Privacy Policy

Last updated: April 3, 2026

1. Data Controller

Aimé Yonkeu
Contact: support@doc-pilot.app

2. What Data Is Processed?

Account data: Email address and password (encrypted via Supabase Auth).

Documents: Documents you upload or scan (PDFs, photos). Stored in Supabase Storage, accessible only to your account.

Analysis results: Extracted text, classification, summary, draft reply. Stored in your personal database.

Metadata: Document title, category, tags, deadlines, folder assignments.

3. How Is Data Processed?

  • OCR: Photos are sent to Google Cloud Vision API for text recognition. Only the extracted text is stored.
  • AI Analysis: Extracted text (max 6000 chars) is sent to OpenAI API. OpenAI does not use API data for model training (API Data Usage Policy).
  • Storage: All data is stored in Supabase (database + storage), protected by Row Level Security (only you can access your data).
  • Synchronization: Your data is synced between the mobile app and web app, so you can access it from both platforms.

4. Data Security

  • Encrypted transmission: All data is transmitted via TLS/HTTPS.
  • Server-side encryption: Supabase encrypts all data at rest (AES-256).
  • Access control: Row Level Security (RLS) ensures each user can only see and edit their own data.
  • API keys: All API keys (OpenAI, Google Cloud Vision) are stored server-side and not visible to users.
  • Authentication: Secure authentication via Supabase Auth with encrypted password storage.

5. Third-Party Services

  • Supabase (Auth, Database, Storage) – EU servers available, GDPR compliant
  • Google Cloud Vision (OCR) – for text recognition from photos
  • OpenAI (AI Analysis) – for document analysis. API data is not used for model training.
  • RevenueCat (In-App Purchases) – for subscription management
  • Vercel (Web App Hosting) – for the web application

6. Multi-Platform Availability

DocPilot is available as a mobile app (Android) and a web app. Your data is automatically synced between both platforms. You can access your documents from any device.

7. Your Rights (GDPR)

  • Access: You can request information about your stored data at any time.
  • Deletion: You can delete your account and all data in the settings. All documents, analyses, and personal data will be permanently removed.
  • Export: Your documents can be downloaded and exported at any time.
  • Withdrawal: You can withdraw consent to data processing at any time.

8. Contact

For privacy questions: support@doc-pilot.app