Privacy Policy

    Last updated: March 17, 2026

    1. Introduction

    docbatch.ai ("docbatch.ai", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, retain, and protect your personal data when you access or use our website at docbatch.ai and our document processing platform (collectively, the "Service"). This policy applies to all users of the Service, including visitors, free-tier users, and paying subscribers.

    By accessing or using the Service, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

    2. Data Controller

    For the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws, the data controller responsible for your personal data is:

    • Company: docbatch.ai
    • Email: privacy@docbatch.ai
    • Data Protection Contact: privacy@docbatch.ai

    3. Your Data and AI — Zero-Training Commitment

    Zero-Training Commitment

    We want to be absolutely clear: Your documents are NOT used to train our AI models or the models of our infrastructure providers (including Google Gemini). Documents are processed solely to provide you the requested output. We enforce strict data isolation and retention policies in all processing workflows. Your content is never shared, aggregated, or used for any purpose other than delivering the Service to you.

    4. Information We Collect

    4.1 Information You Provide Directly

    • Account Information: Name, email address, and password when you create an account.
    • Billing Information: Payment card details, billing address, and transaction history, processed securely through Stripe. We do not store full credit card numbers on our servers.
    • Documents: The files you upload for processing. These are stored temporarily and automatically deleted after 7 days, or sooner if you choose to delete them manually.
    • Communications: Information you provide when you contact our support team, submit feedback, or participate in surveys.
    • Profile Preferences: Language settings, notification preferences, and other configuration choices.

    4.2 Information Collected Automatically

    • Usage Data: Pages visited, features used, actions taken, timestamps, frequency and duration of activities.
    • Device Information: Browser type and version, operating system, device type, screen resolution, and unique device identifiers.
    • Log Data: IP address, access times, referring URLs, and pages viewed.
    • Cookies and Similar Technologies: As described in our Cookie Policy.

    4.3 Information from Third Parties

    • Authentication Providers: If you sign in through a third-party service (e.g., Google), we receive your name, email, and profile picture as authorized by you.
    • Payment Processor: Stripe may provide us with transaction confirmations, billing status, and fraud risk indicators.

    5. Legal Basis for Processing (GDPR)

    We process your personal data only when we have a valid legal basis to do so. The applicable bases include:

    • Performance of a Contract (Art. 6(1)(b) GDPR): Processing necessary to provide the Service you requested, manage your account, and process payments.
    • Legitimate Interests (Art. 6(1)(f) GDPR): Processing necessary for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, provided these interests are not overridden by your rights.
    • Consent (Art. 6(1)(a) GDPR): Where you have given explicit consent, for example for marketing communications or non-essential cookies. You may withdraw consent at any time.
    • Legal Obligation (Art. 6(1)(c) GDPR): Processing necessary to comply with applicable laws, regulations, or legal proceedings (e.g., tax, accounting obligations).

    6. How We Use Your Information

    We use your personal data for the following purposes:

    • To provide, operate, maintain, and improve the Service.
    • To process your documents using AI and deliver the results to you.
    • To manage your account, authenticate your identity, and process payments.
    • To communicate with you about service updates, security alerts, and support responses.
    • To send marketing communications (only with your explicit consent, and you can opt-out at any time).
    • To monitor and analyze usage trends and improve user experience.
    • To detect, prevent, and address fraud, abuse, security incidents, and technical issues.
    • To comply with legal obligations and enforce our Terms and Conditions.

    7. Data Sharing and Disclosure

    We do not sell your personal data. We may share your information only in the following limited circumstances:

    • Service Providers: Trusted third-party companies that assist us in operating the Service (e.g., cloud hosting, payment processing, analytics). These providers are contractually bound to process data only on our behalf and in accordance with our instructions.
    • AI Processing Providers: Your documents are sent to Google Gemini API for processing. Google processes this data solely to return results to us and does not use it for training or other purposes, pursuant to our data processing agreement.
    • Legal Requirements: When required by law, regulation, legal process, or governmental request.
    • Protection of Rights: To protect the rights, property, or safety of docbatch.ai, our users, or the public.
    • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, in which case your data may be transferred as part of that transaction. We will notify you of any such change.

    8. International Data Transfers

    Your personal data may be transferred to and processed in countries outside your country of residence, including the United States, where our servers and service providers are located. These countries may have data protection laws that differ from the laws of your country.

    When we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure appropriate safeguards are in place, including:

    • Standard Contractual Clauses (SCCs) approved by the European Commission.
    • Data processing agreements with all sub-processors.
    • Verification that the recipient provides an adequate level of data protection.

    9. Data Security

    We implement industry-standard technical and organizational measures to protect your personal data, including:

    • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2+ (HTTPS).
    • Encryption at Rest: Stored data is encrypted using AES-256 encryption.
    • Infrastructure: Our servers are hosted on SOC 2 Type II certified cloud providers.
    • Access Controls: Strict role-based access controls and multi-factor authentication for all internal systems.
    • Monitoring: Continuous security monitoring, logging, and alerting for anomalous activity.
    • Incident Response: We maintain an incident response plan and will notify affected users and relevant authorities of any data breach within the legally required timeframes (72 hours under GDPR).

    While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

    10. Data Retention

    • Uploaded Documents: Automatically deleted 7 days after upload, or immediately upon your request.
    • Account Data: Retained for as long as your account is active. Upon account deletion, personal data is removed within 30 days, except where retention is required by law.
    • Billing Records: Retained for up to 7 years to comply with tax and accounting obligations.
    • Log Data: Retained for up to 12 months for security and operational purposes, then anonymized or deleted.
    • Cookie Consent Records: Retained for the duration required to demonstrate compliance (up to 3 years).

    11. Your Rights

    Depending on your jurisdiction, you may have the following rights regarding your personal data:

    • Right of Access (Art. 15 GDPR): Request a copy of the personal data we hold about you.
    • Right to Rectification (Art. 16 GDPR): Request correction of inaccurate or incomplete data.
    • Right to Erasure (Art. 17 GDPR): Request deletion of your personal data ("right to be forgotten").
    • Right to Restrict Processing (Art. 18 GDPR): Request that we limit the processing of your data in certain circumstances.
    • Right to Data Portability (Art. 20 GDPR): Receive your data in a structured, commonly used, machine-readable format.
    • Right to Object (Art. 21 GDPR): Object to processing based on legitimate interests or for direct marketing purposes.
    • Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
    • Right to Lodge a Complaint: File a complaint with your local data protection authority if you believe your rights have been violated.

    To exercise any of these rights, please contact us at privacy@docbatch.ai. We will respond to your request within 30 days. You can also export your data directly from your dashboard at any time.

    12. Children's Privacy

    The Service is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly. If you believe a child has provided us with personal data, please contact us at privacy@docbatch.ai.

    13. Automated Decision-Making

    Our Service uses AI to process your documents and extract data. This processing is performed to fulfill the service you requested and does not involve automated decision-making that produces legal effects or similarly significantly affects you. The output of our AI processing is provided for your review and you maintain full control over how to use or act upon the results.

    14. Third-Party Links

    The Service may contain links to third-party websites or services that are not operated by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites. We encourage you to review the privacy policy of every site you visit.

    15. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date and, where required by law, by sending you an email notification. Your continued use of the Service after such changes constitutes acceptance of the updated policy. We encourage you to review this page periodically.

    16. Contact Us

    If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

    • Email: privacy@docbatch.ai
    • General Inquiries: hello@docbatch.ai

    We aim to respond to all privacy-related inquiries within 30 days.

    Featured on There's an AI for that docbatch.ai on SaaSHub