Privacy Policy

Last updated: March 2026

1. What data we collect

• Email address — used for authentication and account identification.
• OAuth tokens — read-only access to your Gmail or Outlook inbox, used exclusively to scan for invoices.
• Invoice data — extracted temporarily during a scan (sender, date, amount, attachments).

2. How we use your data

We use your data for invoice detection and extraction only. We don't read your emails — our AI scans for invoice patterns only. No email content is stored, shared, or used for any other purpose.

3. Data storage

Invoice metadata (sender, date, amount) is stored in our database so you can review your scan results. PDF files are stored temporarily for download, then automatically deleted after 30 days.

4. Third-party services

• Stripe — payment processing. We never see or store your card details.
• Resend — transactional emails (scan confirmations, receipts).
• OpenRouter — AI invoice detection. Only invoice metadata is sent to the AI model, not full email content.

5. Data retention

Account data is kept until you request deletion. Scan results and downloaded invoices are available for 30 days, then automatically purged.

6. Your rights (GDPR)

You have the right to:

• Access — request a copy of your personal data.
• Rectification — correct inaccurate data.
• Deletion — request complete deletion of your account and data.
• Portability — receive your data in a structured, machine-readable format.

To exercise any of these rights, contact us at contact@dokutrak.com.

7. Cookies

We use a single cookie (lang) to remember your language preference. We do not use tracking cookies, analytics cookies, or any third-party cookies.

8. Contact

For any questions about this privacy policy, reach out at contact@dokutrak.com.