Privacy Policy

Last updated: 10 June 2026

1. Who we are

DocAI ("the Service") is operated by Synairo, Poland ("we", "us"). We act as the data controller for personal data processed through the Service. Contact: privacy@synairo.com.

2. What the Service does with your documents

• Uploaded files (PDFs and images) are processed in temporary server storage and deleted immediately after analysis completes. We do not keep the uploaded file unless you use a feature that explicitly stores it.
• Analysis results (extracted fields, document type, OCR text, your corrections) are stored only if you are signed in and save the analysis to your history. Saved results are retained for 90 days and then deleted automatically. You can delete any saved record yourself at any time.
• We never use your documents or extracted data to train AI models, ours or anyone else's.

3. What data we collect

• Account data (if you register): email address, name, and authentication identifiers, managed by our authentication provider Clerk.
• Document data: the content of files you upload, OCR text, and extracted fields — only as described in section 2.
• Usage data: per-account analysis counts, token usage, and timestamps, kept for billing, abuse prevention, and service improvement.
• Anonymous usage limits: for visitors without an account we store a salted hash derived from your IP address and browser identifier, plus a daily counter, to enforce free-tier limits. The raw IP address is not retained beyond this purpose.
• Technical logs: request identifiers, timestamps, status codes, and error events. Logs do not contain your document contents.
• Cookies: only strictly necessary cookies are active by default. Optional categories require your consent via the cookie banner and can be changed at any time.

4. Legal bases (GDPR)

• Performance of a contract (Art. 6(1)(b)) — providing the analysis you request, account management, saved history.
• Legitimate interests (Art. 6(1)(f)) — service security, abuse prevention, rate limiting, error diagnostics.
• Consent (Art. 6(1)(a)) — optional cookies and any future marketing communication.
• Legal obligations (Art. 6(1)(c)) — accounting and tax records for paid plans.

5. Processors and subprocessors

We share data with the following processors, strictly to operate the Service:

• OpenAI (USA) — document images/text are sent to OpenAI's API for field extraction when OpenAI is the active analysis provider. OpenAI's API terms prohibit training on this data.
• OVHcloud (EU) — alternative AI analysis provider and hosting infrastructure.
• Clerk (USA) — authentication and account management.
• Stripe (USA/EU) — payment processing for paid plans. We never see your full card details.

Transfers outside the EEA rely on adequacy decisions (EU–US Data Privacy Framework) or Standard Contractual Clauses, as applicable to each provider.

6. What you should not upload

The Service is intended for business documents (purchase orders, delivery notes, invoices, forms). Please do not upload identity documents, medical records, or other special-category data (GDPR Art. 9); the Service is not designed or certified for them.

7. Retention summary

• Uploaded files: deleted after analysis (minutes).
• Saved analyses: 90 days, or until you delete them.
• Account data: until you delete your account.
• Usage counters and billing records: up to the period required for billing integrity and legal obligations.

8. Your rights

You have the right to access, rectify, erase, restrict, or port your personal data, to object to processing based on legitimate interests, and to withdraw consent at any time. Contact privacy@synairo.com. You may also lodge a complaint with your supervisory authority — in Poland, the President of the Personal Data Protection Office (PUODO).

9. Security

Data is encrypted in transit (TLS). Access to production systems is restricted. Admin interfaces are protected with hashed credentials and session controls. Despite our safeguards, no online service can guarantee absolute security; review extracted results before relying on them.

10. Changes

We will post any changes to this policy on this page and update the date above. Material changes will be announced in the application.