JONGAOCR

Legal

Privacy Policy

Last updated: 2026-04-17

Jonga OCR is designed with South African data privacy regulations (POPIA — Protection of Personal Information Act) in mind from the ground up. This page describes how we handle document images, extracted data, and customer responsibilities under POPIA.

How we handle documents

All uploaded document images are processed in-memory only. Images are never saved to disk, object storage, or databases.

After OCR extraction completes, image buffers are immediately discarded. No copy of the original image is retained on our servers.

Images are preprocessed (resized, compressed) in-memory before being handed to the extraction service. Preprocessed buffers follow the same ephemeral lifecycle — they exist only for the duration of the request.

Data logging

We log only request metadata: token ID, endpoint name, HTTP status code, processing latency, and image file size.

OCR response payloads containing personal information (names, ID numbers, dates of birth, addresses) are never logged— not in structured logs, not in error traces, not anywhere.

Extracted personal data is returned in the API response only and is not stored on our servers in any form.

API token security

API tokens are stored as SHA-256 hashes. The plaintext token is shown exactly once at creation and is never persisted.

Token prefixes (the first 14 characters) are stored in plaintext so you can identify a token in the dashboard without revealing the secret.

Tokens can be revoked immediately from the dashboard at /dashboard/tokens. Revocation takes effect on the next API request.

Dashboard sessions are handled by Clerk, our identity provider. See Clerk's privacy policy for cookie scope, lifetime, and session storage details. Our public OCR endpoints are stateless and use Bearer-token authentication — they never set or read cookies.

Transport security

All API communication is over HTTPS (TLS 1.2+). No data is transmitted in plaintext.

HTTP connections are rejected and redirected to HTTPS at the infrastructure level.

Third-party AI sub-processor

Documents are processed in-memory by a third-party AI service we have contractually vetted for data handling. The service does not train on or retain your document content. We treat our AI sub-processor like any other vendor relationship — covered by our DPA, subject to change with notice.

The data-handling guarantees we maintain across that boundary:

  • No disk persistence of uploaded images.
  • No training on your document data.
  • Ephemeral in-memory processing only.
  • Token-level audit logs (request metadata only, no document content).

No other third-party services receive document images or extracted data.

Data retention

Request metadata logs are retained for operational monitoring and billing reconciliation. Retention varies by tier: 90 days on Ultimate, shorter windows on lower tiers.

Logs older than the retention window are purged on a rolling basis. Because we never log personal data to begin with, purge lag does not affect POPIA exposure — the logs contain only token, endpoint, timestamp, and latency fields.

Account data (email, hashed token records, tier assignment) is retained for the lifetime of your account and deleted on request.

Your responsibilities as a data controller

Under POPIA, you are the responsible party (controller) for the personal information of the data subjects whose documents you submit. Jonga OCR acts as an operator (processor) on your behalf. That allocation of responsibility means:

1

Establish a lawful basis

Obtain consent or establish another lawful basis under POPIA before submitting a data subject’s document for processing.

2

Implement access controls

Restrict who in your application can trigger document scans and who can view extracted results.

3

Limit downstream retention

Do not store raw OCR responses longer than necessary. Delete extracted personal data as soon as the operational need has passed.

4

Inform your users

Tell data subjects their documents are processed by an AI sub-processor as part of your OCR pipeline.

5

Breach notification

Maintain your own POPIA-compliant breach detection and notification procedures for incidents that occur within your systems.

POPIA summary

Jonga OCR processes documents in-memory, never stores images, does not log personal data, and uses SHA-256 hashed tokens. We are committed to protecting the personal information of South African citizens in compliance with the Protection of Personal Information Act, 2013.

Contact

Privacy queries, data subject requests, and DPA questions: hello@jongaocr.co.za.

Looking for our general docs instead? Visit the API documentation.