How Dokyumi handles your documents and data
You're sending us real documents — invoices, pay stubs, medical bills, tax forms. Here's exactly what happens to them, who touches them, and how you stay in control.
Encryption in transit and at rest
Every request to the Dokyumi API and dashboard is served over HTTPS/TLS — documents and API responses are encrypted in transit. Uploaded files and extracted data are stored in Supabase's encrypted storage and database layer at rest.
API keys are never displayed again after creation. If a key is compromised, rotate it immediately from API Keys in your dashboard — the old key stops working the moment you revoke it.
Data retention & deletion — you control it
Dokyumi doesn't impose a fixed retention window or silently purge your documents on a schedule. Uploaded files, schemas, and extraction records are retained until you delete them or close your account. You can remove individual extractions and their source documents from your dashboard, or via the API, at any time.
If you need documents deleted immediately after processing as a matter of policy, build that into your integration — call the delete endpoint right after you've pulled the JSON you need. We're also glad to talk through retention requirements directly for Growth and Enterprise customers — email hello@dokyumi.com.
We don't train models on your data
Your document content and extracted data are used solely to run your extraction — to return your JSON, cache OCR results for your repeat submissions, and enforce your plan's usage limits. We do not use your document content to train or fine-tune AI models, ours or anyone else's.
Access controls
Every API request is authenticated with a bearer API key scoped to your organization — there's no cross-tenant access to another organization's schemas, extractions, or documents.
- Keys can be scoped to specific schemas for multi-tenant setups — a scoped key gets a 403 if used against a schema it isn't authorized for.
- Revoke a key instantly from the dashboard; it stops authenticating immediately.
- White-label portal submissions are isolated per site and delivered only to the webhook or dashboard you configured for that site.
Healthcare documents & HIPAA-aware handling
Teams use Dokyumi to extract data from EOBs, medical bills, and superbills. The platform is built with a HIPAA-aware architecture — encryption in transit and at rest, access controls scoped per organization, and schemas designed so you only capture the fields you actually need, which limits how much sensitive data you collect in the first place.
To be precise about what that does and doesn't mean: this is not itself a claim of HIPAA certification. A Business Associate Agreement (BAA) is available on the Enterprise plan — contact hello@dokyumi.com before sending PHI so we can get one in place. See our healthcare billing use case for how schemas are typically scoped down for this kind of document.
Subprocessors
These are the third-party services involved in running Dokyumi. We share only what each one needs to do its job.
Performs the first pipeline stage — text and layout extraction from your uploaded document.
Routes the OCR output to Anthropic's Claude models for schema-guided field mapping — the second pipeline stage.
Hosts your account data, schemas, extraction records, and uploaded document storage.
Processes subscription payments. Stripe is PCI-DSS compliant; Dokyumi never sees or stores full card numbers.
Serves the Dokyumi application and API at the edge.
Compliance posture
Stripe (our payment processor) is PCI-DSS compliant, and no card data ever touches Dokyumi's own servers. We rely on our infrastructure subprocessors' own compliance programs (Supabase, Vercel) rather than claiming certifications we haven't independently obtained. If your procurement process needs a specific attestation, questionnaire, or SOC 2 report we haven't listed here, ask — we'll tell you plainly what we have and don't.
Responsible disclosure
Found a security issue? Email hello@dokyumi.com with the subject line "Security Disclosure" so it gets triaged quickly. Please include enough detail to reproduce the issue and give us a reasonable window to fix it before any public disclosure. We read every report personally and will acknowledge receipt.