Last updated: March 4, 2026
DocAPI ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including our API, free tools, and programmatic agent registration. It applies equally to human users and to AI agents or automated systems registering and operating on behalf of a person or organization.
When you create an account via our sign-up flow, we collect your email address and any other information you provide during registration. For agent accounts registered via POST /api/register, an email address is either provided by the registering agent or auto-generated (e.g., [email protected]). We also store an optional operator notification email (notify_email) if provided at registration, used solely to send low-balance credit alerts.
We collect information about how you use our API, including API call counts, timestamps, and general usage patterns. This helps us improve our services and monitor for abuse. For agent accounts, we also track credit balance changes and topup history.
Payment processing for monthly subscription plans is handled by Stripe. We do not store your credit card details on our servers. We store your Stripe customer ID to manage your subscription. Stripe's privacy policy governs the collection and use of your payment information.
For agent accounts, we store the USDC wallet address associated with your account. This is a public blockchain address on Base mainnet, generated via Coinbase Developer Platform (CDP). We also store your current credit balance and the cumulative USDC received by your wallet. We do not store private keys — wallet custody is managed by Coinbase CDP. USDC transactions on Base are publicly visible on the blockchain.
We do not store any data you enter in our free tools (Invoice Generator, OG Image Generator, Resume Builder). All information is processed in real-time to generate your output and is immediately discarded. No document data is saved on our servers.
Our MCP server at mcp.docapi.co accepts your API key on a per-request basis via the x-api-key header. The server does not store your API key or any credentials between requests. API calls made through the MCP server are subject to the same usage tracking described in section 2.2.
We collect IP addresses for rate limiting purposes (e.g., 5 programmatic registrations per day per IP). IP addresses used for rate limiting are stored transiently in Vercel KV and are not linked to account records or used for any other purpose.
notify_email address provided at agent registration (maximum once per 24 hours)Agent accounts use USDC on Base mainnet for payments. You should be aware of the following regarding blockchain data:
We retain your account information for as long as your account is active. If you delete your account, we will delete your personal information within 30 days, except where we are required to retain it for legal purposes. For agent accounts, credit balance and USDC address are retained for the lifetime of the account.
HTML content submitted to our API for PDF generation is processed in real-time and not stored permanently. We may temporarily cache content for performance purposes, but this cache is cleared regularly.
Data entered in our free tools (such as the Invoice Generator) is never stored. It exists only in your browser and during the brief PDF generation process.
IP-based rate limit counters are stored transiently (24-hour TTL) in Vercel KV and are automatically deleted after expiry.
We do not sell your personal information. We may share your information with:
notify_email address provided at agent registration. Only the email address and credit balance data are shared.We use cookies and similar technologies to:
Agent accounts accessing the API directly do not use cookies. Cookies apply only to browser-based interactions with our website. You can control cookies through your browser settings. Disabling cookies may affect the functionality of our web dashboard.
We implement appropriate technical and organizational measures to protect your information, including encryption in transit (HTTPS), secure API key management, and regular security reviews. Private keys for agent wallets are managed by Coinbase CDP and are not accessible to DocAPI. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.
Depending on your location, you may have the following rights:
To exercise these rights, please contact us at [email protected].
Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with this privacy policy.
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.
If you have any questions about this Privacy Policy, please contact us at [email protected].