Security & data handling
1099-NEC Parser is built for teams that handle sensitive documents. Here is exactly how we protect your data — in plain language, so you can evaluate it before you build on the API.
Encryption everywhere
All traffic to and from the service is encrypted in transit with TLS (HTTPS). Documents and extracted data are stored in an encrypted-at-rest PostgreSQL database. Your files move over encrypted channels from upload through processing to storage.
Your data is yours
We process your 1099-NECs to return structured data — nothing more. Your documents are never used to train AI models, and you stay in control: delete any extraction or source file from the dashboard or via the API whenever you want.
Scoped, hashed API access
Every account authenticates with API keys that are scoped to that account and stored hashed at rest (never plaintext). Keys can be rotated or revoked instantly. Requests are rate-limited to protect your account and ours.
Secure payments
Billing runs entirely through Stripe. Card details go directly to Stripe over its PCI-compliant infrastructure — they never touch our servers, and we never store card numbers.
Tenant isolation
Data is segregated per account with row-level security in the database, so one customer can never read another customer’s documents or results.
Subprocessors
We use a small set of trusted infrastructure providers to run the service:
Compliance posture
We follow security best practices across encryption, access control, and tenant isolation. If your organization requires a formal review — a security questionnaire, a Business Associate Agreement for PHI, or specific data-residency terms — contact us and we will work through your requirements.
FAQ
Do you use my documents to train AI models?
No. Your 1099-NECs are processed only to return your results. They are not used to train or fine-tune any AI model.
How long do you keep my documents and data?
Only as long as needed to provide the service. You can delete any extraction — and its source file — from your dashboard or via the API at any time.
Are my API keys stored securely?
Yes. API keys are stored hashed at rest, never in plaintext. Treat your key like a password; you can rotate or revoke it in the dashboard.
Do you support HIPAA / healthcare data?
The pipeline is designed to be HIPAA-aware. If you process PHI, contact us to discuss a Business Associate Agreement and the controls your deployment needs.
How do I report a security issue?
Email hello@dokyumi.com with details. We take responsible disclosure seriously and will respond promptly.