Data security & document handling

Trust overview: how uploads are processed, what AI providers see, Google Drive scope, retention overview, sensitive documents, and what you should verify—without overstating certifications.

Last updated 2026-05-13

How to read this page

This page explains, in plain language, how Recensa handles documents, review workflows, and third-party processing. It is intended to support informed decisions. It does not replace a full security review, vendor questionnaire, or legal analysis.

Important: These pages describe how Recensa is intended to work and how we handle data. They are not a substitute for legal advice. Ask qualified counsel to review them before you rely on them for compliance, customer contracts, or regulatory filings.

How Recensa handles uploaded documents

When you run a job, your main document, typically PDF or DOCX, and any permitted supporting files are ingested into a controlled processing environment on infrastructure we operate or lease. The main document is the review target. Supporting files are used as reference material and are not treated as editable target documents unless the product flow expressly says otherwise. Files are used to execute the review or fix workflow you selected and to produce the outputs listed in the app, such as reviewed documents, corrected Word files, PDFs, ledgers, and logs.

What happens during review

Recensa extracts or prepares text from your documents, combines it with the instructions and context you provide, and routes content through automated review stages. Those stages may include multiple independent model passes, merge logic, and—when configured—additional reconciliation passes or arbitration steps. The aim is structured output you can review and disposition—not an unlogged chat exchange.

You remain responsible for reviewing and approving final documents. Recensa does not replace your judgment, professional review, or compliance sign-off.

AI provider processing

Document content and related prompts may be transmitted to third-party AI providers, including OpenAI, Anthropic, or Google (Gemini), depending on configuration. Those vendors process data on their own systems under their own policies. Recensa does not claim that your data remains only on Recensa-owned servers during model inference, and we do not guarantee deletion from provider systems after a job ends.

Do not upload information you are not authorized to send to such providers. Classified, highly regulated, or extremely sensitive material may require a separate enterprise arrangement; this public product may not be appropriate without additional controls.

Google Drive import and save-back

If enabled for your deployment, you can select files from Google Drive and optionally save new outputs back to Drive. Recensa requests limited permissions consistent with those flows. We import only the files you select or explicitly authorize through the provider interface, and we create new files when you ask to save results. We do not offer full Drive management and do not silently rewrite your cloud originals in place.

Retention and deletion (overview)

Completed jobs receive a scheduled deletion time based on deployment settings—commonly a default hour-based window, with a shorter window when you mark a run as more sensitive in the product. A background retention process removes eligible files from our storage after that time. Actual deletion can be delayed slightly by operational factors; the in-app notice for a job summarizes intent for that run when available. Retention and deletion are handled according to the timeframes and processes described here and in the Privacy Policy.

Some operational metadata may persist for billing, abuse prevention, or debugging. For privacy-related requests, contact privacy@draftlensai.com.

Sensitive documents

If your deployment offers a sensitive or shorter-retention mode for a job, use it when appropriate. No configuration eliminates all risk. You remain responsible for classification, access control, and whether automated review is appropriate for a given document.

What you should verify

Facts, numbers, dates, citations, and quotations.
Legal, financial, medical, or compliance implications with qualified professionals.
Final formatting and track-changes behavior in Word or PDF tools you rely on.
That outputs you download or save to cloud storage go only to destinations you trust.

Current limitations

Recensa is not HIPAA-, SOC 2-, GDPR-, or CCPA-certified as a labeled offering unless we publish separate attestation for your deployment.
We do not warrant that the service meets any particular regulatory regime without a written agreement.
Security measures are reasonable for a software-as-a-service product. They are not a substitute for your own access controls, policies, or professional review processes.

Contact

Security reports: security@draftlensai.com
Privacy: privacy@draftlensai.com

Frequently asked questions

Is it safe to upload documents?

See the Data security page for how uploads are processed and which AI providers are used. Only upload what you are permitted to share.

Does Recensa use my documents to train AI models?

Review the current practice on the Data security and Privacy pages, which describe how your uploads and AI providers are handled.

How long are documents stored?

See the Data security page for current retention and deletion handling.

Can I delete my uploaded documents?

See the Data security page for current deletion controls.

Does it overwrite my original file?

No — Recensa creates new outputs (reports, corrected copies, exports). Your original upload stays untouched.

What should I avoid uploading?

Anything you are not authorized to share, or that your policies or regulations prohibit. You control what you submit.

See all FAQs