Security and Privacy

How Extend Uses Customer Data

Extend processes Customer Data only to execute the document-processing tasks you configure in our platform or APIs. We do not train any models on your data. Our foundation-model providers operate under Zero-Data-Retention (ZDR) terms. We have automatic data-retention policies tied to your billing tier. These can be configured, and you can also delete resources on-demand via our API. For stricter isolation, we can deploy in your cloud (BYOC).

HIPAA Compliance

Extend is HIPAA compliant and can support healthcare organizations that need to process protected health information (PHI). Our infrastructure, policies, and procedures are designed to meet HIPAA requirements, and we can execute Business Associate Agreements (BAAs) with covered entities and their business associates.

HIPAA compliance is available across all of our deployments. If you have HIPAA compliance requirements, please contact sales or reach out to us on Slack to discuss your needs.

Zero-Data-Retention (ZDR) with Model Providers

Extend requires all foundation-model providers to operate under strict zero-retention terms (no storage of prompts or outputs) and no training on Customer Data. You can also allowlist/blocklist specific providers and models to match your risk posture.

Configurable Retention and Secure Deletion

We maintain automatic data-retention policies that vary by billing tier and can be configured to fit your policy. Many customers also choose to delete immediately after processing by calling our deletion endpoints:

• Delete a Processor Run — removes the run and all associated data.
• Delete a Workflow Run — removes the run and all associated data.
• Delete a Parser Run — removes the run and all associated data.
• Delete a File — removes the file and all associated data.

Bring Your Own Cloud (BYOC)

For customers with heightened security or data-residency needs, Extend can be deployed inside your cloud tenant (or a private VPC) so Customer Data remains in your environment. This model provides strong network-level controls and isolation.

Need help with security requirements?

Contact sales to discuss BYOC deployment options or reach out to us on Slack.

For technical questions, check out our API documentation or contact support.