Security & Privacy for Professional Documents
Your financial reports, research papers, and internal documents stay private.
Tosea processes your files only to generate your presentation. We do not train AI models on your uploaded documents by default.
Last updated: May 26, 2026
No training by default
Your documents do not enter model training pipelines — free and paid plans alike.
Encrypted in transit & at rest
TLS 1.2+ everywhere, AES-256 at rest, least-privilege access controls.
Delete anytime
Instant per-file delete. Account closure: 30-day removal, 60-day backup purge.
Frequently Asked Questions
Direct answers to the security and compliance questions professional teams ask first.
Are uploads used for training AI models?
No. Your uploaded documents and the presentations generated from them are not used to train, fine-tune, or improve our AI models — on any plan, free or paid. Upstream large language model providers we route through (OpenAI, Anthropic, Google) are bound by their enterprise data-processing terms not to use API content sent on your behalf for training. If we ever introduce an optional "Help Improve Tosea" research program, it will be strictly opt-in, disabled by default, and revocable from your account settings at any time.
How long are my files stored?
Uploaded source documents are kept only as long as needed to render your presentation and to let you re-open or re-edit it in the dashboard. You can delete any file or presentation at any time, and inactive files are eligible for automated purging after 12 months. When you close your account, all files and generated presentations are removed from active production systems within 30 days, and from disaster-recovery backups within an additional 60 days.
Can I delete my files and account?
Yes. Individual files and presentations can be deleted from the dashboard at any time — deletion is immediate in active systems and propagates through backup rotation within 60 days. Full account deletion is available from Settings → Account → Delete Account; you can also email [email protected] to request deletion. A confirmation step prevents accidental loss.
Are files encrypted in transit and at rest?
Yes. All client/server traffic is encrypted in transit over TLS 1.2+ (HTTPS only — HTTP is rejected). Files and database records are encrypted at rest using AES-256 on our managed cloud storage and Postgres providers. Access keys are rotated and scoped to the minimum services that need them.
Is an enterprise Data Processing Agreement (DPA) available?
We provide DPAs for Enterprise customers on request, including GDPR-aligned Standard Contractual Clauses where applicable. Contact [email protected] to start the conversation and we will work with your legal team to put one in place.
What happens to my data when I cancel?
Cancelling a subscription downgrades your plan but does not delete your account or files. Existing presentations remain accessible and exportable as long as your account is open. If you want a full deletion, use Settings → Account → Delete Account (30-day active removal, 60-day backup purge — see above).
Need a DPA, security questionnaire, or Enterprise pilot?
Our security & compliance team responds within 2 business days.
Contact our security teamFull legal terms in our Privacy Policy and Terms of Use.