Privacy

Plain-language summary. This describes how we handle data today. A full legal review will replace this before Enterprise contracts.

What we collect

Account email (Cognito signup), workspace and project names, uploaded documents (PDF, Markdown, DOCX, URLs), chat queries, and API keys (stored hashed server-side).

Where data lives

On Oprag's AWS infrastructure — not in your AWS account. Documents in S3, metadata in DynamoDB, retrieval and inference via Bedrock. Data is isolated by company and project.

How we use it

To index your docs, answer queries with citations, and run the dashboard and API. We do not use your content to train shared models or sell data.

Retention

Documents remain until you delete them or close your account. Contact us for deletion requests.

Third parties

AWS (hosting and Bedrock). Google Analytics on oprag.ai for anonymous traffic measurement (page views, referrers, device type). No ad networks. No third-party model providers outside our AWS environment.

Your choices

Delete documents in the dashboard, revoke API keys, and cancel anytime from billing settings.

Changes

We update this page and the date above when practices change. See also our Security overview.