Privacy

Privacy Policy

This policy explains what LeapOCR collects, how the service processes document data, how long data is kept, and which third parties are involved.

This Privacy Policy applies to the LeapOCR website, dashboard, API, and related services. It covers information we collect from visitors, customers, and API users. For OCR jobs and uploaded files, you generally act as the controller of the content you send to LeapOCR and LeapOCR acts as a processor or service provider for that content.

1. What we collect

  • website and marketing data, such as browser, device, IP, referral, and page-view data;
  • contact details you submit, such as name, email, company, and message;
  • account, organization, team, session, API key, audit, and support data;
  • billing and transaction metadata from our billing providers;
  • Customer Content you submit for processing, including files, prompts, schemas, templates, extracted text, and outputs.

2. How we use information

We use information to operate, secure, support, bill for, analyze, and improve LeapOCR.

3. Document processing

LeapOCR uses temporary object storage, application infrastructure, and third-party model providers to process files. The main operational stack currently includes Cloudflare R2 and Cloudflare Workers for upload and storage flows, Hetzner-hosted infrastructure for backend services, and model providers such as Google Gemini, OpenRouter, and DeepInfra for OCR or VLM-related processing depending on the route, model, or internal pipeline step.

LeapOCR does not use your customer documents or extraction results to train LeapOCR-owned models. Customer content is processed to provide the service you request.

4. Retention and deletion

LeapOCR is built for temporary processing rather than indefinite storage of OCR jobs. The current product includes team-level retention settings with automatic cleanup enabled by default and a default retention period of 7 days. Teams can change that retention window, including setting it to 0 days for immediate cleanup after processing, and the API and dashboard also support manual job deletion.

Some data is retained longer where needed to run the service, including:

  • account, organization, and API key records;
  • billing and transaction records;
  • audit, security, and operational logs;
  • analytics data held by the analytics providers enabled on the site or app.

5. Providers, cookies, and analytics

The website code supports analytics through PostHog and Google Analytics when those services are configured. Those tools may use cookies, browser storage, device identifiers, and event data to measure traffic and product usage. If analytics is not configured, the related tracking code does not run.

We share data only as needed to run LeapOCR, comply with law, enforce our terms, or protect the service. Current subprocessors and categories are listed on our Subprocessors page.

6. Security and rights

We use administrative, technical, and organizational measures designed to protect data in transit and at rest. No system is perfectly secure, so you should avoid sending data you are not authorized to process and should configure retention appropriately for your use case.

Depending on where you are located, you may have rights to access, correct, delete, or restrict certain personal data. You can also manage job retention inside the product and delete OCR jobs manually. For privacy or data processing requests, contact us by email.

Changes to this policy

We may update this policy from time to time. When we do, we will update the date at the top of this page.

Contact

For privacy, retention, or DPA questions, email support@leapocr.com.