Privacy Policy

Last Updated: June 3, 2025

Welcome to DocVibe. We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how the DocVibe mobile application ("App") collects, uses, discloses, and safeguards your information when you use our services. By using the App, you agree to the terms of this Privacy Policy.

1. Information We Collect

DocVibe uses an anonymous authentication system and device fingerprinting to provide services while minimizing personal data collection. Here's what we collect:

• Uploaded Files and Content: When you use the App, you can upload PDF or other document files. These files are stored locally on your device for your convenience. If you ask a question about a document, the file may be temporarily uploaded to our secure server to extract text and data (for example, using Google Document AI for OCR and text reshaping). We use the content of your documents only to generate answers to your queries and to provide the service, and for no other purpose. The extracted text from your documents is treated as confidential and is not shared except as needed with our AI processing services (described below).
• Anonymous Account Data: DocVibe creates an anonymous user account automatically when you first use the App - no email, password, or personal information is required. We store only a unique anonymous user identifier in our Supabase database to manage your session and link to subscriptions. We do not store any of your chat conversations, document content, or other user-generated content on our servers - all of this data remains stored locally on your device.
• Device Fingerprint Data: To manage usage limits and prevent abuse, we generate a unique device fingerprint based on your device's technical characteristics. This fingerprint is created from non-personal device information such as:
  • Device model, manufacturer, and hardware specifications
  • Operating system version and type
  • Screen resolution and device capabilities
  • Browser information (for web users)
  • System architecture and available features
  This fingerprint does not contain any personal information but allows us to track daily usage limits consistently across anonymous users on the same device. Multiple users on the same device share the same usage limit pool.
• Usage Data and Analytics: We automatically collect anonymous usage information about how you interact with the App. This includes data such as which features you use, the frequency and duration of your sessions, and daily message counts associated with your device fingerprint. All analytics data is aggregated and does not personally identify you. We do not collect content of your chats or documents for analytics purposes; the data is used solely to improve the App's functionality and user experience.
• Purchase and Subscription Data: If you make in-app purchases (such as subscribing to premium features), we collect information about the purchase. We use RevenueCat as a third-party service to manage subscriptions and purchases. RevenueCat serves as the primary store for your subscription data, linked to your anonymous user ID. This means we can see your purchase status (e.g., active subscription or purchase history) but no personal payment information or credit card details. All payment transactions are handled through Apple App Store or Google Play, and we do not receive your credit card information.

2. How We Use Your Information

We use the collected information for the following purposes:

• Providing and Improving the Service: We use your uploaded documents and queries to generate answers and chat responses. For this, the App processes the text of your PDFs and may send the text and your questions to our AI partners (such as OpenAI, Google Gemini, and Anthropic Claude through OpenRouter API) to get responses. Only the necessary text excerpts and query details are shared with these AI services to obtain the answer. We do not use your document content for any purpose other than answering your questions.
• Anonymous Authentication and Session Management: Your anonymous user account is stored in our Supabase database to manage app access and maintain session continuity. Supabase is a secure, open-source backend platform that provides robust security for user data. Important: We do not store your chat conversations, document content, or chat history on our servers - all of this data is stored locally on your device and never leaves your device except temporarily for AI processing as described above.
• Usage Limits and Abuse Prevention: Device fingerprints are used to enforce daily usage limits fairly across all users of the same device. This system allows us to provide generous free tier limits while preventing abuse. Free users get 5 messages per day per device fingerprint, while premium users get 75 messages per day per device fingerprint. Usage tracking is essential for maintaining service quality and preventing resource exhaustion.
• Analytics and Usage Tracking: We analyze anonymous usage data to understand overall user engagement and feature popularity. This helps us make informed decisions on improving DocVibe. For instance, usage data might tell us which features are most used or if the app crashes at certain points, so we can fix bugs and enhance performance. These analytics are conducted on aggregated data, and we do not attempt to identify individual users or access their personal content.
• Purchases and Subscription Management: Subscription information from RevenueCat is linked to your anonymous user ID and device fingerprint. This enables premium feature access and subscription management without requiring personal information. We may use this information to restore purchases if you reinstall the App on the same device.
• Communication: Since we don't collect email addresses, communication is limited to in-app messages, notifications, and support responses if you contact us directly. We do not send marketing emails or external notifications.
• Legal Compliance and Protection: We may use or disclose your information if necessary to comply with applicable laws, regulations, legal processes, or governmental requests. We may also use information to investigate or enforce our Terms of Service or to protect the rights, property, and safety of DocVibe, our users, or others.

