Trust Center

Security and compliance for document intelligence. See how DocLD protects your data and meets enterprise requirements.

Compliance & certifications

SOC 2

SOC 2 Type II audit in progress. Report available on request.

Request report

HIPAA

HIPAA-ready infrastructure. Business Associate Agreement (BAA) available on request.

HIPAA settings · Request BAA

GDPR & data protection

Data Processing Agreements and safeguards for international transfers. See our Privacy Policy for rights and legal bases.

Security practices

Encryption in transit and at rest — TLS for all connections; data at rest encrypted (e.g. S3/R2).
Access controls — Authentication and authorization; access limited to what is needed to operate the service.
Audit logging — Security-relevant events and access to sensitive data are logged for compliance and incident response.
No training on your data — Customer document content is not used to train our or our providers’ models.
Incident response — Procedures for detecting, containing, and notifying in the event of a security incident.

Policies

Subprocessors & data processors

We work with trusted third-party providers who process data on our behalf under contract. All are required to protect your data and use it only for the purposes we specify.

Supabase (Database & Authentication)

Stores user accounts, document metadata, and application data.

Location: EU/US · Privacy Policy

Cloudflare R2 (File Storage)

Stores uploaded documents and generated files.

Location: Global (nearest region) · Privacy Policy

Pinecone (Vector Database)

Stores document embeddings for semantic search.

Location: US · Privacy Policy

OpenAI (AI Processing)

Processes document content for extraction and chat (HIPAA BAA available).

Location: US · Privacy Policy

Data handling summary

Retention: Active accounts — data retained while the account is active; deleted accounts — data removed within 30 days of deletion request; audit logs — up to 2 years where required for compliance.
No model training: Your document content is not used to train models.
Data minimization: We only collect and process what is necessary to provide and improve the service.

Contact

For security questionnaires, compliance requests, audit reports, or Data Processing / BAA requests, contact us:

Crawlog LLC

30N Gould St, Sheridan, WY 82801, USA

hi@docld.com

Compliance & certifications

SOC 2

SOC 2 Type II audit in progress. Report available on request.

Request report

HIPAA

HIPAA-ready infrastructure. Business Associate Agreement (BAA) available on request.

HIPAA settings · Request BAA

GDPR & data protection

Data Processing Agreements and safeguards for international transfers. See our Privacy Policy for rights and legal bases.

Security practices

Encryption in transit and at rest — TLS for all connections; data at rest encrypted (e.g. S3/R2).

Access controls — Authentication and authorization; access limited to what is needed to operate the service.

Audit logging — Security-relevant events and access to sensitive data are logged for compliance and incident response.

No training on your data — Customer document content is not used to train our or our providers’ models.

Incident response — Procedures for detecting, containing, and notifying in the event of a security incident.

Subprocessors & data processors

We work with trusted third-party providers who process data on our behalf under contract. All are required to protect your data and use it only for the purposes we specify.

Supabase (Database & Authentication)

Stores user accounts, document metadata, and application data.

Location: EU/US · Privacy Policy

Cloudflare R2 (File Storage)

Stores uploaded documents and generated files.

Location: Global (nearest region) · Privacy Policy

Pinecone (Vector Database)

Stores document embeddings for semantic search.

Location: US · Privacy Policy

OpenAI (AI Processing)

Processes document content for extraction and chat (HIPAA BAA available).

Location: US · Privacy Policy

Data handling summary

Retention: Active accounts — data retained while the account is active; deleted accounts — data removed within 30 days of deletion request; audit logs — up to 2 years where required for compliance.

No model training: Your document content is not used to train models.

Data minimization: We only collect and process what is necessary to provide and improve the service.