Security and Privacy

How Extend Uses Customer Data

Extend processes Customer Data only to execute the document-processing tasks you configure in our platform or APIs. We do not train any models on your data. Our foundation-model providers operate under Zero-Data-Retention (ZDR) terms. We have automatic data-retention policies tied to your billing tier. These can be configured, and you can also delete resources on-demand via our API. For stricter isolation, we can deploy in your cloud (BYOC).

Zero-Data-Retention (ZDR) with Model Providers

Extend requires all foundation-model providers to operate under strict zero-retention terms (no storage of prompts or outputs) and no training on Customer Data. You can also allowlist/blocklist specific providers and models to match your risk posture.

Configurable Retention and Secure Deletion

We maintain automatic data-retention policies that vary by billing tier and can be configured to fit your policy. Many customers also choose to delete immediately after processing by calling our deletion endpoints:

• Delete a Processor Run — removes the run and all associated data.
• Delete a Workflow Run — removes the run and all associated data.
• Delete a Parser Run — removes the run and all associated data.
• Delete a File — removes the file and all associated data.

Bring Your Own Cloud (BYOC)

For customers with heightened security or data-residency needs, Extend can be deployed inside your cloud tenant (or a private VPC) so Customer Data remains in your environment. This model provides strong network-level controls and isolation.

Need help with security requirements?

Contact sales to discuss BYOC deployment options or reach out to us on Slack.

For technical questions, check out our API documentation or contact support.