Security

You stay in control of your document.

Docly processes only the data needed to perform the action you request. This page explains our controls and their boundaries in plain language.

Core controls

lock

Encrypted connections

Web, API and document editor traffic is transported over HTTPS.

key

Protected keys

AI provider keys you add are stored encrypted in the application database.

difference

You approve changes

AI proposes edits; you decide which changes are applied to the document.

delete

Export and deletion

You can export your data or delete your account from account settings.

How are files processed?

Documents uploaded to your account remain in your workspace until you delete them or close the account. Account deletion removes files from active storage; protected backups age out through the limited backup cycle.

Files submitted to anonymous tools exist only in temporary processing storage and are not added to an account or a permanent file list.

AI providers

When you start an AI action, the required document content and prompt are sent to the provider you selected solely to generate a response. Each provider's data terms apply. Basic PDF tools that do not use AI do not send documents to an external AI provider.

Services that operate Docly

Hetzner CloudServer and backup infrastructure
CloudflareDNS, traffic protection and HTTPS layer
Anthropic, OpenAI, Google and other providers you selectOnly for AI actions you initiate
GoogleOptional Google sign-in
SentryError monitoring and service reliability
Lemon SqueezySubscription and payment processing when enabled

Found a security issue?

Please send us the details before disclosing it publicly. Security reports are reviewed with priority.

Email [email protected]