Privacy Policy

Documents and your profile are stored exclusively in the app’s private sandbox on your device. The encryption key is stored in the iOS Keychain or Android Keystore — it never leaves your device.

We never collect your real device identifier, name, or email address. The app generates a random anonymous ID (a UUID) used only for aggregate analytics counts. Support requests use an app-generated code (e.g. DRX-a1b2c3d4) with no link to your real identity. These codes are random strings stored on your device — we cannot trace them back to you.

The app may request access to your camera or photo library to scan documents. Images are processed entirely on-device using Apple Vision (iOS) or ML Kit (Android). Image data is not transmitted to Docrux servers. Raw images are discarded once OCR extraction is complete; only the extracted text and the resulting document file are saved locally.

The app uses Face ID or Touch ID solely to reveal sensitive profile fields on-screen. The biometric check is performed by the OS; Docrux never receives or stores biometric data.

iOS: iCloud sync stores your vault metadata and document files in your personal iCloud Drive using the container iCloud.app.docrux.docrux. iCloud sync is optional and uses your own Apple account.

Android:If you sign in with Google, your vault index and profile are synced to a folder called “Docrux” in your own Google Drive. The same folder is used by the Docrux web app — documents added on Android appear on docrux.app immediately. Drive sync is opt-in; the app is fully functional without it.

Several optional features use AI to improve accuracy: automatic document naming, profile field extraction, and pack matching. When you use these features, the app sends a portion of the OCR text already extracted on your device to the Docrux backend, which forwards it to Google Gemini. This processing is transient— document text is processed in memory and immediately discarded. Nothing is logged or stored on our servers. No document files are ever sent — only plain text.

AI features are opt-in and can be set to on-device only or fully manual in Settings. On-device AI (Apple Intelligence on supported devices) never sends data off your phone.

AI training: Docrux uses the Google Gemini API under terms that prohibit Google from using submitted content to train or improve its AI models. Your document text is not used to train any AI model.

The app uses PostHog for anonymous usage analytics (screen views and feature usage counts — never names, emails, or document content) and Sentry for crash reporting (stack traces, device model, OS version). A PII scrubber strips document names, extracted text, notes, and file paths from all crash reports before they leave your device. Both services are fire-and-forget; no personally identifiable information is included in any event.

Docrux offers optional Pro subscriptions (monthly and annual) via Apple’s in-app purchase system. All purchase transactions are processed entirely by Apple. We receive only an anonymous transaction receipt to verify your subscription status. We do not receive or store your payment method, billing address, or Apple ID. For details on how Apple handles purchase data, see the Apple Privacy Policy.

Uninstalling the app removes all local data. If iCloud sync was enabled, your files remain in your iCloud Drive until you delete them. If Drive sync was enabled, delete the “Docrux” folder from your Google Drive and revoke access in Google account permissions. No further action is needed.

When you sign in with Google we receive your Google account email address and display name. This is stored in an encrypted session cookie in your browser and used only to authenticate you. We do not store it in any database on our side.

Documents you upload and any profile information you enter (passport details, dates of birth, etc.) are stored exclusively in a folder called “Docrux” inside your own Google Drive account. We access this folder only at your direct request (to read, write or delete files) using the OAuth token your browser holds. We do not retain copies of your files or profile data on our infrastructure.

If you enable two-factor authentication for profile reveal, the TOTP secret is stored as part of your profile JSON file inside your own Google Drive. It is never sent to our servers in plaintext, and we do not hold a copy of it.

When you create a document share link, a short-lived token is held in server memory (not in a database). These tokens are lost on every server restart and expire after 24 hours at most. The token contains only a Google Drive file ID and an expiry timestamp — no document content.

Our hosting provider (Vercel) automatically records standard web server logs (IP address, request path, response code, timestamp) for a limited retention period. These logs are used only for debugging and security purposes. We do not use them to build profiles or track behaviour.