Trust & Safety

Security, data handling & integrations

A plain-English overview of how DecoDocs handles documents by default, plus our approach to read-only cloud drives.

Try DecoDocs Free

Open vs Upload (Free vs Pro) — the contract

We separate “open a file to analyze it” from “upload/save a file for history.” This reduces accidental storage and keeps control with the user.

  • Default is Open (ephemeral): analyze without creating history or a saved copy.
  • Upload/Save is explicit: a deliberate action that creates history and enables export/sharing workflows.
  • Paid features map to storage: vaults, history, and exports are tied to explicit upload/save behavior.

Read the full spec in docs →

Token revocation & audit logging expectations

For integrations that require OAuth tokens (for example Drive/OneDrive), we design for safe disconnect and reviewable events.

  • User can disconnect anytime: disconnect revokes access where possible and stops further reads.
  • Short-lived access: prefer short-lived access tokens; refresh tokens are protected and rotated.
  • Audit trail: connect/disconnect and access events should be attributable and reviewable.

Read details in docs →

Cloud drives (read-only) — approach

Our goal is simple: let users choose a file from their drive, open it, analyze it — without background syncing or indexing.

Google Drive (read-only)

  • Connect/disconnect UX: clear consent, clear scope, and one-click disconnect.
  • Picker → open → analyze: user selects a file, we fetch the file, then run analysis.
  • Token storage: encrypted at rest, with rotation and revocation support.

Google Drive design notes →

OneDrive (read-only)

  • Microsoft Graph: consistent UX and behavior with Drive where possible.
  • Cross-browser matrix: test common desktop/mobile browser combinations.

OneDrive design notes →

iCloud Drive

  • User-initiated selection: iOS/Safari constraints mean user-driven file selection flows.
  • Parity: once selected, “open and analyze” should behave like local uploads.

iCloud Drive notes →

Security checklist (cloud drives)

  • Least-privilege scopes: read-only access, no write/delete.
  • No background sync or indexing: only access files the user selects.
  • Clear messaging: explain what is (and is not) stored, and when.

Full checklist in docs →

Feedback