Documents are handled for storage, processing, and controlled access.

Uploaded PDFs are used to provide the requested document workflow: upload, preview, QR region selection, QR replacement, storage, verification, open, and download access. Raw storage URLs are not intended to be exposed as public share links.

Uploaded documents are not used for advertising, behavioral profiling, resale, or AI training. Operational records may be kept to support authentication, security, audit logging, document lifecycle management, and abuse prevention.

Public verification pages should expose only the information required to evaluate the owner-controlled access flow. They are not a public document directory and should not reveal raw storage paths or private implementation details.

The platform does not currently claim zero-access storage or custom application-level encryption. Any encryption-at-rest wording should be added only after the final encryption stage is implemented and verified.