Privacy Policy

Introduction

At PrivateDocs AI, we are committed to protecting your privacy and ensuring zero data leakage. This Privacy Policy explains how we collect, use, and safeguard your information when you use our desktop software and related services.

PrivateDocs AI is a fully local desktop application. We do not collect, process, store, or transmit your documents, PDFs, or chat history to our servers or to any third-party AI provider. All AI inference, embedding, and vector storage happens strictly on your own hardware.

Our core principle is simple: your data belongs to you. We have designed PrivateDocs AI so that your sensitive documents and communications remain completely private and resident on the machines you control.

Information We Collect

Account Information (Required)

We collect only the minimum necessary information to create and maintain your software license:

• Email address (for account authentication and license communication)
• Password hash (handled and stored securely via our authentication provider, Supabase)
• Basic billing metadata (e.g., name, country, and the last 4 digits/expiration of your card), processed and stored by Stripe
• License status and purchase history (e.g., whether you have an active lifetime license)

What We DO NOT Collect

Critical: We explicitly DO NOT collect, store, or have access to:

• Your uploaded documents or files
• Your chat conversations or queries
• The content of your AI-generated responses
• Any personally identifiable information (PII) contained in your documents

All document processing occurs on your own device. We never receive, inspect, or retain the content you process in PrivateDocs AI.

Desktop Application & Local Mode

PrivateDocs AI is delivered as a local desktop application. All AI inference, vector storage, and document processing run on your own device. We do not operate a cloud-hosted version of the product.

Data you process (including uploaded documents, vector embeddings, and conversation history) is stored only in your platform user data directory (for example, on Windows %APPDATA%/PrivateDocsAI/data, on macOS ~/Library/Application Support/PrivateDocsAI/data, on Linux ~/.local/share/PrivateDocsAI/data). We do not collect, access, or retain any of this data.

How We Use Information

We use the limited information we collect solely for:

• Account Management: Creating and maintaining your PrivateDocs AI account and authenticating your access to the desktop app
• Billing & Licensing: Processing one-time license payments and maintaining basic billing records
• Customer Support: Responding to your inquiries and providing technical assistance
• Legal Compliance: Meeting regulatory requirements (e.g., tax and accounting obligations) and responding to lawful requests

We do not use your information for marketing, advertising, or selling to third parties.

Data Security

Security is the foundation of our service. We design PrivateDocs AI so that sensitive content stays on your machines, and we protect the minimal account and billing data we do handle:

Local-Only Architecture

PrivateDocs AI runs 100% locally on your own hardware. Your data, documents, and chat history never leave your device. We do not use cloud compute or storage for AI inference. All AI models, indexes, and storage run on your local machine.

On-Device Security

• 100% Data Residency: Your documents, vectors, and chat history never leave your hard drive. Zero data is transmitted to the cloud. Data at rest is protected by native OS-level Full Disk Encryption (macOS FileVault or Windows BitLocker).
• Offline-capable: After initial activation and license verification, the app can run without an internet connection; core AI features do not require network access.
• Trial & license tokens: Trial periods and lifetime licenses are enforced via signed tokens validated locally.

Account & Billing Data Security

• Authentication: We rely on Supabase to store password hashes and manage sign-in securely.
• Payments: All payment card data is handled directly by Stripe; we never see or store full card numbers.
• Transport: When your desktop app communicates with our APIs for activation or license checks, data is protected using industry-standard TLS encryption.

Data Retention

Our data retention policies reflect our commitment to minimal data collection:

• Account Information: Retained for as long as you maintain an active PrivateDocs AI account and for a reasonable period thereafter, unless you request deletion earlier.
• Billing Records: Maintained for as long as required to comply with tax and financial regulations (typically up to 7 years).
• Document & Chat Data: Stored only on your local device. We never receive copies and therefore do not retain or delete them on your behalf.

Upon account cancellation, we will delete or anonymize the account and billing data we control within a reasonable period, subject to legal retention requirements.

Your Rights

You have comprehensive rights regarding your personal information:

• Right to Access: Request a copy of all personal data we hold about you
• Right to Rectification: Update or correct inaccurate information at any time
• Right to Deletion: Request immediate deletion of your account and all associated data
• Right to Data Portability: Export your account information in a machine-readable format
• Right to Restrict Processing: Limit how we use your information
• Right to Object: Object to certain types of data processing
• Right to Withdraw Consent: Revoke previously granted permissions at any time

To exercise any of these rights, contact us at privacy@privatedocsai.ai. We will respond within 30 days.

Third-Party Services

We use a limited number of trusted third-party services to operate our business:

Third-Party Infrastructure & Subprocessors

• Compute & Storage: In the current local-only deployment model, AI inference and storage run entirely on your own hardware. We do not rely on third-party cloud compute or storage providers for AI workloads.
• Payment Processing: Stripe (for secure payment handling; they do not have access to your documents)
• Email Delivery: Transactional email service for account notifications

Important: Your document content and chat data never touch any third-party AI or analytics services, including:

• OpenAI, Anthropic, or other public AI providers
• Third-party analytics or tracking services

All AI processing happens on dedicated, isolated infrastructure under our exclusive control, and we never use your documents or chat transcripts to train any cloud, hosted, public, or third-party models.

Compliance & Certifications

PrivateDocs AI is designed to meet the strictest regulatory requirements while running entirely on your own hardware. Because your data, documents, and chat history never leave your devices, you can align our local-only deployment model with your existing compliance, data residency, and security controls.

We support organizations implementing GDPR, HIPAA, CCPA/CPRA, and industry-specific frameworks by ensuring that AI inference and storage remain local-first and under your direct operational control, without reliance on third-party cloud providers for core AI processing.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. When we make significant changes:

• We will update the "Last updated" date at the top of this page
• We will notify you via email at least 30 days before changes take effect
• We will maintain an archive of previous versions for your reference

Your continued use of PrivateDocs AI after changes take effect constitutes acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: