Legal

Privacy Policy

Last updated: July 17, 2026

The short version

Your document is stored temporarily in Vercel's secure cloud storage while your payment is processed and your analysis is generated. It is permanently deleted immediately after analysis completes. If you abandon checkout, automated cleanup removes your document — usually within the hour, at the latest within 48 hours. Your analysis result is kept for up to 24 hours so you can revisit your results page, then deleted. To perform the analysis, your document content is also sent to Anthropic's AI API — it is not used to train AI models. Payment is handled by Stripe — we never see your card details. We do not sell or share your information for marketing purposes.

1. Who We Are

CheckDoc (“we”, “our”, “us”) operates the CheckDoc document summary service at checkdoc.store from Switzerland. The data controller responsible for processing described in this policy is Wojtek Tumirnix Zaleta, Unterdorfstrasse 8, 5703 Seon, Schweiz (see our Imprint). For privacy questions, contact us at privacy@checkdoc.store.

2. What We Collect

We collect as little as possible:

  • Your uploaded document — received, processed for analysis, and deleted. We do not store document contents after analysis is complete.
  • Your analysis result — the generated summary (which may quote clauses from your document) is stored for up to 24 hours so you can revisit your results page, then deleted automatically.
  • Payment data — handled entirely by Stripe. We receive only a payment confirmation token. We never see or store your card number, expiry, or CVV.
  • Server logs — standard web server logs (IP address, timestamp, file size, file type). These logs do not include document contents. Logs are retained for up to 30 days for debugging purposes.

We do not use cookies, analytics trackers, or third-party advertising tools.

3. How Your Document Is Handled

When you upload a document, it is stored in Vercel's secure cloud object storage (Vercel Blob) for the duration of your session. Once analysis is complete, the file is permanently and irreversibly deletedfrom that storage — in practice within seconds of analysis completing. If you never complete payment, automated cleanup deletes the file — usually within the hour, and at the latest within 48 hours. Your analysis result (the generated summary, which may quote clauses from your document) is cached for up to 24 hours so a page refresh does not lose the analysis you paid for, and is then deleted automatically.

To generate your analysis, your document content is transmitted to Anthropic's Claude API over an encrypted connection. Anthropic does not use API inputs to train its models by default. Your document is never retained in a persistent database, never backed up, never reviewed by a human at CheckDoc, and never used to train any AI model.

File metadata (file name and type) is stored in your Stripe payment session for the duration of the checkout flow only. No document content is stored by Stripe — only the secure file reference used to retrieve and analyze your document.

4. How We Use Your Information

Information we collect is used only to:

  • Perform the document analysis you paid for
  • Confirm and process your payment via Stripe
  • Debug technical errors (server logs only, no document content)

We do not sell, rent, or share your information with third parties for marketing.

5. Third-Party Services

Stripe — payment processing. When you pay, you interact directly with Stripe's secure checkout. Stripe collects your email address to send a payment receipt. Stripe's privacy policy: stripe.com/privacy.

Anthropic (Claude AI) — your document content is sent to Anthropic's API to generate the analysis. API inputs and outputs are not used to train Anthropic's models by default. See anthropic.com/privacy.

Vercel — hosting, serverless compute, and file storage (Blob). Your document is temporarily stored in Vercel Blob and permanently deleted after analysis completes. Vercel's privacy policy: vercel.com/legal/privacy-policy.

Cloudflare — bot protection (Turnstile). To prevent automated abuse of the upload form, a Turnstile challenge runs in your browser. Cloudflare's privacy policy: cloudflare.com/privacypolicy.

6. Data Security

All connections to CheckDoc use HTTPS/TLS encryption. Uploaded documents are stored in Vercel's encrypted cloud object storage for the duration of analysis only and are permanently deleted immediately afterward. File metadata is held only within your Stripe payment session and is not retained after the transaction. We follow security best practices to protect any data we temporarily hold.

7. Your Privacy Rights

Depending on where you live, you may have rights to access, delete, correct, or obtain a copy of personal data we hold about you. Because we do not retain document contents and collect minimal personal information, most of these rights are satisfied by design.

Swiss residents (revDSG): Da CheckDoc von der Schweiz aus betrieben wird, ist das revidierte Schweizer Datenschutzgesetz (revDSG) primär anwendbar. Sie haben das Recht auf Auskunft, Berichtigung, Löschung, Einschränkung der Bearbeitung sowie auf Herausgabe Ihrer Personendaten (Datenportabilität). Grundlage für die Bearbeitung ist die Vertragserfüllung. Ihre Daten werden an Anthropic, Stripe und Vercel in die USA übermittelt — auf Basis von Standardvertragsklauseln (SCC) bzw. des Swiss-U.S. Data Privacy Framework, soweit der Anbieter zertifiziert ist. Sie können eine Beschwerde beim EDÖB (Eidg. Datenschutz- und Öffentlichkeitsbeauftragter, edoeb.admin.ch) einreichen.

EU / EEA residents (GDPR): You have the right to access, rectify, erase, restrict, or object to the processing of your personal data, and the right to data portability. Our legal basis for processing your uploaded document is contract performance (Art. 6(1)(b) GDPR) — we process it solely to deliver the analysis you paid for. Server log data is processed on the basis of our legitimate interest in service security (Art. 6(1)(f) GDPR). Your document is transferred to Anthropic, Stripe, and Vercel in the United States under Standard Contractual Clauses (SCCs). You have the right to lodge a complaint with your national supervisory authority (see edpb.europa.eu).

California residents (CCPA/CPRA): We do not sell or share your personal information for cross-context behavioral advertising. The categories of personal information we collect are: identifiers (IP address in server logs), payment confirmation tokens from Stripe, and file metadata (size, type). Retention: server logs up to 30 days; document content deleted right after analysis (abandoned uploads at the latest within 48 hours); analysis results up to 24 hours; payment tokens as required by Stripe's retention obligations.

UK residents (UK GDPR): You have the same rights as EU residents under the UK GDPR and Data Protection Act 2018. You may lodge a complaint with the ICO (ico.org.uk).

All users: To submit a data access, deletion, or portability request, email privacy@checkdoc.store with the subject line “Privacy Request.” We will acknowledge within 5 business days and respond within 30 days (or 45 days where permitted by law).

We do not discriminate against users who exercise their privacy rights.

8. International Data Transfers

CheckDoc is operated from Switzerland. When you use our service, your document and associated metadata are transferred to and processed in the United States by our processors Anthropic, Stripe, and Vercel.

For users in Switzerland, the EU/EEA, and the UK, these transfers are carried out under Standard Contractual Clauses (SCCs) as approved by the European Commission and recognised by the Swiss FDPIC (EDÖB), and — where the provider is certified — under the EU-U.S. / Swiss-U.S. Data Privacy Framework. This provides an appropriate level of protection for your personal data.

No document content is transferred to any other country or retained outside the processing window described above.

9. Children

CheckDoc is not directed at children under 13. We do not knowingly collect information from anyone under 13. If you believe a child has submitted a document, contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The date at the top of the page reflects when it was last revised. Continued use of CheckDoc after an update constitutes acceptance of the revised policy.

11. Contact

Privacy questions or data requests: privacy@checkdoc.store

General support: support@checkdoc.store