Security & Data Privacy
We're a small team building Docuscry with security in mind. Here's exactly what we do — and don't do — to keep your data safe.
Data Encryption
All data encrypted in transit (HTTPS/TLS) and at rest. Provided by Supabase (AWS infrastructure).
Data Isolation
Each workspace is isolated using Postgres Row Level Security (RLS). Your data never mingles with other customers.
Zero AI Training
We never train AI models on your content. We use OpenAI's zero-retention API.
How We Handle Your Data
Transparent infrastructure and clear data policies
Infrastructure
Hosting & Storage
- Database: Supabase (Postgres) hosted on AWS
- Vector storage: Supabase (pgvector)
- File storage: Supabase Storage (AWS S3)
- Application: Fly.io
Third-Party Certifications
- Supabase: SOC 2 Type II certified
- AWS: SOC 2, ISO 27001, GDPR-compliant
- Fly.io: Global infrastructure platform
Note: We rely on these platforms' certifications. Docuscry itself does not hold SOC 2 or other certifications.
Workspace Isolation
Every workspace is isolated at the database level using Postgres Row Level Security (RLS). Your data is fundamentally separated from other customers — no shared tables, no data leakage.
What this means:
Encryption
In Transit
- HTTPS/TLS for all connections
- Secure connections to Supabase
- API calls encrypted end-to-end
At Rest
- Database encryption via Supabase/AWS
- File storage encryption (AWS S3)
- Encrypted at the infrastructure level
Access Control & Roles
Control who can see and do what in your workspace
Owner
Full control over workspace
- Manage billing and subscription
- Add/remove team members
- Change user roles
- Delete workspace
- All Admin permissions
Admin
Manage workspace settings
- Upload and manage documents
- Configure workspace settings
- View analytics and usage
- All Member permissions
Member
Search and view documents
- Search documents
- Ask questions (AI chat)
- View document content
- ✕Cannot upload or delete docs
Current Limitation: Workspace-Level Access Only
Currently, all workspace members can see all documents. Document-level permissions are planned for a future release.
AI & LLM Usage
How we use AI — and what we don't do with your data
What We Do
Vector Embeddings for Search
We create vector embeddings of your documents using OpenAI's API to power semantic search. These embeddings are stored in your isolated workspace.
- Embeddings via OpenAI API
- Stored in Supabase pgvector (isolated)
- Used only for your workspace
AI Chat Answers
When you use AI chat, we send relevant doc chunks to OpenAI GPT-4o-mini to generate answers. Only the specific passages needed are sent.
- OpenAI GPT-4o-mini via API
- Only relevant chunks sent
- Zero-retention API (not used for training)
What We DON'T Do
Compliance & Privacy
Data privacy rights and compliance practices
What We Support
What We Don't Have (Yet)
Data requests: For data export, access, or deletion requests, email [email protected]. We respond within 30 days.
Custom requirements: For DPAs, compliance certifications, or security arrangements, email [email protected].
Security Questions?
Have questions about security, need to report a vulnerability, or want to discuss compliance requirements? Please reach out.
[email protected]Ready to get started?
Start your free trial today. No credit card required.