Privacy Policy

Last updated: March 12, 2026

1. What Data We Collect

Account information:

  • Name, email address, and hashed password (for email/password accounts)
  • Google profile information (for Google OAuth accounts)

Document metadata only:

  • File names, dates, senders, recipients, file types
  • AI-generated summaries and relevance scores
  • Your review decisions (accepted, rejected, flagged)

What we do NOT store:

  • Email body content or attachments
  • Document file contents
  • Full-text content of any files in your cloud storage

2. How We Use Your Data

  • To authenticate you and manage your account
  • To search your connected accounts for documents matching discovery requests
  • To display document metadata and AI analysis results in your dashboard
  • To export organized document packages to your cloud storage
  • To improve the service and fix bugs (via anonymized error reporting)

3. OAuth Token Security

When you connect your Google or Microsoft account, we store OAuth access and refresh tokens encrypted using AES-256-GCM encryption. Tokens are only decrypted at the moment they are needed to make API calls on your behalf. We request the minimum scopes necessary (read-only access to email and files).

4. AI Processing (Anthropic)

Document content is sent to Anthropic's Claude API for relevance analysis. This processing is transient — Anthropic does not store your data, and content is not used for model training. Anthropic's data handling is governed by their privacy policy. We use their API with zero-retention settings.

5. Data Retention & Deletion

Your data is retained as long as your account exists. You can delete individual cases (which removes all associated data) or delete your entire account from the Settings page. Account deletion permanently removes all your data from our systems, including:

  • Account and profile information
  • All cases and discovery requests
  • All document metadata and review decisions
  • All connected account credentials
  • Subscription and billing information

6. No Selling of Data

We do not sell, rent, or share your personal information with third parties for their marketing purposes. We do not use your data for advertising. Your data is used solely to provide and improve the DiscoverDocs service.

7. Your Rights (CCPA/GDPR)

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Deletion: Request deletion of your personal data (available via Settings)
  • Portability: Request your data in a portable format
  • Correction: Request correction of inaccurate personal data
  • Opt-out: We do not sell personal data, so no opt-out is needed

To exercise any of these rights, contact us at privacy@discoverdocs.app or use the self-service options in your account Settings.

8. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notice. The “Last updated” date at the top reflects the most recent revision.

9. Contact

For privacy-related inquiries, contact us at privacy@discoverdocs.app.