Privacy Policy

Last updated: 2026-06-05

Draft pending counsel review. This policy is published in good faith as a working baseline. If you need a signed copy or a redlined version for your procurement team, email hello@doloop.io.

What this covers

This policy applies to doloop.io and all subdomains, including wysiwyd.doloop.io and any future doloop product surface. Where a product has additional product-specific terms (for example, a separate enterprise data-processing agreement), those terms take precedence.

What we collect

Files you upload to WYSIWYD

If you upload a PDF to wysiwyd.doloop.io for extraction, the file is temporarily stored on the API server (Fly.io, San Jose region) for the duration of your session. We retain uploaded PDFs for at most 24 hours, after which a background process unlinks the file from disk. Files are not backed up, archived, or copied to any other system.

We do not use your uploaded PDFs to train, fine-tune, or evaluate any model. We do not share them with third parties. Our extraction pipeline is fully deterministic and runs entirely on our own infrastructure; no third-party AI services are invoked for the standard extraction flow.

Usage data

We count the number of pages each IP address has scanned in the current month, in a small SQLite database, to enforce the free tier (10 pages per IP per month). This counter rolls over on the first day of each month. We do not log the contents of your scans, your filenames, or anything else identifying.

Browser data

Our static pages (doloop.io and the WYSIWYD landing) do not set tracking cookies, do not run any analytics scripts, and do not load third-party tags. The only outbound requests from these pages are: (1) Google Fonts for typography, (2) federalreserve.gov for the SR 26-2 source link, (3) the WYSIWYD API endpoints on wysiwyd-api.fly.dev when you use the live upload widget.

What we do not collect

We do not collect personally identifiable information (PII) on the free tier (no email, no name, no credit card).
We do not collect or process Protected Health Information (PHI). Do not upload PHI to the free tier; if you need a HIPAA Business Associate Agreement for healthcare workloads, email us about the Enterprise tier.
We do not retain, fingerprint, or share the contents of your PDFs.
We do not place advertising cookies or behavioral-tracking scripts.

Where data lives

Static site files: BlueHost shared hosting (United States).
API service: Fly.io, San Jose region (United States).
Uploaded PDFs (temp): Fly.io tmpfs on the API container, deleted within 24 hours.
Free-tier usage counter: SQLite database on a Fly.io persistent volume, San Jose region.

Your rights

Because the free tier does not collect PII, there is no identifiable record of your activity to access, modify, or delete. If you have used the Pro or Enterprise tier and want to request data access or deletion, email hello@doloop.io and we will respond within 30 days.

Changes to this policy

If we materially change this policy we will update the "Last updated" date above. We will not retroactively reduce your privacy protections for data already collected.

Contact

Privacy questions: hello@doloop.io.