Data Handling

Extend processes Customer Data only to execute the document-processing tasks you configure in our platform or APIs. Given the sensitive nature of many of the documents we process, we take data privacy and security very seriously. This page outlines our approach to data retention. For information around compliance and subprocessors, see Compliance or visit our trust center.

How we store and protect data

We have automatic data-retention policies tied to your billing tier — these can be configured, and you can also delete resources on demand via our API. For deployment models and regional options, see Deployment Options.

  • Storage: Customer files and processing artifacts are stored in encrypted object storage in your deployment region. Application metadata is stored in encrypted databases that are not publicly accessible.
  • Access: Production data stores are accessible only to authorized Extend services, not the public internet.
  • Encryption: Data is encrypted at rest and in transit (TLS). Production database connections require SSL.
  • Malware protection: Uploaded files are scanned before processing.

Zero Data retention

We maintain automatic data-retention policies that vary in default length by billing tier and can be configured to fit your policy. We also support zero data retention options.

Workspace level

Extend can be configured to have automatic zero data retention applied to all data in your workspace regardless of source/run type. If this is enabled all data is delated automatically within 24 hours. This is supported for Scale plans and up.

Reach out to your Extend rep if you’d like to configure this for your workspace(s).

Parse APIs

Eligible organizations can set zero data retention for parse APIs by setting dataRetention.mode to zero in the request body. When this mode is used, Extend processes the file and then deletes all purges all ephemeral and cached run data imeddiately after processing instead of retaining it under the workspace’s default retention policy.

If dataRetention is omitted, or if dataRetention.mode is set to workspace_default, the run follows your workspace’s configured retention policy. Zero data retention is only available for eligible organizations and plans; contact the Extend team if you need it enabled.

For example, POST /parse_runs supports:

1{
2 "file": {
3 "url": "https://example.com/document.pdf"
4 },
5 "dataRetention": {
6 "mode": "zero"
7 }
8}

Deletion APIs for every resource

Many customers also choose to control retention policies with more granularity by using our deletion endpoints to clean up resources either immediately after they have retrieved results or according to some internal schedule.

Need help with security requirements?

Contact sales to discuss BYOC deployment options or reach out to us on Slack.

For technical questions, check out our API documentation or contact support.

Zero-Data-Retention (ZDR) with AI subprocessors

All foundation-model and GPU inference providers utilized by Extend operate contractually under strict zero-retention terms (no storage of prompts or outputs) and no training on Customer Data. You can also allowlist/blocklist specific model providers and models to match your risk posture.

Compliance

For compliance certifications and regulatory programs, see Compliance.

Contact sales to discuss requirements, or contact support for technical questions.