DocRisk
Back to Home

Privacy Policy

Last updated: December 3, 2025

Important: DocRisk provides AI-powered document analysis for informational purposes only. This is NOT legal advice.

This Privacy Policy explains how DocRisk collects, uses, and protects your information. By using our service, you agree to this policy.

For the purposes of the General Data Protection Regulation (GDPR), DocRisk acts as the data controller of your personal data.

What We Collect

Account Information

When you sign in with Google, we receive your email address and name.

Documents You Upload

Documents are processed by AI to generate analysis. We do not store your uploaded documents — they are processed in memory and immediately discarded after analysis. Only the analysis results are saved.

Important: We do not use your uploaded documents to train our AI models, nor do we retain them beyond the immediate processing required to generate your report.

Analysis Results

For anonymous users, reports are retained temporarily and automatically deleted after 7 days. For authenticated users, reports are stored and linked to your account so you can access them later (see Data Retention below).

Payment Information

Payments are processed by Stripe. We do not store your credit card details — Stripe handles this securely.

Usage Data

We collect basic analytics like pages visited and device information to improve the service.

How We Use Your Data

  • Provide document analysis and generate reports
  • Process payments and manage your account
  • Send important service communications
  • Improve the service and fix issues

Third-Party Services

We use the following services to operate DocRisk:

  • Multiple AI Providers — Powers document analysis
  • Stripe — Handles payments securely
  • Google — Authentication (sign-in)
  • Supabase — Database infrastructure

These providers act as our data processors and process personal data solely based on our instructions and applicable data processing agreements.

AI providers process documents only transiently for the purpose of generating the requested analysis and do not retain, reuse, or train models on user documents.

Data Retention

  • Anonymous reports: Automatically deleted after 7 days
  • Paid/authenticated reports: Retained for up to 2 years, then automatically deleted. You can delete your reports anytime from your dashboard.
  • Uploaded documents: Processed and immediately discarded (not stored)
  • Account data: Kept while your account is active; deleted upon request

Your Rights

You can:

  • Access your data by contacting us
  • Delete your account and associated data
  • Export your reports (download as PDF)

To exercise these rights, email us at [email protected]. We will respond to verified data protection requests within 30 days as required by applicable law.

For EU Users (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing

We process your data based on: (a) your consent (for analytics cookies), (b) contract performance (to provide the service you requested), and (c) legitimate interests (to improve our service and prevent fraud).

Your GDPR Rights

  • Right to access — Request a copy of your personal data
  • Right to rectification — Request correction of inaccurate data
  • Right to erasure — Request deletion of your data
  • Right to data portability — Receive your data in a structured, machine-readable format
  • Right to restrict processing — Request that we limit how we use your data
  • Right to object — Object to processing based on legitimate interests
  • Right to withdraw consent — Withdraw consent at any time where processing is based on consent

International Transfers

Your data may be processed by third-party services (AI providers, Stripe, Supabase) located outside the EEA. Where personal data is transferred outside the EEA, we rely on the European Commission's Standard Contractual Clauses or applicable adequacy decisions pursuant to Articles 45 and 46 GDPR.

Automated Decision-Making

DocRisk performs automated processing of uploaded documents to generate informational risk assessments. These results do not produce legal effects or similarly significant impacts within the meaning of Article 22 GDPR. Users remain fully responsible for all decisions.

Complaints

If you believe we have violated your data protection rights, you have the right to lodge a complaint with your local data protection supervisory authority.

Cookies

We use essential cookies for authentication and session management. With your consent, we also use analytics cookies to improve our service. We do not use advertising or third-party tracking cookies.

For detailed information about the cookies we use and how to manage them, see our Cookie Policy.

Security

We use industry-standard security measures including encryption (HTTPS/TLS) and secure authentication to protect your data.

Children

DocRisk is not intended for users under 18. We do not knowingly collect information from children.

Changes to This Policy

We may update this policy occasionally. Significant changes will be communicated via email or notice on the website.

Contact

Questions? Email us at [email protected]