Privacy Policy

When you use PDF-Assistant-RAG, we collect the following categories of information to provide and improve our service:

Account Information

• Registration data: username, email address, and a securely hashed password when you create an account.
• Profile information: any optional details you choose to provide.

Document Data

• Uploaded files: PDFs, DOCX, TXT, Markdown, and other documents you upload for analysis.
• Extracted content: text, embeddings, and metadata extracted from your documents to enable semantic search and AI-powered question answering.
• Chat history: questions you ask and the AI-generated responses, stored to maintain conversation context.

Usage Data

• Technical metadata: page views, feature interactions, query timestamps, and performance metrics to improve the platform.
• Device & browser info: browser type, operating system, and basic device information for compatibility optimization.

Your data is used solely for the core functionality of the platform:

• AI-powered document analysis: Your documents are processed by open-source large language models (LLMs) hosted on HuggingFace to generate insights, summaries, and answers to your questions.
• Semantic search & retrieval: Document embeddings are stored in vector databases (ChromaDB) to enable fast, accurate retrieval of relevant content.
• Conversation continuity: Chat history is stored per session so you can refer back to previous interactions.
• Service improvement: Aggregated, anonymized usage patterns help us identify bugs, optimize performance, and prioritize features.

We do not use your uploaded documents or chat data to train or fine-tune any AI models. Your content remains private to your account.

We take data protection seriously and implement multiple layers of security:

Encryption

• In transit: All communications between your browser and our servers are encrypted using TLS 1.3.
• At rest: Document files, embeddings, and user data are stored in encrypted storage volumes.
• Passwords: Never stored in plain text — we use bcrypt hashing with per-user salts.

Data Isolation

• Each user's documents and embeddings are stored in isolated vector collections.
• Authentication is enforced at every API endpoint — users can only access their own data.
• JWT tokens with short expiration and refresh token rotation prevent unauthorized access.

Infrastructure

• Servers are hosted on secure cloud infrastructure with strict access controls.
• Regular security audits and dependency updates are performed.

We retain your data only as long as necessary to provide the service:

• Account data: Retained until you delete your account. You can request account deletion at any time.
• Uploaded documents & embeddings: Retained until you delete them or close your account. Documents can be removed individually from the dashboard.
• Chat history: Retained per conversation. You can clear individual chats or your entire history from the settings page.
• Logs & analytics: Aggregated usage data may be retained longer in anonymized form for service improvement.

When you delete your account, all associated documents, embeddings, chat histories, and personal information are permanently deleted within 30 days.

PDF-Assistant-RAG integrates with the following third-party services to deliver its functionality:

• HuggingFace Inference API: Used to run open-source LLMs for document analysis. Document snippets may be sent to HuggingFace for inference; they are not stored or used for training. See HuggingFace's Privacy Policy.
• Google OAuth (optional): If you choose to sign in with Google, we receive only your name and email address from your Google profile. See Google's Privacy Policy.

We do not sell your personal information or document data to any third party.

We use only essential cookies required for the platform to function:

• Authentication cookies: JWT refresh tokens stored securely as HTTP-only cookies to maintain your login session.
• Local storage:Access tokens and UI preferences (theme, language) are stored in your browser's local storage. No tracking or advertising cookies are used.

You can clear these at any time via your browser settings. Note that clearing authentication data will sign you out of your session.

You have the following rights regarding your data:

• Access: View all documents and data associated with your account at any time from your dashboard.
• Deletion: Delete individual documents or your entire account and associated data.
• Export: Request a copy of your data in a machine-readable format.
• Correction: Update your account information (username, email) from your profile settings.
• Withdraw consent: Stop using the service and delete your account at any time.

To exercise any of these rights, please contact us using the information in the “Contact” section below.

We may update this Privacy Policy from time to time. Changes will be communicated by:

• Posting the updated policy on this page with a new “Last updated” date.
• Sending a notification to your registered email address for material changes.

Your continued use of the platform after changes constitutes acceptance of the updated policy. We encourage you to review this page periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please reach out through the project’s official channels:

• GitHub Issues: github.com/param20h/PDF-Assistant-RAG/issues
• GitHub Discussions: github.com/param20h/PDF-Assistant-RAG/discussions
• LinkedIn: linkedin.com/in/param20h