Privacy Policy
Effective May 19, 2026
DistillDoc (“we”, “us”) is a document analysis service. This policy explains what data we collect, why, and how long we keep it. We keep it short because we don't do much with your data.
What we collect
Email address
You provide this to receive your summary. We store a one-way SHA-256 hash of your email — not the address itself — in our database. The actual address is passed to our email provider (Resend) to deliver your summary and occasional follow-up messages, then is not retained by us.
Your PDF document
You upload a PDF for analysis. It is stored in private cloud storage (Supabase) only for the duration of processing. It is permanently deleted immediately after your summary is generated — typically within 60 seconds of payment.
Payment information
We do not handle card data. Payment is processed entirely by Stripe. We receive only a payment confirmation and your email address (provided at checkout).
Usage data
Standard web server logs (IP address, browser, timestamp) are retained by our hosting provider (Railway) per their standard policies. We do not run analytics software or ad tracking.
Captcha interactions
The refund page uses Cloudflare Turnstile to prevent automated abuse. Cloudflare may process your IP address and browser signals to determine whether you are human. No data from this check is stored by us.
How we use it
- To process your document and return a summary.
- To email you the summary and, optionally, brief follow-ups (3 days and 14 days after delivery). You can reply “unsubscribe” to any follow-up email to stop receiving them.
- To issue refunds if you request one.
- To detect abuse and maintain service availability.
We do not sell your data. We do not use your document content to train any model. Your document is processed by our AI provider (Anthropic) under their API terms, which prohibit training on API inputs.
Third-party services
Running DistillDoc requires the following sub-processors. Each link goes to their privacy policy.
Data retention
PDF file: Deleted immediately after analysis (within 60 seconds of payment).
Summary: Stored indefinitely so your share link remains accessible. You can request deletion by contacting us with your share link or job ID.
Email hash: Retained to enforce the refund guarantee (30-day window, one refund per account) and prevent abuse.
Payment records: Retained by Stripe per their legal obligations.
Security
We encrypt all data in transit using TLS. Data at rest is encrypted by Supabase and Railway using AES-256. Access to production systems is restricted to authorized operators. No security measure is perfect, but we do not store your document beyond the time needed to produce your summary.
Your rights
You may request access to, correction of, or deletion of data we hold about you. Because we store only a hash of your email (not the address itself), we cannot look up your record by email alone — please include your share link or job ID when contacting us. We respond to rights requests within 45 days.
California residents (CCPA)
If you are a California resident, you have the following rights:
- Right to know — what personal information we collect, use, and disclose.
- Right to delete — request deletion of personal information we hold.
- Right to correct — request correction of inaccurate personal information.
- Right to opt out of sale — we do not sell your personal information.
- Right not to be discriminated against — exercising these rights will not affect your access to the service.
Cookies
We do not set first-party cookies. Stripe sets cookies during the payment flow for fraud prevention. No advertising or tracking cookies are used.
Children
DistillDoc is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child under 13 has submitted a document through our service and we will delete any associated data promptly.
Changes
We may update this policy. Material changes will be noted by updating the effective date above. Continued use of the service after changes constitutes acceptance.