Where your files end up

Encrypted storage, automatic deletion after 24 hours, anonymous paths without your email. What happens to your PDF after upload.

Updated on May 19, 2026 · 2 min read

On this page

The path of your file
1. Upload to Supabase Storage
2. Analysis with OpenAI
3. Result saved
4. Automatic deletion after 24 hours
What we DON'T do
Encryption
For maximum privacy
FAQ

The path of your file

When you upload a document, here's what happens in sequence.

1. Upload to Supabase Storage

The file is uploaded directly from your browser to our cloud storage (Supabase, EU datacenters). The transfer is encrypted (HTTPS).

The path is anonymous:

If logged in: users/<uuid>/<timestamp>-<filename>
If anonymous: anon/<uuid>/<timestamp>-<filename>

The UUID is an opaque unique identifier. Your email never appears in the file path.

2. Analysis with OpenAI

The file is passed to OpenAI's AI engine (gpt-4.1) via their Files API for reading. OpenAI is our AI engine provider for document analysis.

What happens at OpenAI:

File stays on their servers max 30 days per their Terms
Not used for training: we have opt-out active (Enterprise/Business policy)
Not accessible to other OpenAI users

3. Result saved

The structured output (analysis JSON) is saved in our Postgres database (Supabase). Linked to your account if logged in, or to the email you provided if anonymous.

4. Automatic deletion after 24 hours

The original file (the PDF/photo you uploaded) is automatically deleted from our storage after 24 hours, via daily cron.

What remains after 24 hours:

The analysis result (structured text, no attachments)
Minimum metadata (date, document type, email)

What disappears:

The original file
Uploaded photos/PDFs

This means after 24 hours we can't re-analyze the same file: you'd have to re-upload it.

What we DON'T do

Never share your file with third parties other than the AI engine needed for analysis (OpenAI)
Never publish your documents, even anonymized
Never sell them for marketing, profiling, advertising
Never use them for AI training (ours or third parties')

Encryption

In transit: HTTPS (TLS 1.2+) between your browser and our servers, and between us and OpenAI
At rest: Supabase encrypts files automatically (AES-256) and the Postgres database
Backups: encrypted same way, 30-day retention

For maximum privacy

If you have a particularly sensitive document (e.g. criminal proceeding, health data) consider:

Use the anonymous analysis (1 free trial without account, email only at the end)
Manually redact sensitive data not strictly necessary before upload (you can cover CF, address, amounts with a marker)
Delete the analysis from your history right after reading the result

FAQ

Can I request immediate file deletion?

Yes, email hello@decifra-burocrazia.it with your email and analysis ID. We delete file + analysis within 24 hours. Note: after 24 hours the file is already auto-deleted.

Can OpenAI read my documents?

The AI model processes the file to generate the analysis. OpenAI employees don't read contents unless for abuse investigations (per their Terms). File stays on their servers max 30 days.

Where are the datacenters physically?

Supabase: EU datacenter (Frankfurt, Germany). OpenAI: USA mainly, EU-USA transfers compliant with Standard Contractual Clauses + DPF.

Delete account and data
GDPR-compliant: immediate self-service deletion, irreversible. What gets deleted, what stays, how to confirm.
Read

Was this article helpful?