← Back to DocBench

Privacy Policy

Last updated: March 22, 2026

1. What We Collect

When you use DocBench, we collect:

  • Account information — email address, name, and authentication provider (Google, Microsoft, or email/password).
  • Documents you upload — stored encrypted in cloud storage (AWS S3) and used only to provide the service to you.
  • Chat messages — your questions and the AI-generated responses, stored to maintain conversation history.
  • Usage data — interaction counts and cost estimates for quota enforcement and service improvement.

2. How We Use Your Data

  • To provide the DocBench document analysis and AI assistant service.
  • To authenticate you and maintain your session.
  • To enforce usage quotas and prevent abuse.
  • To improve the service (aggregated, anonymized usage patterns only).

We do not sell your data, use your documents to train AI models, or share your content with third parties except as needed to operate the service (cloud infrastructure providers).

3. Third-Party Services

DocBench uses the following third-party services to operate:

  • Anthropic (Claude) — AI model provider. Your document content and questions are sent to Anthropic's API for processing. See Anthropic's Privacy Policy.
  • Google / Microsoft — OAuth authentication providers (if you use SSO sign-in).
  • AWS S3 — Document and file storage.
  • Neon — Database hosting.

4. BYOK (Bring Your Own Key)

If you provide your own API keys, they are encrypted at rest using AES-128 (Fernet) encryption before storage. We never log, display, or transmit your full API keys. You can remove your keys at any time from your profile settings.

5. Data Retention

  • Guest accounts — automatically deleted after 24 hours of inactivity.
  • Registered accounts — data retained while your account is active. You can delete your workspaces at any time.
  • Document content — deleted when you remove a workspace or source.

6. Your Rights

You can:

  • Delete your workspaces and documents at any time.
  • Remove your API keys from profile settings.
  • Request account deletion by contacting us.

7. Security

We use HTTPS for all connections, encrypt API keys at rest, run agent code in isolated Docker containers, and enforce session-based authentication with HTTP-only secure cookies.

8. Contact

For privacy-related questions, contact us at anton@roibench.com.