{ }instadoc.dev

Privacy Policy

Last updated: 2026-05-11

This placeholder summarises how instadoc handles your data. Replace with reviewed legal text before launching to paying customers.

What we collect

  • Account: email, name, role — provided to Clerk, who hosts the identity records. We store the Clerk user id and the email locally for display.
  • Templates: the binary content you upload, stored encrypted at rest in DigitalOcean Spaces (S3-compatible). Filenames are replaced with stable UUIDs.
  • Render logs: status, duration, bytes-out, request id, template id, API-key id. We do NOT log the JSON payload you POST to /v1/render.
  • Audit log: privileged actions (suspending a user, rotating a key) with the actor, target, IP, user-agent and timestamp.

What we don't collect

  • Full API-key bodies (only an argon2id hash + the 8-char prefix).
  • Render payload contents.
  • Third-party trackers, analytics scripts, or fingerprinting beacons.

Retention

Deleted templates and users are soft-deleted immediately and hard-deleted after 30 days. Render logs are retained 12 months for billing reconciliation, then purged.

Your rights

You can export your data (templates + render logs), request a full delete, or correct any of your stored information at any time. Contact [email protected].

Sub-processors

  • Clerk — identity / auth.
  • DigitalOcean — application hosting + managed Postgres + Spaces storage.