indexify.dev
Preview / closed beta. Interested? Email info@indexify.dev.

Privacy Policy

Last Updated: February 4, 2025

1. Introduction

Welcome to Indexify ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our document processing and AI RAG pipeline services.

2. Information We Collect

2.1 Account Information

When you create a developer account, we collect:

  • Email address
  • Password (encrypted)
  • Name
  • Project information (project names, descriptions, and configurations)
  • OAuth client credentials (client_id and client_secret) for machine-to-machine authentication

2.2 Usage Data

We automatically collect certain information when you use our API:

  • API request logs and access patterns
  • IP addresses
  • Authentication tokens (JWT developer tokens and OAuth2 project access tokens)
  • OAuth2 client credentials usage and token exchange patterns
  • Service usage metrics and performance data

2.3 Document Data

When you use our document processing services, we process and store:

  • Uploaded documents and their content
  • Parsed document data (text, metadata)
  • Document embeddings and vector representations
  • Project and knowledge base configurations
  • Search queries and results

3. How We Use Your Information

We use the collected information to:

  • Provide and maintain our document processing and RAG pipeline services
  • Process your documents through our parsing, chunking, embedding, and vector storage pipeline
  • Authenticate and authorize API access
  • Monitor and analyze service usage for performance optimization
  • Communicate with you about service updates, security alerts, and administrative messages

4. Data Storage and Security

We implement industry-standard security measures to protect your data:

  • All data transmission is encrypted using HTTPS/TLS
  • OAuth2 client credentials flow for machine-to-machine authentication with client_id and client_secret
  • JWT tokens for developer authentication and project access tokens for API access
  • Passwords are hashed and salted using strong cryptographic algorithms
  • Rate limiting to prevent abuse and denial-of-service attacks
  • Webhook signatures using HMAC-SHA256 for secure event notifications
  • Tenant isolation ensuring data separation between projects and knowledge bases

5. Data Retention

We retain your data for as long as your account is active or as needed to provide services. You may delete your projects, knowledge bases, and documents at any time through the API. Account data, including OAuth client credentials, is retained according to legal and operational requirements. Upon account deletion, we will remove or anonymize your personal information, projects, and associated data within 30 days.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your data only in the following circumstances:

  • Service Providers: We may use third-party service providers to support our infrastructure (e.g., cloud hosting, embedding models), who are contractually obligated to protect your data.
  • Legal Requirements: We may disclose information if required by law, court order, or governmental request.

7. Your Rights and Choices

You have the following rights regarding your data:

  • Access: Request access to the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal information and documents
  • Data Portability: Request a copy of your data in a structured, machine-readable format
  • Objection: Object to certain processing of your personal information

To exercise these rights, please contact us using the information provided below.

8. Cookies and Tracking

Our API service does not use cookies for tracking. We use OAuth2 client credentials flow and JWT tokens for authentication, which are provided by you in API requests. We may collect standard server logs and API analytics for operational purposes.

9. International Data Transfers

Your data may be processed and stored in data centers located in various countries. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of our services after such changes constitutes acceptance of the updated Privacy Policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: privacy@indexify.dev