MDDoc

Privacy Policy

Last updated: February 22, 2026

The short version

We collect the minimum data needed to run MDDoc. We don't sell your data. We don't read your documents. Your markdown and converted files are yours.

What we collect

Account information

When you create an account, we collect your email address and name. If you sign up via Google or GitHub OAuth, we receive the profile information you authorize.

Documents

When you convert a document, your markdown is processed on our servers to generate the Word file. Free conversions (without an account) are processed and immediately discarded — we don't store them. For logged-in users, converted documents are stored in your account until you delete them.

Usage data

We collect basic analytics: pages visited, features used, conversion counts. This helps us understand what's working and what needs fixing. We use privacy-respecting analytics and don't track you across other websites.

Payment information

Payments are processed by Stripe. We never see or store your full credit card number. Stripe handles PCI compliance.

How we use your data

  • To provide the MDDoc service — converting your documents
  • To send you important account and service updates
  • To improve the product based on aggregate usage patterns
  • To respond to support requests

We don't use your documents to train AI models. We don't sell or share your personal information with third parties for marketing purposes.

AI processing

If you enable AI classification, your document content is sent to your chosen AI provider (Anthropic or OpenAI) using your own API keys. We act as a pass-through — the AI provider's privacy policy governs how they handle that data. We don't store AI classification results beyond what's needed to complete the conversion.

Third-party services

We use these services to run MDDoc:

  • Supabase — Authentication and database
  • Stripe — Payment processing
  • Vercel — Hosting and deployment

Each operates under their own privacy policies. We choose providers with strong privacy practices.

Data retention

Your account data is retained while your account is active. If you delete your account, we remove your personal data within 30 days. Converted documents stored in your account are deleted when you delete them or when your account is closed.

Your rights

You can:

  • Export your data at any time from your account settings
  • Delete your documents at any time
  • Delete your account entirely
  • Request a copy of all data we hold about you

Cookies

We use essential cookies for authentication and session management. We use a single analytics cookie that doesn't track you across sites. We don't use advertising cookies.

Security

All data is encrypted in transit (TLS) and at rest. We follow security best practices including regular dependency audits, principle of least privilege, and infrastructure monitoring. If we discover a breach, we'll notify affected users within 72 hours.

Changes to this policy

We'll post changes here and, for significant changes, email you. Your continued use of MDDoc after changes constitutes acceptance.

Contact

Questions about privacy? Email us at hello@mddoc.app. We respond fast.