NumoraNumora
Guides

Security and Compliance

Baseline guidance for handling OCR data safely in production.

Data Classification

Classify documents by sensitivity before rollout (for example public, internal, confidential).

Apply stricter review and access controls for confidential document types.

Access Control

Use least-privilege access:

  • Limit who can upload files.
  • Limit who can review extracted content.
  • Limit who can export or integrate outputs.

Storage and Retention

Define retention by legal and business needs.

A common model is:

  • Keep raw files for a limited window.
  • Keep structured outputs for operational reporting.
  • Remove data that is no longer required.

Logging and Auditing

Track key actions:

  • Upload events.
  • Extraction runs and status.
  • Human corrections.
  • Export and integration events.

Audit logs make incident response and compliance reviews faster.

Security Operations

Before production, establish:

  • Incident response owner and contact path.
  • Backup and recovery plan.
  • Key rotation and secret management process.
  • Periodic permission review.

For privacy-related obligations, review your legal requirements and your published policies.

Review and Approval

Review model, approval semantics, concurrency control, and downstream eligibility for Numora documents.

API Overview

Overview of the Numora Public API developer preview for document ingestion, review, mappings, and workflow execution.

On this page

Data Classification
Access Control
Storage and Retention
Logging and Auditing
Security Operations