Skip to content
Menu
How it works Developers Use cases Pricing Security Docs Login Get API access

Security and controls

Security controls for production document workflows.

exdata is built for cautious adoption: account-scoped access, hashed API tokens, signed webhooks, retention controls, audit context, support tooling, and clear status reporting.

Get API access Security page

Security posture

Built around account boundaries and integration safety.

Access

Account-scoped tokens and roles

API tokens belong to accounts, tokens are stored hashed, and workspace roles separate owner, admin, developer, billing, and support needs.

Delivery

Signed webhook events

Webhook payloads include event, delivery, timestamp, and signature headers so receivers can verify the source before automation runs.

Retention

Separate retention windows

Source files, previews, extracted metadata, and operational logs can follow different retention defaults for cleaner lifecycle control.

Operational confidence

Production issues need observable state.

Document automation becomes fragile when failures disappear into a queue. exdata surfaces request IDs, document state, extraction run versions, blocked reasons, webhook delivery context, and account usage.

Request and run context
API failures include request IDs, and extraction runs carry schema, extractor, AI prompt, and normalization versions.
Blocked document handling
Documents that cannot be processed carry blocked reasons so support can distinguish credit, policy, and processing issues.
Operations checks
The platform includes health, launch preflight, restore smoke check, queue, webhook, billing, and extraction regression tooling.
Public security resources
Privacy, terms, DPA, TOMs, subprocessors, data residency, security, status, and API documentation are available from the public site.

Rollout model

Move deliberately from sandbox to live volume.

1

Test with real samples

Use test tokens and representative documents to validate parsing, mapping, webhook handling, and support expectations.

2

Control production entry

Switch to live tokens only when downstream automation is ready for live-mode documents and credit spend.

3

Review and tune

Use document previews, extracted JSON, feedback, usage, and run metadata to improve integration behavior over time.

Legal and operations

Review the public security, privacy, and API documentation before rollout.

Security API docs