Legal

Privacy Policy

Last updated: March 7, 2026

Documentric (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains what personal information we collect, how we use it, and your rights with respect to it. By using our Service you agree to this policy.

1. Information We Collect

1.1 Information you provide

  • Account information: email address, name, and password when you sign up.
  • Payment information: billing details collected and stored by Paddle (our payment processor). We never store full card numbers.
  • Documents: PDF files, images, and other documents you upload for processing.
  • Communications: messages you send to our support team.

1.2 Information collected automatically

  • Usage data: pages visited, features used, processing history, and export counts.
  • Device fingerprint: a hashed identifier derived from browser properties (user agent, language, screen resolution, timezone) used to manage anonymous usage quotas. This is stored in your browser's localStorage and never linked to your identity without your consent.
  • Log data: IP address, browser type, referring URL, and timestamps, retained for up to 30 days for security and debugging purposes.
  • Cookies: session cookies required for authentication. We do not use third-party advertising cookies.

2. How We Use Your Information

  • To provide, maintain, and improve the Service.
  • To process your uploaded documents and return extracted data.
  • To manage your account, billing, and subscription via Paddle.
  • To send transactional emails (receipts, usage alerts, plan changes). We do not send marketing emails without your explicit consent.
  • To detect and prevent fraud, abuse, and security incidents.
  • To comply with legal obligations.

3. Data Retention

Uploaded documents and extracted data are retained according to your plan and then permanently deleted:

PlanDocument & data retention
Free (anonymous)24 hours
Free (signed in)24 hours
Starter30 days
Professional90 days
Business1 year

Account information is retained while your account is active and for up to 90 days after deletion to handle disputes. You may request earlier deletion (see Section 7).

4. How We Share Your Information

We do not sell your personal data. We share information only with the following sub-processors, each of whom is contractually obligated to protect it:

ProcessorPurposeLocation
SupabaseDatabase, authentication, file storageUSA (AWS)
PaddlePayment processing, billing, tax complianceUK / global
Microsoft AzureAI document extraction (Azure Document Intelligence)USA / EU
LlamaIndex (LlamaParse)Fallback PDF text extractionUSA
VercelApplication hosting and CDNUSA / global

We may also disclose information if required by law, court order, or to protect the rights, property, or safety of Documentric, our users, or the public.

5. Security

We apply industry-standard security measures including:

  • TLS 1.2+ encryption in transit for all data.
  • AES-256 encryption at rest in Supabase Storage.
  • Row-level security policies so users can only access their own data.
  • Signed, time-limited URLs (1-hour expiry) for document previews.
  • Service-role API keys stored server-side only, never exposed to the browser.

No system is perfectly secure. If you believe your account has been compromised, contact us immediately at support@bankconverter.com.

6. Cookies and Tracking

We use only the following types of cookies:

  • Authentication cookies (Supabase): required for you to stay signed in. These are first-party, session-scoped cookies.
  • localStorage: we store a device fingerprint locally to manage anonymous quotas and user preferences. This data never leaves your browser unless you are making an API request.

We do not use Google Analytics, Facebook Pixel, or any third-party advertising trackers.

7. Your Rights

Depending on your location you may have the following rights under GDPR, CCPA, or similar laws:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request correction of inaccurate data.
  • Deletion: request deletion of your account and associated data.
  • Portability: receive your data in a machine-readable format.
  • Objection / restriction: object to or restrict certain processing.
  • Withdraw consent: where processing is based on consent, withdraw it at any time.

To exercise any of these rights, email us at privacy@bankconverter.com. We will respond within 30 days. We may need to verify your identity before fulfilling the request.

8. International Transfers

Our sub-processors may transfer and process your data in countries outside your own, including the United States. Where required, such transfers rely on Standard Contractual Clauses (SCCs) or other appropriate safeguards approved by the relevant data protection authority.

9. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated policy here and, for significant changes, via email. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact

For privacy-related inquiries:

Documentric — Privacy Team
privacy@bankconverter.com
Terms of ServiceRefund PolicyPricingsupport@bankconverter.com