Overview
OracleDoc ("we", "us", "our") provides an AI-powered knowledge-base platform that lets teams connect their documentation — websites, files, Confluence spaces, and Notion pages — and make it instantly queryable through an AI agent. This Privacy Policy explains what personal data we collect, why we collect it, and how we handle it.
We are committed to handling your data with care. If you have any questions not answered here, please write to team@oracledoc.com.
We do not sell your data. We do not use your content to train AI models. Your source documents are used exclusively to power your own agents via Retrieval-Augmented Generation (RAG).
Information we collect
We collect only what is necessary to provide and improve the service.
| Category | Examples | Source |
|---|---|---|
| Account data | Email address, name (optional) | You provide at sign-up |
| Source content | Crawled web pages, uploaded files, Confluence spaces, Notion pages you select | You connect a source |
| Usage data | Pages visited, sync history, agent conversations | Automatically as you use the service |
| Technical log data | IP address, browser type, OS, referring URL, timestamps | Automatically via server logs |
| OAuth tokens | Confluence and Notion access tokens | OAuth 2.0 authorization flow; AES-256 encrypted at rest |
We do not collect payment card information directly. Payments are processed by our third-party payment processor and are subject to their privacy policies.
How we use your information
We use your information to:
- Create and manage your account and authenticate you securely
- Index your connected content so your AI agents can answer questions accurately
- Send transactional messages (magic-link login emails, sync status notifications)
- Monitor system health, diagnose errors, and improve reliability
- Comply with applicable legal obligations
No AI training on your data. Content from your sources is processed only to answer queries within your agents using RAG. It is never used to train, fine-tune, or benchmark any general AI model — ours or anyone else's.
We do not use your data for advertising, profiling, or any purpose beyond what is needed to operate OracleDoc.
Third-party integrations
OracleDoc connects to external services only when you explicitly authorize it. Your authorizations, the data accessed, and your controls are:
| Integration | Data accessed | What we do with it | How to revoke |
|---|---|---|---|
| Atlassian Confluence | Space content, page text you select | Index for your agents only | Disconnect in OracleDoc → Sources, or revoke in Atlassian settings |
| Notion | Pages you share with the OracleDoc integration | Index for your agents only | Disconnect in OracleDoc → Sources, or revoke in Notion → My connections |
| Website crawling | Publicly accessible pages at URLs you provide | Index for your agents only | Remove the source in OracleDoc → Sources |
Revoking an integration immediately invalidates the stored token. Any previously ingested content from that source will be removed from your indexes within 30 days, or sooner upon your written request.
We do not write to, modify, or delete any content in your Confluence or Notion workspaces. Our access is strictly read-only.
Sharing your information
We do not sell your personal data to anyone. We share information only in these limited circumstances:
- Infrastructure providers: AWS (cloud computing, SQS queues, RDS database) — solely to operate the service.
- Email delivery: Our SMTP provider, used only for transactional system emails you request (e.g., login links).
- Legal compliance: When required by a valid court order, law, or regulation. Where legally permitted, we will notify you before disclosing.
- Business transfers: In the event of a merger or acquisition, subject to the same privacy commitments in this policy.
Any other sharing requires your explicit, prior consent.
Storage & retention
Your data is stored on AWS infrastructure in the ap-south-1 (Mumbai) region. All data is encrypted at rest and in transit.
| Data type | Retention period |
|---|---|
| Account data | Duration of account + 30 days after deletion |
| Source content & indexes | Duration of account; purged within 30 days of account deletion |
| OAuth tokens | Deleted immediately upon disconnection or account deletion |
| Log data | 90 days rolling; aggregate anonymized metrics may be retained longer |
You can request deletion of your data at any time by emailing team@oracledoc.com. Account self-deletion is also available in your account settings. We will confirm deletion within 30 days.
Security
We implement the following technical and organisational measures:
- Encryption in transit: All connections use TLS 1.2+.
- Encryption at rest: Database volumes are encrypted at the infrastructure level. OAuth access tokens are additionally encrypted with AES-256 before being stored.
- Authentication: Passwordless magic-link login with short-lived JWTs (15-minute access tokens) and rotating refresh tokens (7-day validity).
- Access control: Each agent and its data is scoped strictly to its owner's project. Internal access is role-based and audited.
- Infrastructure: Hosted on AWS with network isolation, private subnets, and security groups.
No security system is infallible. If you discover a security vulnerability, please report it responsibly to team@oracledoc.com.
Your rights
Depending on where you are located, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Ask us to correct inaccurate or incomplete data.
- Deletion: Request that we erase your personal data ("right to be forgotten").
- Portability: Receive your data in a machine-readable format.
- Restriction: Ask us to limit how we process your data in certain circumstances.
- Objection: Object to processing based on legitimate interests.
- Withdrawal of consent: Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
To exercise any of these rights, email team@oracledoc.com. We will respond within 30 days. If you are in the EEA or UK and are unsatisfied with our response, you may lodge a complaint with your local data protection authority.
Cookies
OracleDoc uses a minimal set of first-party, functional cookies only. We do not use advertising cookies or cross-site tracking.
| Cookie | Purpose | Duration |
|---|---|---|
access_token |
Authentication — carries your session JWT | 15 minutes |
refresh_token |
Silently renews your session without requiring a new login | 7 days |
These cookies are HttpOnly (inaccessible to JavaScript) and Secure (HTTPS only) to prevent interception or script-based access.
Children's data
OracleDoc is not directed at children under 13 and we do not knowingly collect personal data from anyone under 13. If you believe we have inadvertently collected such data, please contact us immediately at team@oracledoc.com and we will delete it without delay.
Changes to this policy
We may update this policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email or via an in-app notice at least 14 days before the changes take effect. The "Effective" date at the top of this page will always reflect the current version.
Continued use of OracleDoc after changes take effect constitutes acceptance of the updated policy.
Contact
For privacy-related questions, requests, or complaints, please reach out to our team: