1. Account Isolation
Documents, extraction runs, API tokens, billing records, webhooks, usage history, settings, audit logs, and team membership are scoped to customer accounts. Workspace roles separate owner, admin, developer, billing, support, and member workflows so users only receive the access needed for their role.
2. API Security
Account API tokens are stored as hashes and revealed only once at creation. API responses include request IDs for support tracing. API endpoints use account and token rate limits, idempotency controls, credit gates, and normalized error envelopes.
3. Webhook Security
Webhook signing secrets are revealed once and used to sign outbound payloads. Delivery records include event type, status, response code, attempt count, and dispatch context so customers can investigate receiver issues.
4. File Intake
Uploads are checked against supported file extensions, MIME signals, content signatures, configured size limits, and scanner status before extraction work starts. Files can be blocked before processing when they are unsupported, unsafe, over limit, or not eligible for live extraction.
Blocked files do not proceed to extraction and can be investigated through machine-readable status and reason fields.
5. Billing And Credit Controls
Credit reservations guard paid extraction work at upload and worker execution time. Files blocked before processing do not consume credits. Top-ups and billing self-service use Stripe-hosted payment surfaces.
6. Operations
Operational runbooks cover queue backlog, failed jobs, extraction failures, billing issues, webhook delivery failures, upload pausing, rollback, support review flags, and customer notifications. The Status Page publishes current service health and incident history.
7. Related Security Documents
For GDPR-specific measures, review the Technical and Organizational Measures. For subprocessor security boundaries, review the Subprocessor List.