Management

Session cookies maintain login state; no personal data in cookies. Disabling may affect usage.

7. Data Sharing & Disclosure

Third‑Party Processors:

• OCR: Tesseract (open source)
• LLM: OpenAI or others
• Storage: Amazon S3, PostgreSQL

Payments: Razorpay (PCI DSS v4.0). Sensitive card info is encrypted and never stored by us.

No selling/renting of data. Disclosure only by law or with consent.

8. Data Retention

Files & CSVs kept until user requests deletion.

Payment Metadata: Retained for up to 7 years (legal compliance).

9. Security Measures

• Encryption at rest (AES‑256) and in transit (TLS 1.2+)
• Firewalls, access control, intrusion detection
• ISO 27001‑aligned audits

10. User Rights

• Access, correct, or update personal data
• Request deletion
• Lodge a grievance (see Section 12)

11. International Transfers

Data stored/processed outside India (e.g. OpenAI) complies with SPDI protections.

12. Grievance Redressal

Email: info@docextract.ai
We respond within 30 days (Rule 7).

13. Updates to This Policy

We’ll notify you of significant changes via email or in‑app.

Contact Us

Email: info@docextract.ai

This Privacy Policy complies with the Information Technology Act, 2000 and the IT Rules, 2023.