Privacy Policy

Last Updated: May 7, 2025

This Privacy Policy outlines how DoCoreAI, a service operated by MobiLights (GSTIN: 29AEVPJ5922P2ZG), collects, uses, and protects your personal information when you visit or register on docoreai.com.

1. Information We Collect

Personal information (name, email address, company name, billing address)
Why? Name and email are used to create and manage your account. Billing address is mandatory for generating GST-compliant invoices. Company name may be used to offer group-based discounts or feature prioritization.
Login credentials and user preferences
Why? Required for secure authentication and saving preferences like dashboard filters or model selections.
Prompt usage data, analytics metadata, and activity logs
Why? Helps generate meaningful reports, detect bloat, and improve optimization tools.
IP address, browser type, and device information
Why? Collected for security auditing, device compatibility improvements, and preventing abuse.

2. "Prompt" Tracking & Privacy

DoCoreAI is designed for maximum privacy. Your prompt content is never transmitted or saved to our servers — not in plain text, not as encrypted data, and not even as a hash.

All prompt analysis, including token counting, bloat detection, and performance scoring, is performed entirely on your device. Only the resulting metrics — such as token usage, cost estimate, execution time, or prompt health score, etc — are sent to our backend for storage and analytics.

No Prompt Storage Policy

Zero Prompt Retention: We never save the actual content of your prompts.
Client-Side Processing: Your prompts are analyzed locally in your browser or client environment.
Privacy by Design: Only anonymized metrics are stored, ensuring compliance with strict data minimization standards.

What Gets Stored

Only non-identifiable, aggregate-level telemetry is stored — such as:

Prompt length and token usage
Estimated cost and execution time
Prompt bloat score and health metrics
Model type and temperature setting used

This approach guarantees that your creative inputs and intellectual property remain completely private — and under your control.

Need More Info?

For implementation details, technical flow, or open-source code references, please see our Documentation.

3. How We Use Your Data

Provide access to dashboards and insights
Track prompt usage and generate performance reports
Improve our AI optimization tools and user experience
Send important updates or service-related communications

4. Data Sharing & Third Parties

We do not sell your data. We may share limited data with third parties only to deliver essential functionality:

Razorpay (Payment Gateway): Billing name, email, amount, and order metadata for secure payment processing
Knit Pay (WordPress Payment Integration): Order ID, payment status, plan type — used to sync subscriptions
Web Hosting & Infrastructure Providers: May temporarily log IP address or traffic volume for security and uptime

5. Cookies & Tracking

We use minimal cookies necessary for user login sessions and functionality (e.g., remembering your login or plan status).

We do not track behavioral patterns, browsing activity, or create user profiles for marketing purposes. DoCoreAI is committed to privacy-first design and only collects essential operational data.

6. Data Retention Policy

At DoCoreAI, we value your data privacy and strive to maintain transparency in how long your data is stored. This Data Retention Policy outlines the duration for which we retain different types of data collected via our platform.

i. Prompt & Metrics Data

Prompt data is not stored in any form - only metric data is retained solely for analytics, optimization, and reporting.

i.e We do not store or reconstruct the original prompt content.

Metrics data (such as token usage, performance, time saved, etc.) is retained for as long as your account remains active, subject to the plan-specific retention periods.

ii. Account Information

Personal information such as your name, email, and company details are retained for billing and support purposes as long as your account is active, and as required by applicable financial and tax regulations.

iii. After Account Deletion

Upon account deletion, personal data is purged from active systems within 30 days, except where retention is required by law (e.g., invoices).

Anonymized analytics may be retained in aggregate form for product improvement purposes, but they cannot be traced back to individual users.

🔍 Please refer to your plan details to see the exact data retention durations applicable to your subscription tier.

7. Your Rights

Access and update your personal data
Request deletion or deactivation of your account
Withdraw consent for communications at any time

8. Data Security

We use modern encryption and access control practices to protect your data from unauthorized access, alteration, or disclosure.

We take user security seriously and follow industry-standard practices to protect your data.

i. Data Protection

All access to DoCoreAI is secured via HTTPS (SSL encryption in transit).
API access tokens are generated uniquely per user and stored securely using hashing mechanisms.
Prompts are never stored in any form — only a hashed version of tokens (a secure, irreversible fingerprint) is stored for internal metrics and analysis.

ii. Access Control

Access to backend systems and analytics data is restricted to authorized personnel only.
User accounts are protected via login credentials, and administrative controls are available to organizations upon request.

iii. Infrastructure

We use secure, industry-standard cloud providers with built-in redundancy and backup mechanisms.
Regular updates and patches are applied to all core systems to reduce vulnerabilities.

9. Changes to This Policy

We may update this policy occasionally. Changes will be posted here with the revised date.

10. Contact Us

For privacy-related inquiries, please email us at info@docoreai.com.