Privacy and data handling
What happens to documents you upload — where they go, who sees them, how long they stay, and how to delete them at any moment.
Updated:
We don’t train on your data
This is the most important sentence on this page: documents you upload to Ztract are never used to train AI models — not ours, not the third-party LLMs we route through.
The engine that performs document understanding uses commercial large-language-model APIs from OpenAI, Anthropic, and Google. All three providers’ API terms prohibit training on customer-submitted data, and we rely on those contractual commitments. We do not opt into any optional training programs they may offer for non-API products.
The Privacy Policy covers this in formal language. This page covers the practical user-side picture.
Where your data lives
Although we’re a Hong Kong company (Interval Limited), the infrastructure that runs Ztract is hosted in the United States:
| Component | Provider | Location |
|---|---|---|
| Application + compute | Fly.io | LAX (Los Angeles) |
| Database + auth | Supabase (on AWS) | us-east-2 (Ohio) |
| Document storage | Cloudflare R2 | Western North America |
| Email delivery | Resend | United States |
| Payment processing | Stripe | Global; primarily US |
| LLM processing | OpenAI / Anthropic / Google | United States |
If you’re accessing Ztract from the EU, UK, or another region with data-export rules, your data transfers to the US under the Standard Contractual Clauses incorporated by reference in our Data Processing Agreement.
Document retention
The default is indefinite while you keep the document, immediate on delete:
- An uploaded document stays in object storage (Cloudflare R2) as long as it exists in your account. No automatic purge after N days.
- When you delete a document — through the dashboard, project deletion, or account deletion — it’s removed from active storage immediately.
- Routine backups may retain a copy for up to 14 days before being overwritten in the normal rotation. After 14 days, no copy exists.
- Extracted results (the structured data) are deleted at the same time as the source document. They don’t outlive the original.
How to delete a document
Three levels of granularity:
One document
- Open the document in the project view.
- Click the ⋯ menu and choose Delete.
- Confirm.
The document and its extracted results are gone from active storage right away. Backup rotation finishes the rest within 14 days.
A whole project
In the project list, click the ⋯ menu next to the project → Delete project. This removes every document in that project, its schema, and the project shell itself. Permanent and immediate.
Your account
To close your account, email support@ztract.com from the registered email address. We delete account data and any remaining documents within 30 days, except for records we must retain for tax or other legal reasons (billing invoices, for example).
What other users see
In the current release, each Ztract workspace is a single account — there are no team seats yet, no shared projects, and no “shared with” surfaces. The only people who can see your documents are:
- You (the account owner).
- A small number of Ztract operators on a need-to-know basis, with least-privilege access controls and audit logging.
Multi-seat team workspaces are on the roadmap. When they ship, the sharing model will be explicit and opt-in.
What our staff can see
Ztract operators can access customer data only when necessary to deliver the service — for example, to diagnose a support issue you reported, or to investigate a security incident. Access is least-privilege, requires multi-factor authentication, and is logged. We do not browse customer documents for product analysis or training.
If you’d like an even tighter restriction (zero-staff-access, no sub-processor changes without explicit approval, etc.) and have a volume that justifies it, talk to us about an enterprise arrangement.
When you ask us to do more
The Privacy Policy covers your rights under GDPR (access, deletion, portability, etc.), CCPA, and the Hong Kong PDPO. The DPA covers the formal processor relationship for business customers.
For practical “I’d like X” requests, email support@ztract.com. Common ones:
- Request a copy of all data we hold about you.
- Request export of all your project data before deletion.
- Request a list of sub-processors we use.
- Request specific assurances for compliance audits.
- Report a suspected security issue.
We aim to reply within one business day.