DocuFlag is a document compliance assistant for immigration professionals, not an immigration advisory service. Consulate requirements may change. Always verify with official sources.
DocuFlag

Security & Data Handling

How DocuFlag protects your clients' data.

Documents stay on your computer

When you add a client's document, it is stored in your browser's local storage. When you trigger analysis, the document is sent from your browser to our EU-hosted analysis server, which forwards it to OpenAI's EU endpoint. Documents are processed in-memory and never stored — not by our server, and not by OpenAI.

EU-hosted AI analysis

When you analyze a document, it is sent from your browser to our EU-hosted analysis server, which forwards it to OpenAI's EU endpoint. Documents are processed in-memory only. OpenAI processes them with zero data retention — your document is not stored, logged, or used for training.

The data flow:

Your browserDocuFlag EU ServerOpenAI EUYour browser

Analysis results are returned directly to your browser and stored locally — they are not sent to DocuFlag's servers. Original document content never leaves the analysis flow. You can verify this yourself in your browser's developer tools (Network tab).

What we store on our servers

On our servers:

  • Your account (email, organization name)
  • Audit trail (who analyzed what, when — no PII)
  • Billing data (credits, subscription status)

In your browser (locally):

  • Case metadata (destination, nationality, dates, trip purpose)
  • Document files, checklist items, and analysis results
  • Cross-document check results

We never store on our servers:

  • Original document files or images
  • Client names, passport numbers, or account numbers
  • AI analysis results or extracted field values

EU data residency

All AI processing happens within the European Union. We use OpenAI's dedicated EU endpoint (eu.api.openai.com), which guarantees in-region processing with no data transfer to the United States.

  • EU-hosted processing infrastructure
  • Zero data retention — documents are not stored after analysis
  • Data Processing Agreement (DPA) and Zero Data Retention amendment in place
  • API data is never used for model training
  • Compliant with GDPR requirements for cross-border data transfers

AI analysis processing

We use OpenAI's GPT-5 model via their EU endpoint for document analysis. Documents are forwarded from our EU-hosted analysis server. OpenAI's EU endpoint operates with zero data retention — API requests and responses are not stored at rest. Your data is not used for model training. We have a Data Processing Agreement (DPA) and Zero Data Retention amendment with OpenAI.

Optional E2EE cloud storage

Professional, Agency, and Enterprise plans can optionally enable end-to-end encrypted (E2EE) cloud storage on a per-case basis. This feature is disabled by default. When enabled, case data is encrypted entirely in your browser before upload — DocuFlag servers store only encrypted blobs and encrypted key material, and cannot decrypt your data.

Three-layer key hierarchy:

  • Your passphrase derives a Key Encryption Key (KEK) via PBKDF2 with 600,000 iterations
  • The KEK wraps a per-user RSA-OAEP 4096-bit keypair
  • The RSA keypair wraps a per-organisation AES-256-GCM data encryption key (DEK)
  • Case data is encrypted with the org DEK (AES-256-GCM) before upload

Storage: Encrypted blobs are stored on AWS S3 in an EU region (eu-west-1 or eu-central-1) with a 180-day TTL and automatic expiry. You can delete cloud data at any time.

Recovery: A 256-bit recovery key is provided at setup for disaster recovery.

How this differs from the analysis flow:

  • Analysis flow: Documents transit through the EU proxy to OpenAI in-memory via TLS — plaintext exists briefly in server memory during processing, then is discarded
  • E2EE cloud storage: Data is encrypted client-side before it leaves your browser — the server never sees plaintext at any point

Client consent

As a visa agency, you are responsible for obtaining consent from your clients before providing their documents for analysis. For passport photographs (which may contain biometric data), explicit consent under GDPR Article 9(2)(a) is required. Here is a template you can adapt:

“We use AI-assisted software to check your documents against published visa requirements. Your documents are sent to our EU-hosted analysis server, which forwards them to EU-hosted AI for processing. Documents are processed in-memory and never stored — not by our server, and not by the AI provider (which operates with zero data retention). We may process your passport photograph for data extraction purposes; by providing your documents, you consent to this processing.”

Data deletion

You can delete any case and its associated data at any time. All case data (documents, analysis results, checklist items) is stored locally in your browser — deleting a case or clearing your browser data removes it permanently. Our servers retain only the opaque billing/audit record (no case content). You can also use the encrypted backup feature to export your data before deletion.

We have conducted a Data Protection Impact Assessment (DPIA) in accordance with GDPR Article 35, covering the risks and safeguards of our AI-powered document analysis. View the full DPIA →