Privacy Policy

Last updated: February 26, 2026

At TrackDocsAI, we take your privacy seriously. This policy explains how we handle your data.

1. Data We Collect

We collect the minimum amount of data necessary to provide our service:

  • Files: The documents, invoices, and receipts you upload for analysis.
  • Extracted Data: Information extracted from your documents (e.g., vendor names, amounts, due dates).
  • Questions: The questions you ask the AI about your documents.
  • Account Data: We store your name and email address provided via Google OAuth or standard registration.

2. Payment Information

When you subscribe to a paid plan, your payment information (such as credit card numbers) is processed directly by our payment processor, Stripe, Inc.. We do not store or have access to your full credit card details on our servers. Stripe handles your data according to their own privacy policy and PCI-DSS standards.

3. How We Use Your Data

Your documents are used exclusively for generating answers to your questions and extracting financial data for your dashboard. We do not train our AI models on your private documents.

4. Third-Party Services

We share necessary data with the following service providers to operate our platform:

  • AI Models: We use Large Language Models (LLMs) (e.g., OpenAI, xAI) to analyze documents. Your data is shared via API only for processing and is not used to train their global models.
  • Payment Processors: Stripe (for billing and secure subscription management).
  • Cloud Infrastructure: NeonDB (Database) and Wasabi (Encrypted Storage).

4.1 Subprocessor Transparency

Current subprocessors and their operational purpose:

  • OpenAI and xAI: AI processing for extraction and Q&A.
  • Stripe: payment and subscription processing.
  • Neon: managed PostgreSQL database hosting.
  • Wasabi: encrypted object storage for uploaded files.
  • Postmark: transactional emails (verification/critical notifications).
  • Cloudflare Turnstile: signup bot protection and abuse prevention.

Some processors may store or process data in regions outside your country. We limit transfer scope to what is needed to provide the service and keep a processor register and DPA review process.

5. Cookies and Similar Storage

TrackDocsAI currently uses only strictly necessary cookies/storage for security and core functionality (for example, login/session continuity and OAuth CSRF protection).

We do not run marketing or analytics cookies by default. If optional analytics is enabled in the future, it will be loaded only after your explicit opt-in.

6. Data Retention

We keep your files for as long as you have an active account or until you delete them. You can delete your documents at any time via the Documents dashboard.

7. Security

We use industry-standard encryption (AES-256) to protect your data while stored, and SSL/TLS for all data in transit. Access to documents is strictly isolated per user.

8. Contact Us

If you have any questions about this Privacy Policy, please contact us at info@trackdocsai.com.