Data Handling

How Extend uses customer data

Extend processes Customer Data only to execute the document-processing tasks you configure in our platform or APIs. We do not train any models on your data. Our foundation-model providers operate under Zero-Data-Retention (ZDR) terms.

We have automatic data-retention policies tied to your billing tier — these can be configured, and you can also delete resources on demand via our API. For deployment models and regional options, see Deployment Options.

How we store and protect data

• Storage: Customer files and processing artifacts are stored in encrypted object storage in your deployment region. Application metadata is stored in encrypted databases that are not publicly accessible.
• Access: Production data stores are accessible only to authorized Extend services, not the public internet.
• Encryption: Data is encrypted at rest and in transit (TLS). Production database connections require SSL.
• Malware protection: Uploaded files are scanned before processing.

Data retention and deletion

Retention is configurable by billing tier and workspace policy. You can also delete resources on demand via our API:

• Delete an Extract Run
• Delete a Workflow Run
• Delete a Parse Run
• Delete a File

Zero-data-retention with model providers

Extend requires foundation-model providers to operate under strict zero-retention terms (no storage of prompts or outputs) and no training on Customer Data. You can allowlist or blocklist specific providers and models to match your risk posture.

Data ownership

Extend never trains on your data. For compliance certifications and regulatory programs, see Compliance.

Contact sales to discuss requirements, or contact support for technical questions.