3. Disclosure of Your Information (How We Share Data)

We do not sell or rent your personal data to third parties. We only share your information in limited circumstances, outlined below:

• Service Providers and Partners: We share data with third-party services strictly to operate and enhance the App's functionality. This includes:
  • AI Processing Services: When you ask questions, portions of your document text and your query may be sent to AI model providers such as OpenAI (for GPT-based models), Google (for Gemini and Google Document AI OCR), and Anthropic (for Claude) through the OpenRouter API. OpenRouter acts as an intermediary service that routes our AI requests to these various AI providers. These providers and OpenRouter process the data only to return an answer and are bound by their own privacy commitments not to use your data for other purposes.
  • Supabase: We use Supabase for our backend infrastructure to store anonymous user accounts and device fingerprint associations. Supabase acts as a processor of this data on our behalf. All data sent to Supabase is transmitted securely, and Supabase adheres to stringent security standards. Note: Only anonymous user IDs and device fingerprints are stored in Supabase - your chat conversations and document content are never stored on our servers.
  • RevenueCat: We use RevenueCat as our primary subscription management service. RevenueCat stores the authoritative record of your purchase receipts, subscription status, and subscription history linked to your anonymous user ID. RevenueCat receives purchase receipts from Apple and Google and manages the subscription lifecycle on our behalf.
  • Cloud Servers for Processing: Our servers (which may be hosted on cloud providers) temporarily receive your files or extracted text when you use certain features (e.g., when performing OCR on a document). These servers process the data and return results to your app. We do not retain your document files on our servers after processing is complete.

  All these third-party service providers are selected for their trustworthiness and are under contractual obligation to protect your data and use it only for the services they provide to us. We do not share your data with any advertisers or social media companies.

• In-App Refunds (Apple App Store): If you purchased a subscription through the Apple App Store and later request a refund, we may share limited usage information with Apple to help facilitate the refund process. This can include data like usage frequency or basic usage metrics linked to your device fingerprint, but does not include any actual content of your documents or chats.
• Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, subpoena, or government demand). We may also share information if we believe in good faith that such action is necessary to investigate or protect against harmful activities, suspected fraud, or to enforce our terms and rights.
• Business Transfers: If DocVibe (or its parent company) is involved in a merger, acquisition, restructuring, or sale of assets, your information may be transferred as part of that transaction. We will ensure any successor entity honors the commitments of this Privacy Policy or provide notice and options if your data would be handled under a different policy.

Aside from the cases above, we do not share your personal or document data with any third parties. In particular, we do not share, rent, or trade your uploaded documents or analytics data with marketers or unrelated parties.

4. Data Storage and Security

We take the security of your data seriously and implement industry-standard measures to protect it.

• Secure Storage (Supabase): Your anonymous user account and device fingerprint associations are stored in Supabase, which is a secure, open-source backend platform. Supabase automatically encrypts data in transit and at rest. Access to this data in our system is strictly controlled and limited to authorized operations. Your account data is protected by Supabase's security infrastructure and our own access controls.
• Local Device Storage: Your original PDF files, chat conversations, and chat results are stored locally on your own device. This local storage means you have direct control over your files and conversations. When the App uploads a file for processing (like for OCR), it does so over an encrypted connection (HTTPS) to ensure privacy during transfer. We do not persistently store your original files or chat data on our servers after processing.
• Device Fingerprint Security: Device fingerprints are generated using a secure hashing algorithm and stored in encrypted form. The original device characteristics used to generate the fingerprint are not stored - only the resulting hash. This approach protects your device information while enabling usage tracking.
• Data in Transit: All communication between the App, our servers, and third-party services is encrypted using SSL/TLS. This includes uploading documents for processing, sending queries to AI models, and fetching results. Encryption in transit helps protect against eavesdropping or interception of data.
• General Security Practices: We employ administrative, technical, and physical safeguards to protect against unauthorized access to data. Our team continuously updates and patches systems and reviews our security practices. However, please note that no method of data transmission or storage is 100% secure, and while we strive to protect your information, we cannot guarantee absolute security of your data.
• Data Retention: We retain your anonymous user account and device fingerprint associations only as long as necessary to provide the service and manage your subscription. Since the system is anonymous, data retention is primarily driven by active usage and subscription status. Anonymous analytics data may be retained to analyze long-term trends, but it remains non-identifiable. Since chat data is stored locally on your device, you can delete it at any time by clearing the app's data or uninstalling the app.

