Privacy Policy

How NDOR collects, uses, and protects your data.

Last updated: March 17, 2026

Key Privacy Commitments

NDOR does not retain uploaded documents after processing
NDOR does not store extracted document text
Document content is not logged by NDOR
Documents are processed transiently in memory
Your data is not used for AI model training
Only account and usage metadata is stored

A. Data We Collect

Account Data

  • • Email address (for authentication and communication)
  • • User role (for access control)
  • • Account creation date
  • • Language preferences
  • • Usage statistics (tools used, credit balance)

Uploaded Files

Important: Documents you upload are processed transiently in memory only.

  • • Document text is not stored in our database
  • • Extracted content is not written to disk
  • • Document content is not included in system logs
  • • Processing occurs in-memory and content is discarded after completion
  • • We store only: character count, file type, processing timestamp

AI Request Metadata

  • • Tool used (Review, Sanity, Draft, Interpret)
  • • Processing mode (Standard, Ultra)
  • • Token usage (for billing)
  • • Processing duration
  • • Document hash (SHA-256, for verification only)
  • • Intent classification (summary, review, etc.)

Payment Metadata

  • • Credit purchase history
  • • Transaction IDs (from Stripe)
  • • Purchase amounts
  • We NEVER store card details - all payment processing is handled by Stripe

B. Data Storage Rules

Data Minimisation

NDOR follows data minimisation principles:

Not Stored:

  • Uploaded documents
  • Extracted document text
  • AI prompts containing document content
  • AI outputs containing document content

Stored (metadata only):

  • Document hash (non-reversible)
  • Usage metrics (processing time, tool used)
  • Credit and billing records
  • Saved summaries (when explicitly saved by you)

Not Stored by NDOR

  • Raw document text from your uploads
  • Extracted content from PDFs, Excel, Word, or images
  • AI prompts containing your document content
  • AI responses containing decision analysis
  • Request bodies in server logs
  • Document screenshots or previews

What We DO Store (Metadata Only)

  • Document hash (SHA-256) for verification
  • Character count and file type
  • Processing timestamps
  • Token usage and credit consumption
  • Tool selection and mode
  • Saved summary titles (user-created, optional)

C. AI Processing Disclosure

AI Providers

NDOR uses enterprise-grade OpenAI GPT models as its primary active AI provider for production analysis, reasoning, translation, and document intelligence, while maintaining infrastructure flexibility to incorporate additional advanced AI providers where strategically appropriate.

AI Training & Data Use

  • Your documents are not used to train AI models
  • NDOR uses enterprise API agreements with no-training clauses
  • NDOR does not retain documents after processing
  • Document content is not stored in logs or databases

D. Security Controls

Encryption in Transit

All data transmitted to and from NDOR is protected using TLS encryption.

Role-Based Access Controls

User, admin, and system roles with strict permission boundaries. Access to other users' data is not permitted.

Admin-Gated Audit Tools

Prompt audit and analytics tools are admin-only and generate in-memory reports without storing document content.

No Document Content Logging

Server logs do not capture document content. Request bodies containing documents are not recorded.

Hash-Only Verification

Document integrity is verified using SHA-256 hashes. Content is verified without being stored.

Time-Bound Session Validation

Authentication tokens are validated for freshness. Stale sessions are rejected. Rate limiting is enforced on authentication endpoints.

E. Payments

Stripe Payment Processing

All payments are securely processed through Stripe. NDOR never receives or stores your credit card details.

No Card Storage

Your payment information is handled entirely by Stripe's PCI-compliant systems. We only store transaction IDs for reference.

Transparent Pricing

All pricing is displayed before execution. You always know the credit cost before processing any document.

F. Your Rights

Right to Access

You may request a copy of all personal data we hold about you, including account information and usage metadata.

Right to Deletion

You may request deletion of your NDOR account at any time. When your account is deleted:

  • Your account profile and authentication records are permanently removed
  • All associated usage metadata linked to your identity is deleted or anonymised
  • Any saved summaries stored under your account are permanently deleted

Note: NDOR does not retain uploaded documents or extracted document text. Documents are processed transiently in memory and discarded after analysis. Document deletion is therefore not applicable.

Certain minimal records (e.g., financial transaction logs required for legal and accounting compliance) may be retained for the legally required period, after which they are anonymised.

Right to Correction

You may update certain account preferences (such as language and display settings) from your Account page.

For security reasons, core identity fields such as your registered email and account identity cannot be changed directly. If you need to modify these, please contact support@ndor.app for a secure account update procedure.

Right to Data Export

You may export your metadata (usage history, saved summary titles, credit transactions) in a portable format upon request.

Exercise Your Rights

To exercise any of these rights, contact us at:

support@ndor.app

G. Retention Policy

Document Content

Not retained. Documents are processed in memory and discarded after analysis completes. NDOR does not retain uploaded documents or extracted document text.

Account Data

Retained for the duration of your account. Deleted or anonymised upon account deletion request.

Usage Metadata

Execution analytics retained for service improvement. Automatically anonymised after 90 days via scheduled database processes covering both execution analytics and LLM metrics (user_id removed, aggregates preserved). Your "My Analytics" page displays the last 90 days of identifiable data.

Automated Anonymisation

Analytics records are automatically anonymised after 90 days via a scheduled database process (pg_cron). This applies to both execution analytics and LLM execution metrics. The process removes user-identifiable linkage while preserving limited aggregate service data. This runs automatically and requires no action from the user.

System Logs

Minimal logging, no document content. Error logs retained for 30 days maximum.

Saved Summaries

User-created saved summaries (titles and metadata only) retained until user deletes them or requests account deletion.

Financial Records

Certain minimal financial transaction records required for legal and accounting compliance may be retained for the legally required period, after which they are anonymised.

H. Cookies & Sessions

Functional Only

NDOR uses only functional local storage required for the application to operate:

  • Authentication Token

    Secure JWT stored locally to maintain your session.

  • Language Preferences

    Your chosen language settings for tool outputs.

  • UI Preferences

    Theme and display preferences.

No tracking. NDOR does not use third-party analytics, advertising, or tracking cookies. We do not sell or monetise your data.

Questions About Your Privacy?

We're committed to transparency. If you have any questions about how we handle your data, please reach out.

We typically respond within 48 hours.

© 2026 NDOR. All rights reserved.

PrivacyTrustSecurityFAQTermsPricingBenchmarksContactAPI

NDOR produces analytical observations, not legal advice. Outputs must be reviewed by a qualified professional before reliance.

NDOR is operated by IAA Energy Resources Ltd, a company registered in England and Wales. Company Number: 11583381. Registered Office: 71–75 Shelton Street, Covent Garden, London, England, WC2H 9JQ.

Contact: support@ndor.app