Privacy Policy

Overview

DocFlow is a self-hosted PDF and image processing toolkit. You can use most tools as a guest, with no account and no email required. This page explains what data DocFlow collects, why, how long it's kept, and what control you have over it.

Data we collect

• Files you process. The document or image you upload to a tool, plus the file that tool produces.
• Account data, if you register. Email address, display name, and a hashed password. We never store your password in plain text.
• Session data. A short-lived access token and a longer-lived refresh token used to keep you signed in. Refresh tokens are stored server-side as a hash, not as the raw token.
• Technical data. Your IP address is read transiently to enforce upload rate limits and is not written to a persistent log; it's discarded once the rate-limit window passes (or immediately on server restart).
• Account audit events. If you have an account, security-relevant actions (sign-in, password reset, account deletion) are recorded against your account email so we — and you — can see what happened to your account.
• Cookies. A single essential cookie/local-storage entry that remembers your cookie-consent choice. DocFlow does not use third-party advertising or analytics cookies.

How we use this data

• To run the tool you selected and return the resulting file to you.
• To keep you signed in between visits, if you have an account.
• To enforce per-IP and per-account rate limits so the service stays usable for everyone.
• To investigate abuse or security incidents, using the audit events described above.

We do not sell your data, and we do not use your files to train any model.

File retention & deletion

Uploaded files and the outputs generated from them are temporary. By default they are automatically deleted from the server within about an hour of being processed, and sooner if you're using a live preview session. Once deleted, a file cannot be recovered — DocFlow is not a file storage or backup service, so keep your own copy of anything you upload or download.

Your account, your control

If you create an account, you can manage your own data without contacting support:

• Export your data. Download a copy of your account data from your account page at any time.
• Delete your account. Permanently delete your account and its data from your account page. This action cannot be undone.
• Sign out everywhere. Signing out revokes your refresh token, ending that session immediately.

Third parties

DocFlow runs as a self-hosted application, and by default it shares nothing with third parties — processing happens on the server you (or the operator) control. Two integrations are optional and disabled unless an operator turns them on:

• Error reporting (Sentry). If enabled, crash and error metadata may be sent to Sentry to help diagnose bugs. File contents are not included.
• Malware scanning. If enabled, uploaded files may be sent to an operator-configured scanning service solely to check for malicious content before processing.

Security measures

• All traffic is served over HTTPS.
• Passwords are hashed; refresh tokens are stored as hashes, not plain text.
• Uploads are validated by file content (magic bytes), not just file extension.
• Per-IP and per-account rate limiting protects against abuse and runaway usage.

Children's privacy

DocFlow is not directed at children, and we do not knowingly collect data from anyone under 16.

Changes to this policy

If this policy changes, we'll update the "Last updated" date above. Material changes will be reflected here before they take effect.

Contact

Questions about this policy or your data? Use the contact form on the home page.