Your files, your control.

Most tools on this site run entirely in your browser. Files don't leave your device. For the few tools that need a server (heavy conversion, AI-powered OCR), files are auto-deleted within 30 minutes and never logged with content.

• Default to client-side processing
• Server-side files deleted within 30 min
• No file content in logs, ever
• No third-party trackers or ads

Every tool page also surfaces this as a badge near the title — you always know where your file is going.

• Anonymous analytics

  Page views and tool starts via Plausible. No cookies, no personal data, no cross-site tracking.

• Quota counters

  Hashed-IP-keyed daily counters to enforce free quotas. Hashes rotate; no IP is stored long-term.

• Form submissions

  If you contact us, only what you type — name, email, message. Used to reply, never marketed without opt-in.

• Opt-in AI assist (Word editor)

  When you trigger ⌘K on a selection, only that selection is sent to OpenAI (model: gpt-4o-mini). The rest of your document stays in the tab. Nothing about the request is logged with content.

• Opt-in AI OCR (when enabled)

  Flipping the 'Use AI' toggle in the OCR tool routes the file to a server-side vision model with a small daily IP-keyed quota. File deleted within 30 minutes; metadata only (size, MIME, processing time) retained for abuse-rate analysis.

• We do not log file content. Server-side tools log only filename, size, MIME type, and processing time.
• We do not sell or share your data with third parties.
• We do not place advertising or third-party trackers.
• We do not require an account to use the free tools.
• We do not use your files to train AI models.

The free tools site sets no cookies. Plausible analytics is cookie-free by design. Dark/light theme is stored in localStorage under the docverix:themekey — not a cookie, not sent over the network, and you can clear it any time from your browser's site-data settings.

If you sign up for the Docverix Platform separately, that product uses session cookies for authentication — covered in its own privacy policy.

Every response from this site ships with hardened HTTP headers — these are verifiable from your browser's DevTools (Network → Headers):

• Strict-Transport-Security

  HSTS preload, 2 years, includeSubDomains — forces HTTPS for every future visit.

• X-Content-Type-Options

  nosniff — prevents browsers from misinterpreting content types (closes one class of stored-XSS).

• Referrer-Policy

  strict-origin-when-cross-origin — no path/query leaks to external trackers.

• Permissions-Policy

  Denies camera, microphone, geolocation, payment, USB, sensors, and FLoC/browsing-topics — the site has no reason to ever request any of those.

• X-Frame-Options + COOP

  DENY framing and same-origin opener — protects against clickjacking and cross-site-leaks.

Content-Security-Policy and Cross-Origin-Embedder-Policy are tracked as follow-ups — they need per-route nonces and would otherwise break analytics + the in-browser Web Workers we use for PDF and OCR processing.

Because the free tools site stores almost nothing about you, most GDPR / CCPA requests are simple no-ops. If you contacted us via the form, we can delete that record on request.

Email support@docverix.com with your request. We respond within 30 days.

Privacy, security, and support enquiries all route to the same inbox while we're pre-launch — we'll split them out once the Platform tier opens.