Privacy Policy

Effective date: April 5, 2026

RestoryDocs ("we," "us," or "RestoryDocs") respects your privacy. This policy explains what personal information we collect, how we use it, how we protect it, and your choices. It applies to the website at restorydocs.comand the RestoryDocs service (the "Service").

1. Information we collect

1.1 Account information

When you sign up we collect your email address (required for magic-link sign-in) and optional profile information you provide: business name, logo, and default carrier tone preference.

1.2 Content you upload

When you create a job we store the job metadata (title, property address, loss date, loss type, carrier name, claim number if provided) and the photos you upload. When generation completes we also store the AI-generated narrative, scope of work, and rendered PDF.

1.3 Billing information

Subscription payments are processed by Stripe, Inc. We never see or store your full credit card number. We store a Stripe customer ID, subscription ID, subscription status, and billing period end date.

1.4 Free-tool usage

When someone uses the free tool at /demoor on a programmatic SEO page, we log a SHA-256 hash of the visitor's IP address (never the raw IP), the referring URL, and the number of photos submitted, for rate-limiting and analytics. Free-tool photos are deleted from storage within 24 hours.

1.5 Technical data

We collect standard server logs (request paths, response codes, timestamps), error reports via our error monitoring provider, and anonymized analytics about page views and feature usage.

2. How we use your information

• To operate, maintain, and provide the Service to you
• To generate AI narratives and PDFs by sending photos and metadata to our AI provider (see Section 3)
• To send magic-link login emails and transactional notifications
• To process subscription payments via Stripe
• To respond to your support requests
• To monitor and improve Service reliability and security
• To comply with legal obligations

We do not sell your personal information. We do not use your photos, job data, or generated narratives to train AI models. We do not share your content with any third party except the processors listed in Section 3.

3. Third-party processors

We use the following sub-processors to operate the Service. Each is contractually bound to confidentiality and data protection obligations.

• Vercel Inc. — hosting, edge compute, server logs
• Supabase Inc. — Postgres database hosting and object storage for photos and PDFs
• Anthropic PBC — AI damage analysis and narrative generation (Claude API). Anthropic processes your photos and job metadata under their zero-retention policy for API users.
• Stripe, Inc. — subscription payment processing
• Resend — transactional email delivery (magic-link sign-in, billing notifications)
• Upstash, Inc. — rate-limit state for the free tool (stores only hashed IP addresses)

4. Data retention

• Account data: retained while your account is active. If you delete your account, we delete your data within 30 days, except where we are required to retain it by law (e.g., billing records for tax purposes).
• Jobs, photos, narratives, PDFs: retained for as long as you keep them in your account. You can delete individual jobs at any time. Deletion is immediate and permanent.
• Free-tool photos: automatically deleted from storage within 24 hours of upload.
• Server logs: retained for 30 days.
• Billing records: retained for 7 years for tax compliance.

5. Security

We use industry-standard safeguards: TLS for all data in transit, encryption at rest for the database and storage, least-privilege access controls, hashed session tokens, and regular dependency updates. No system is perfectly secure — if you discover a vulnerability, please report it to security@restorydocs.com.

6. Your rights

Depending on where you live, you may have the right to access, correct, delete, or export your personal data, and to object to or restrict certain processing. To exercise these rights, email privacy@restorydocs.com. We will respond within 30 days.

California residents: Under the CCPA, you also have the right to know what categories of personal information we collect and to opt out of the sale of personal information. We do not sell personal information.

7. Children

The Service is not intended for anyone under 18. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

8. International users

Our servers are located in the United States. If you use the Service from outside the U.S., your information will be transferred to and processed in the U.S.

9. Changes to this policy

We may update this policy from time to time. Material changes will be reflected in the "effective date" above. Continued use of the Service after changes become effective constitutes acceptance.

10. Contact

Privacy questions, data requests, or concerns: privacy@restorydocs.com