← Back to home

Privacy Policy

How DocPay AI collects, stores, and protects your data.

Last updated: June 2026

Information We Collect

We collect the minimum information necessary to provide DocPay AI's services:

  • Account information: your email address and a password hash used for authentication.
  • Uploaded documents: invoices, receipts, bills, and other business documents you choose to upload.
  • Extracted data: vendor names, amounts, dates, tax details, and other fields automatically extracted from your documents using AI / OCR.
  • Usage metadata: timestamps of uploads, document statuses, and payment tracking entries you create.

Uploaded Documents

Files you upload may contain financial, tax, or business-sensitive information. You retain full ownership and control over your documents.

  • Documents are stored in private Supabase Storage scoped to your user account.
  • No other user can access your files. Storage policies enforce per-user isolation.
  • We do not use your documents to train AI models or for any purpose other than providing the DocPay AI service.
  • You can delete individual documents at any time from within the app.

Email Addresses & Communication

Your email address is used exclusively for authentication, password-reset flows, and account-related notifications.

  • We do not share your email with third-party advertisers or marketers.
  • We may send transactional emails (password resets, security alerts). You cannot opt out of these while maintaining an active account.

Authentication via Supabase

DocPay AI uses Supabase Auth for secure authentication and session management.

  • Passwords are hashed by Supabase using industry-standard algorithms (bcrypt). We never store or see your plain-text password.
  • Sessions are managed via secure tokens with automatic expiration and refresh.
  • Supabase handles authentication infrastructure; their security practices apply to this subsystem. See Supabase Security for details.

Data Storage & Location

All data is stored in Supabase-managed infrastructure with row-level security (RLS) enforced on every database query.

  • Database: PostgreSQL with RLS policies that restrict each user to their own rows.
  • Storage: Private S3-compatible object storage with per-user path isolation.
  • Region: Data resides in Supabase regions. By using DocPay AI, you consent to storage and processing in these regions.
  • Retention: We retain your data as long as your account is active. Deleted documents are removed from storage and the database promptly.

Security Practices

We take the security of your business data seriously.

  • HTTPS only: All communication between your device and our servers is encrypted in transit.
  • RLS: Row-Level Security policies prevent one user from accessing another user's data at the database layer.
  • Signed URLs: Document downloads use short-lived, signed URLs that expire automatically.
  • Input validation: Server-side validation on all API endpoints to prevent injection and abuse.
  • Redirect sanitization: Authentication redirects are validated to prevent open-redirect attacks.

User Rights

You have the following rights regarding your data:

  • Access: View all documents and extracted data associated with your account inside the app.
  • Correction: Edit document details, payment statuses, and reminder dates at any time.
  • Deletion: Delete individual documents or request full account deletion.
  • Portability: Export your data by downloading documents and reports from the app.

Account Deletion

To request complete deletion of your account and all associated data, email us at support@docpay.app. We will process your request within 30 days and confirm once complete.

Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us at: support@docpay.app

DocPay AI
India