5. Consent for Sharing Consumption Data (Refund Requests)

(Apple App Store Refunds) – By using the App and making in-app purchases, you acknowledge and consent that we may share anonymous consumption data with Apple in the event you request a refund for a subscription or purchase. "Consumption data" refers to information about your use of the App after making a purchase, linked to your device fingerprint and anonymous user ID. This may include, for example, usage frequency, the number of documents you processed, or how long you used premium features after purchase. Importantly, this data will not include any personal content from your documents or any of your chat transcripts – it is limited to usage metrics.

We share this data with Apple only when you initiate a refund request, and it is used by Apple to evaluate and process your request. Apple may treat this information in accordance with their own privacy policy.

If you do not consent to sharing consumption data with Apple, please do not complete any in-app purchases or contact us to discuss alternative solutions. You may also opt out of this sharing by contacting us at any time, though opting out may affect your ability to obtain refunds through the standard App Store process.

For more details on Apple's refund and data policies, you can refer to Apple's official documentation.

6. Your Rights and Choices

We believe you should have control over your data, even in an anonymous system. You have the following rights and options:

• Access and Portability: You may request information about the anonymous data we have associated with your device fingerprint (such as usage statistics and subscription data). We will provide this in a portable format if required.
• Data Deletion: You can request deletion of your anonymous user account and device fingerprint data at any time by contacting us. We will delete the associated data from our Supabase database. Note that after deletion, your subscription data in RevenueCat may still exist as they serve as the primary source of truth for subscription management.
• Opt-Out of Analytics: If you prefer not to be included in anonymous analytics or crash reporting, you can contact us with this request. While our analytics do not identify users, we respect user choices. We will explore options to limit analytics collection for your device fingerprint if possible.
• Opt-Out of Marketing: Since we use anonymous authentication and don't collect email addresses, we do not send marketing communications. If this changes in the future, you will have the ability to opt out.
• Withdrawal of Consent: For specific data uses like Apple refund consumption data sharing, you can withdraw your consent by contacting us. This may affect your ability to obtain refunds through standard app store processes.
• Device Reset: You can effectively "reset" your device fingerprint by clearing the app's data and cache, which will generate a new fingerprint on next use. This also resets your usage limits but may affect subscription restoration.

Exercising your rights: To make any requests regarding your data, you can reach out to us via the contact information provided. Since accounts are anonymous, we may need to verify device fingerprint or subscription information to fulfill the request. We will respond to your inquiry within a reasonable timeframe and in accordance with applicable law.

7. Anonymous System and Children's Privacy

DocVibe uses a completely anonymous authentication system that does not collect personal information during normal use. The App is designed for general audiences and can be used by individuals of all ages without providing any personal information.

Important for Parents: While normal app usage is anonymous and requires no personal information, in-app purchases for premium features are handled through Apple App Store or Google Play Store, which may have their own age restrictions and data collection practices. If you are under 13 years of age, please ensure a parent or guardian supervises any subscription purchases.

We do not knowingly collect personal information from children under 13. Since our system is anonymous by design, we have no way to determine user ages unless they interact with external payment systems. If you are a parent or guardian and believe your child may have provided personal information through external systems (like app store purchases), please contact the respective app store directly.

By using the App, you affirm that you understand the anonymous nature of the service and, if you are a minor making purchases, that you have appropriate supervision for subscription transactions.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. If we make material changes, we will notify you by updating the "Last Updated" date at the top of this policy and, where appropriate, may provide a more prominent notice (such as an in-app alert). We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the App after any modifications to this policy will signify your acknowledgment of the changes and agreement to be bound by the updated policy.

Thank you for trusting DocVibe. We are committed to keeping your data secure and your privacy respected as you chat with your documents, all while maintaining a completely anonymous and frictionless experience.