Last Updated: November 10, 2025

Our Privacy Policy

We've written this policy in plain language instead of legal jargon, so you actually understand what data we collect and why.

The Short Version

Three sentences that cover the essentials.

Data is Only Collected Based on What's Needed
We collect your email, name, and uploaded PDFs because the service needs them to work — nothing more. No hidden tracking, no unnecessary data collection.
No Data Selling
We don't sell data to advertisers, data brokers, or anyone else. Your data belongs to you — it's not a product.
Files Deleted After 24 Hours
We keep no backups. After 24 hours, your files are permanently deleted from our servers, without exception.

Who's Behind DocStrata

Data Controller

Ashwin Singh (Individual/Proprietor)

GST Number

27GRMPS5803Q1ZQ

Location

Kalyan West, Maharashtra, India

Contact Email

[email protected]

Questions or concerns about your data? Email us at the address above — every message is read and answered.

What Information We Collect

And why we need it.

1. Account Information (via Google OAuth)
What we collect: Email address, name & Google User ID

Why: An account is required to use DocStrata. We use Supabase to manage authentication and keep your account secure.

How Long: Account information is retained indefinitely, since credits don't expire and the account needs to stay active to hold them. If you request deletion, we'll delete it.
2. IP Addresses
What we collect: Your IP address, when you use our API.

Why: IP addresses are used for rate-limiting — preventing abuse and keeping the service fast and fair for everyone.

How Long: IP addresses are stored short-term, used in real time to monitor for abuse, then discarded.
3. Uploaded Files and Metadata
What we collect: The PDF file, File metadata (helps us know about filename, size, page count), and details of the processing/conversion

Why: The file and its metadata are needed to perform OCR processing — the core service you signed up for.

How long: Files and metadata are stored for 24 hours. After that, everything is permanently deleted from our servers, with no backups kept.

What we do with it: This data is used only for OCR processing. Nobody reads your documents, and the data is never analyzed for other purposes or used to train AI models.
4. Usage Statistics and Credits
What we collect: Number of pages selected to be processed by you, credit usage data, and timestamps.

Why: This data is used for usage history and billing. We know you converted 10 pages on a given day, but not what those pages contained — that data is gone within 24 hours.

How long: Usage data is retained as long as your account is active, since it's necessary for billing and usage tracking.
5. Cookies and Tracking
Essential cookies: Cookies are essential for the site to function appropriately (authentication, session management, security)

Analytics cookies (Google Analytics): These cookies are used to track user sessions, page views, and site interactions. The data is used to improve our tool. However, users can easily opt out by using browser settings or extensions specifically designed for the purpose.

Advertising cookies (Google Ads): The advertising cookies are used to enable retargeting campaigns. This helps us advertise to users who have already visited our website. However, you can disable personalized ads from your Google account settings.

Third-Party Services We Use

Every service that may handle your data, and why.

ServicePurposeWhat They Get
Google OAuthAuthenticationEmail, name, Google user ID
SupabaseAccount databaseEmail, name, usage stats
HetznerFile storage & processingUploaded PDFs (deleted after 24 hours)
Lemon SqueezyPayment processingBilling information, transaction history
Resend.comEmail deliveryEmail address, message content
Google AnalyticsUsage analyticsAnonymized usage data, IP addresses
Google AdsAdvertisingCookie data for retargeting

Your Rights (GDPR, CCPA, & More)

We comply with major global privacy regulations.

Right to Access
Request a copy of all personal data we've collected by emailing us with the subject "Data Access Request." We'll send it within 30 days.
Right to Deletion
Email us with the subject "Account Deletion Request" and we'll delete your account and associated data within 30 days.
Right to Data Portability
Moving to another platform? Email us to get your data in a machine-readable format — JSON or CSV.
Right to Rectification
Most of our data is user-provided, so mistakes happen. Update incorrect account information from your settings, or email us and we'll correct it for you.
Right to Object
If you're not comfortable with any of the data uses described above, email us with the specifics and we'll honor your request.
Right to Withdraw Consent
We ask for your permission to send marketing emails and similar communications. You can withdraw that consent at any time.

How We Keep Your Account & Data Secure

Security measures we have in place.

HTTPS All The Way

We use secure and encrypted connections to transmit data between your browser and servers. We use TLS/SSL for this purpose.

Data is Encrypted

Files stored on our servers, even temporarily, are encrypted at rest.

Automatic File Deletion

Uploaded files are automatically deleted after 24 hours, limiting exposure since the files simply no longer exist on our servers.

Secure Authentication

Authentication runs on OAuth 2.0 via Google, managed through Supabase, and we continue to invest in strengthening security over time.

Note: No system is completely immune to security incidents. If one occurs, we'll act immediately to fix it and notify affected users within 72 hours.

Questions About Your Privacy?

Email us at [email protected]

Put "Privacy" or "Data Request" in the subject line. We usually respond within 24-48 hours, always within 30 days for formal requests.

The Bottom Line

DocStrata was built to solve a problem, not to collect data.

We collect only what we need, protect what we collect, and delete it as soon as its purpose is served.