Security and data
Your BYOK keys and webhook secret are protected
All three client secrets — neural.apiKey (LLM provider key), ocr.providerKey (OCR provider key), and webhookSecret (HMAC signing secret) — are accepted as input only and are never returned in any response, never logged, and never appear in error messages. On the backend each one is encrypted with AES-256-GCM under a master key (KEK) with per-job AAD binding; the database stores only the ciphertext, the nonce, and the KEK version; each is decrypted once, right before use, and deleted along with the job (~7 days). neural in the response doesn’t include apiKey; the response Job object has no ocr field at all — the OCR key is excluded from responses by construction.
Data in transit
TLS in transit; API access by key only.
Storage
Files, intermediate data, and processing results are kept for a limited time and deleted automatically (default retention: 7 days).