Trust & Security

Your documents stay in your world.

DocMan helps a loan processor move borrower documents from email into the borrower's folder in the processor's own Google Workspace, and tracks which required documents have been received. Here is exactly how your data is handled.

Your documents and loan data reside in your own Google Workspace, under your admin controls, retention, and DLP (Data Loss Prevention). Our service keeps no permanent copy of documents on its servers. Every connection is encrypted with TLS (Transport Layer Security).

Where your data lives

Two principles do most of the work: documents live in your own cloud, and the server keeps nothing durable.

Data	Where it lives
Document files	Your own Google Drive. They pass through our server only in-flight and are never stored on it.
Loan & borrower metadata, settings	Your own Google Drive, plus a short-lived server cache that is wiped on every redeploy.
OAuth (Open Authorization) refresh tokens, billing records	Operator-controlled backup + ephemeral cache. Revocable by you at any time.
AI (artificial intelligence) feature input	Only when you drop a lender PDF (Portable Document Format) on the optional agent, its text is sent to Anthropic's Claude API for parsing — not retained for training.

How data flows

Solid arrows are data movement. "In-flight" means it passes through the server but is not persisted on it.

DocMan data flow: the user's browser and the DocMan server connect to the customer's Google Workspace, the operator's Drive, and third-party subprocessors.

Data-flow overview. The AI parsing path is the only route where document content leaves the Google / operator boundary, and it is opt-in per action.

Access is least-privilege

The permissions we request are the enforceable limit on what the app can touch — visible on the consent screen when you sign in.

🔑 Identity

Your email + basic profile, to identify the signed-in user.

📁 Google Drive

To create the loan folder structure and move documents into your Drive.

✉️ Gmail (modify)

To surface loan-related email and file it under a loan label. Cannot permanently delete mail.

⚙️ Basic Gmail settings

For send-as / signature handling on outbound status emails.

DocMan undergoes Google's OAuth verification / CASA (Cloud Application Security Assessment). Microsoft 365 support exists but is disabled by default.

Subprocessors

Subprocessor	Role	Data it receives
Google	Identity, Drive, Gmail	Your documents & metadata, within your own tenant
Anthropic	Optional AI PDF parsing	Text of PDFs you submit to the agent; not retained for training
Render	Application hosting	Data in transit + ephemeral cache; no durable document storage
Stripe	Billing (via license server)	Email + activation counts; no documents
Cloudflare	Signup bot protection	A bot-check token; no document data

Security controls

TLS encryption on every external connection; provider-managed encryption at rest.
No durable document storage on the server (ephemeral filesystem).
Google OAuth 2.0 — no passwords stored. Borrower / loan-officer portals use 15-minute single-use links.
You can revoke access anytime from your Google account; the admin can remove a user in-app.
Signup is protected by Cloudflare Turnstile plus manual admin approval.
Your documents and metadata stay inside your own Google Workspace, governed by your existing controls.

Need the full packet?

The complete document set — data-handling overview, network-egress evidence, subprocessor list, and the Data Processing Addendum (DPA) — is available to your IT / security team on request. Leave your work email and we'll send a secure link.

Already received a secure link? Open it here.