The real controls protecting your documents.

Uploaded documents are written to MinIO with SSE-S3 server-side encryption by default. Production (Railway) runs MinIO with KMS enabled so SSE-S3 is always applied. In unsupported self-hosted deployments without KMS, MinIO may fall back to unencrypted writes — that is a deployment choice, not a silent downgrade in production.

backend/app/services/storage_service.py · upload_file()

Every network hop — browser to Vercel edge, edge to Railway backend, backend to LLM providers — uses TLS. HSTS with max-age=63072000 and includeSubDomains is set on the apex domain.

DocTalk routes LLM calls through OpenRouter. Your documents and questions are never used by DocTalk to train models. Provider-side retention depends on the upstream model (DeepSeek / Mistral) — for guaranteed zero retention we rely on OpenRouter's account-level privacy setting (operational control, not yet code-enforced at the request level), and can tighten further with a provider allow-list on request.

Uploads are validated against file signature bytes, not file extensions. A .pdf with an executable payload inside is rejected at ingest — you cannot trick the parser by renaming a file.

backend/app/services/upload_service.py · magic-byte check

When you drop a URL to summarize, the backend validates the target against an allow-list of public hosts and rejects any request to private IP ranges, link-local addresses, or cloud metadata endpoints (169.254.169.254, etc).

backend/app/core/url_validator.py

Public endpoints (shared views, anonymous reads) have per-IP rate limits with HMAC-signed IP trust chain via the Vercel edge — the real client IP cannot be spoofed. Authenticated users bypass.

backend/app/core/rate_limit.py · shared_view_limiter, anon_read_limiter

From your Profile → Account you can export all your documents and session data. The export includes everything DocTalk stores about you, in portable formats.

You can delete your account from Profile → Account. All documents, sessions, chat history, embeddings, and billing records are removed; the account is not recoverable after deletion.

Every document and session is scoped to its owner's user_id at the database and vector-store layer. There is no shared namespace, no org-wide collection by default, and the isolation is enforced at query time — not just at render time.