Security
Last updated: November 05, 2025
This page summarizes how we secure the platform, how your data flows through the system, and how we handle incidents and retention. If you have a security question or need to report a vulnerability, email[email protected].
Quick Facts
- Primary hosting & storage: United States
- Data isolation: Account-scoped database Row-Level Security (RLS)
- Encryption: TLS in transit; provider encryption at rest (AES-256 equivalent)
- AI use: Inference only; no model training; provider retention disabled/limited (seeAI Data Use)
- Default deletion: Uploads & pipeline logs ≤ 24 hours; Generated outputs 90 days
- Manual deletion: Any time from your dashboard.
- Incident notice: We notify affected customers within 48 hours of a confirmed security incident
- Data Scopes: Customer Content (files/prompts/outputs) and Customer Account Data (identities, emails, org membership/roles).
- Subprocessors: Listed with 15-day change notices atSubprocessors
Our Infrastructure
We use reputable cloud providers with strong baseline security:
- Application hosting: Render
- Database: Supabase (managed Postgres) with Row-Level Security (RLS) on all tables
- Object storage: Cloudflare R2 for uploaded files, logs, and generated outputs
- Authentication: Clerk
- Business operations: Google Workspace (email), Paddle (payments as Merchant of Record)
Primary compute, database, and object storage are located in the United States. AI model providers used for extraction may operate globally (details below).
High-Level Data Flow
All network flows use TLS. Primary hosting, database, and object storage are in the United States.
User Browser (authenticated via Clerk)
Web App (Render — server-side orchestration)
Verifies auth and issues time-limited pre-signed upload URLs
Writes initial task/account metadata to Database (Supabase — Row-Level Security, account-scoped)
User Browser — uploads files directly to Object Storage (Cloudflare R2) using the pre-signed URLs
Backend Processing Pipeline (Render)
• Object Storage (Cloudflare R2) — reads uploads; writes output file and short-lived pipeline logs
• Database (Supabase) — reads/writes task & account metadata
• AI Model Providers — inference only (no training; provider retention disabled/limited; global infrastructure possible — see AI Data Use)
Web App — surfaces job status and issues a time-limited pre-signed download link
User Browser — downloads output file directly from R2 via pre-signed URL (authenticated via Clerk)
Security Controls
Encryption
- In transit: TLS 1.2+ for all connections.
- At rest: Provider-managed encryption (AES-256 equivalent) for databases and object storage.
Access Controls & Isolation
- Least-privilege access: Administrative access is limited and monitored.
- RLS everywhere: Database Row-Level Security ensures each account can only access its own records.
- Secrets management: Application secrets are stored securely and rotated when appropriate.
Application Security
- Change management: Code changes are reviewed for security-relevant impact.
- Dependency hygiene: Vulnerabilities are remediated on a risk-based basis.
- Configuration hardening: Environment separation and principle of least privilege.
Logging & Monitoring
- Application and access logs are collected with role-appropriate access controls.
- Pipeline/debug logs are short-lived by design (see Retention below).
Data Retention & Deletion
We retain data only as long as needed to deliver the service or as required by law.
- Source uploads (invoices): deleted within 24 hours after processing completes.
- Processing logs (pipeline/debug): deleted within 24 hours.
- Generated outputs (i.e., spreadsheets): retained for 90 days for re-download, then permanently deleted.
- Manual deletion: You can delete a task at any time from your dashboard; this deletes its files from storage and related task metadata from the database.
Details about privacy rights and additional handling are in our Privacy Policy.
Backups & Continuity
- Database backups: Provider-managed database snapshots (encrypted) with a typical rotation of ~7 days
- Object storage: We do not maintain separate backups of Cloudflare R2 objects; lifecycle deletion is enforced (uploads/logs ≤24h; outputs 90d).
- Continuity: In the event of an outage, we redeploy infrastructure and restore the database from managed backups (where enabled). For long-term retention, export outputs within 90 days.
AI Processing (Extraction Only)
- We use third-party AI model providers (e.g., OpenAI, Anthropic, Google Gemini, providers via OpenRouter) solely to perform invoice data extraction you request.
- We configure providers so your content is not used to train their models.
- Where available, we disable provider retention or rely on short, provider-imposed retention windows for abuse prevention and debugging.
- AI providers may process content in global infrastructure. Primary storage and app hosting remain in the United States.
For full details, see AI Data Use.
Subprocessors
We work with specialized service providers (“Subprocessors”) to deliver the service. We post our current list and provide 15 days’ advance notice of material changes at Subprocessors. If you have a question or concern, contact [email protected].
Incident Response & Notifications
- Detect & assess the issue.
- Contain & eradicate the threat.
- Recover affected systems and data where applicable.
- Notify affected customers without undue delay and within 48 hours of confirming an incident involving Customer Data (Customer Content or Customer Account Data) in our systems.
- Post-incident review and corrective actions.
Report suspected incidents to [email protected].
Vulnerability Disclosure
- Email [email protected] with a description and steps to reproduce.
- Do not access, modify, or exfiltrate data that isn’t yours.
- We’ll acknowledge receipt and work to remediate promptly.
Compliance & Privacy
- Our Privacy Policy explains how we collect, use, and share information and includes US state privacy rights.
- Our Terms of Service govern use of the service.
- The Data Processing Addendum (DPA) applies automatically to business customers who process personal information and accept our Terms. Need a countersigned copy? Email [email protected].
Contact
Privacy & data requests: [email protected]
Security & incident/vulnerability reports: [email protected]
General support: [email protected]