Effective 26 April 2026 · public beta
Privacy policy.
Short version: we collect as little as possible, we do not sell anything, your documents are not stored on the public demo, and you can email hello@tdoc.xyz to delete anything we do hold.
1. What we collect
- IP addresses, briefly, for rate limiting and abuse prevention. Logged with a per-request ID, not joined to any account.
- The first 8 characters of an API key in audit logs, so we can correlate requests on a support ticket without ever logging the full key.
- Email addresses you send us at hello@tdoc.xyz. Stored in the inbox; used to reply.
- Plan metadata when paid tiers go live: tier name, subscription id, units used, customer id assigned by the payment processor.
- Anonymous usage analytics if we add them. No PII, no document content, no API key — counts of pageviews and conversion events only. We will update this page when analytics activate and offer a respect for the
Do Not Trackheader.
2. What we do not collect
- Your document content. The public demo at
/v1/try-publicreads, processes, and discards your file in the same request — nothing is written to disk for storage. (Brief temp files for PDF parsing are deleted within milliseconds.) - Browser cookies for tracking. The site uses
localStorageonly to remember your day/night theme preference. - Browser fingerprints, ad identifiers, social-graph data.
3. Where the data lives
The site is served by Cloudflare Pages (Cloudflare's privacy policy applies). The API runs on a Hugging Face Space (their privacy policy applies). When persistence is enabled, plan metadata is stored on a managed Postgres database (Supabase or equivalent — their privacy policy applies). Document content is never persisted by us.
4. International transfers
You may use the service from any country; processing happens at our providers' chosen regions, currently primarily India and Singapore. Cloudflare's edge serves cached responses from a region close to you.
5. Children
The service is not directed at children under 13. Do not use it if you are under 13.
6. Your rights
- You can ask us what data we hold about you. Email hello@tdoc.xyz.
- You can ask us to delete it. We will, within 30 days, unless we need to retain something to defend against fraud or comply with law.
- You can ask us to correct it.
- EU/UK residents have the additional rights afforded by GDPR / UK GDPR — same email.
- California residents have the additional rights afforded by CCPA — same email.
7. Security
See the security page for headers, threat model, and how to report a vulnerability.
8. Changes
We may update this policy; we will post the new version with a new effective date and announce material changes in the GitHub repository.
Last updated: 26 April 2026. If something here is unclear, write to hello@tdoc.xyz and we will fix the wording.