Security & Data Handling

How DocuParse API handles your documents

When developers and SaaS teams upload receipts, invoices, and financial documents, they need to understand how that data is handled. This page explains what DocuParse API processes, stores, and how it protects your data.

Get API Key View API Docs

Security overview

Security principles

DocuParse API is designed to minimize unnecessary data storage and give developers control over their documents.

Encryption in transit

All communication between clients and the DocuParse API uses HTTPS/TLS. Data is encrypted in transit.

Hashed API keys

API keys are hashed before storage. The raw key is shown only once at generation and is not recoverable afterward.

Document deletion

Deleting a document from your dashboard is designed to remove both the associated file and its extracted data.

No model training

Uploaded documents are not used to train AI or machine learning models.

Minimal storage

DocuParse API is designed to minimize unnecessary document storage. Documents are stored to support user-visible history where applicable.

Access control

Dashboard access requires authentication. API access requires a valid API key. Keys can be revoked at any time.

What DocuParse API processes

When you use the DocuParse API, the following data is involved in request processing:

Uploaded document files

Receipts, invoices, and PDFs submitted via the /api/v1/extract endpoint. These are processed to produce structured JSON output.

Extracted data

Structured fields extracted from your documents — merchant, total, tax, date, IDs, and line items — stored to support your document history in the dashboard.

API keys

Used to authenticate requests. Stored as hashed values. The raw key is shown only at creation.

Account and usage data

Account information and API usage metrics used to support your subscription and dashboard.

Document storage and retention

DocuParse API is designed to minimize unnecessary document storage. Documents are retained to support your document history and dashboard visibility.

Documents stored for dashboard use

Uploaded documents and their extracted data are stored to support your document history visible in the DocuParse dashboard.

User-controlled deletion

You can delete individual documents from your dashboard. Where deletion is available, deleting a document is designed to remove associated files and extracted data.

No model training

Uploaded documents are not used to train AI or machine learning models.

Review our Privacy Policy

For full details on data handling, retention periods, and your rights, see our Privacy Policy.

API key handling

API keys are the primary authentication method for the DocuParse API. They are handled with the following protections:

Hashed at storage

The raw key value is never stored in plain text. Only a hash is retained.

Shown once at creation

The full key value is displayed only at the moment of generation. It cannot be retrieved afterward.

Revocable at any time

You can revoke or delete any API key from your dashboard immediately.

Multiple keys supported

Generate separate keys for different environments or integrations and revoke individually.

Best practice: Treat API keys like passwords. Store them in environment variables, not in source code or version control. Rotate keys if you suspect exposure.

Encryption and transport security

All data transmitted to and from DocuParse API is encrypted in transit using HTTPS/TLS. This includes document uploads, API responses, and dashboard communication.

HTTPS/TLS for all API endpoints

Document uploads and API responses are transmitted over encrypted connections.

HTTPS/TLS for dashboard

All dashboard access is served over HTTPS.

Secure infrastructure

DocuParse API runs on cloud infrastructure with standard storage and compute security.

What data DocuParse API does not require

To use DocuParse API, you only need to provide document files for extraction. The following are not collected or required:

Bank account credentials or financial institution access

Personal identification documents beyond what you voluntarily upload for extraction

Passwords or sensitive credentials beyond your API key

Access to third-party systems or integrations

Frequently asked questions

Does DocuParse API store my uploaded files?

DocuParse API is designed to minimize unnecessary document storage. Uploaded documents are used to process extraction requests and support user-visible document history where applicable. Where deletion is available, deleting a document removes associated files and extracted data from the system.

Are uploaded documents used to train AI models?

No. DocuParse API does not use your uploaded documents to train AI or machine learning models.

How are API keys stored?

API keys are hashed before storage. The raw key value is shown only once at generation time and is not retrievable afterward. You can revoke and regenerate keys at any time from your dashboard.

Is data transmitted securely?

Yes. All communication between clients and DocuParse API uses HTTPS/TLS encryption in transit.

Can I delete my documents?

Yes. Documents can be deleted from within your dashboard. Deleting a document is designed to remove both the associated file and its extracted data.

Who can I contact about a security concern?

For security-related questions or concerns, contact us at support@docuparseapi.com.

Security contact

If you have a security concern, discovered a vulnerability, or have questions about how DocuParse API handles your data, contact us at:

support@docuparseapi.com

Get API Key Privacy Policy