← Back to Home
DocHouse LogoDocHouse

Privacy Policy

Effective Date: July 2026

1. Introduction

DocHouse ("we", "our", or "us") is deeply committed to protecting your privacy. This Privacy Policy explains how your information is handled by DocHouse. Our core philosophy is absolute privacy through Zero-Knowledge Architecture. We do not have the keys to your data, meaning we cannot read, scan, or access your encrypted documents. Your data is yours alone.

2. Data We Collect and How We Store It

End-to-End Encrypted Documents & Metadata

All document images, extracted text, and metadata are encrypted entirely on your device using military-grade AES-256-GCM encryption before they ever reach our cloud sync servers. We store this encrypted cipher data to allow seamless syncing between your mobile app and the DocHouse Web portal, but we have absolutely zero ability to decrypt or view it.

Cryptographic Keys

You are the sole owner of your private encryption keys. Keys are generated on your device and are never transmitted to our servers in plaintext. When you link a new device via our Web QR login, the keys are securely negotiated point-to-point via X25519 Key Exchange.

User Profile Information

When you sign in with Google, we collect your email address, display name, and avatar URL to create and manage your identity.

Device and Usage Data

We collect basic device information (model, OS version, app version) and anonymous usage analytics to improve app stability and performance. This tracks how features are used, but never interacts with your private document content.

3. Third-Party Services We Use

We leverage industry-leading services to power DocHouse, strictly governed by our zero-knowledge policy:

  • Supabase: For authentication and storing your strictly encrypted database fields and encrypted image blobs.
  • Google ML Kit: For completely on-device text recognition (OCR) meaning image scanning happens locally.
  • Groq API & Google Gemini: Used ephemerally for AI-powered extraction of structured fields. Text is processed and immediately discarded; it is never persistently stored by these APIs.
  • PostHog: For anonymous usage analytics.

4. Web Authentication & Security

Accessing DocHouse Web is protected by a secure, point-to-point QR authentication handshake. Your mobile app acts as the ultimate authenticator. If you log out from your mobile device, your web session is instantly and cryptographically terminated.

5. Your Rights and Choices

You retain total sovereignty over your data. Because of our Zero-Knowledge architecture, if you lose your primary device and haven't backed up your recovery keys, your data cannot be recovered by us. You can choose to securely delete your account and all associated encrypted cloud data at any time from within the app settings.

6. Contact Us

If you have any questions about this Privacy Policy or our encryption architecture, please contact our security team via the Support page in the app.


Copyright © 2026 DocHouse. All rights reserved.