What does Rogue AI build?

Production AI systems for European businesses — RAG pipelines with pgvector and hybrid retrieval, AI agent orchestration with parallel execution and MCP integration, LLM integration connecting models to business APIs, and AI-powered security tools analyzing firewall rules across 33 vendors.

How much does a project cost?

AI Starter projects start at EUR 3,000-5,000 (2 weeks) for single-feature tools. AI Workflow projects run EUR 5,000-10,000 (3-4 weeks) for multi-step automation. AI Platform builds range EUR 10,000-20,000 (4-6 weeks) for complete systems with infrastructure.

How long does a typical project take?

2-4 weeks for a standard deployment. This includes requirements analysis, system design, development, testing, Docker containerization, and production deployment with monitoring. Complex multi-system integrations may take 4-6 weeks.

Where is my data processed?

All AI processing runs on EU-hosted infrastructure (Hetzner, Germany). We use locally-deployed models via Ollama — no data is sent to US cloud APIs like OpenAI or AWS. Documents are processed in-memory and automatically deleted. Your data never leaves the EU.

What industries do you serve?

European SMBs across maritime (document compliance), legal (contract analysis), construction (safety compliance), and any business needing AI automation. We build industry-specific tools with live demos you can test before committing.

Can I try before I buy?

Yes. Our industry demos are free with no signup — Maritime DocAI, Legal DocAI, and Construction DocAI are all live. Upload a real document and see results in 15-25 seconds. These demos show exactly the kind of tool we build for clients.

What tech stack do you use?

Next.js, React, TypeScript, PostgreSQL with pgvector for vector search, Redis for caching, Ollama for local LLM inference, Docker for containerization, and Caddy for reverse proxy. All systems deployed on Hetzner VPS with automated health monitoring.

Who operates Rogue AI?

Rogue AI is operated by Netshift Advisory Ltd (HE 489261), a Cyprus-registered company. The founder brings 17 years of cybersecurity experience across DACH enterprise markets with certifications including AI-102, AZ-500, CEH, ISO 27001 Lead Implementer, TOGAF 9, and CCIE Security.

Technical Guide

AI Document Processing: How OCR + LLMs Replace Manual Data Entry

Rogue AI

·2026-04-11·11 min read

Every business has a document problem. Invoices arrive as scanned PDFs. Contracts come in as photographed pages. Compliance reports land in inconsistent formats across languages and decades-old templates. Someone on your team spends hours — sometimes days — manually extracting data from these documents into structured systems. The error rate is never zero, and the cost compounds invisibly because nobody tracks "time spent reading PDFs" as a line item. We have built document processing systems across maritime, legal, and construction industries. This guide covers the full architecture: from raw document intake through OCR, LLM extraction, structured output, and the accuracy metrics that actually matter in production.

Why Traditional OCR Alone Is Not Enough

Optical Character Recognition has existed since the 1950s and the technology is genuinely mature. Modern OCR engines can read printed text from scanned documents at over 95% character-level accuracy under good conditions. The problem is that character recognition is only the first step. Knowing that a document says "Invoice Total: EUR 14,327.50" is useless unless you can also identify that this is the total amount, that it belongs to invoice number 2026-0847, that the payment terms are net 30, and that the vendor is a specific company.

Traditional OCR gives you a wall of text. It does not give you structured data. That gap between raw text and usable data is where most document processing projects either stall or require so many hand-coded rules that they become unmaintainable. We tried this approach early on — writing regex patterns and positional rules for every document type. It works for exactly one template until someone reformats their invoice, and then everything breaks.

This is the fundamental shift that LLMs bring: they understand context. An LLM does not need a rule that says "the total is on line 47 of the document." It reads the document the way a human would and extracts the total regardless of where it appears, what font it uses, or whether the label says "Total," "Gesamtbetrag," "Amount Due," or "Sum."

The Full Pipeline: Document Intake to Structured Output

A production document processing system has five stages. Each stage has its own failure modes, and understanding the pipeline end-to-end is critical for building something that works reliably. Here is the architecture we use across all our document AI deployments.

Stage 1: Document Intake and Normalization

Documents arrive in various formats: PDF (both digital and scanned), JPEG/PNG photographs, Word documents, and occasionally TIFF files from legacy scanning systems. The first step is normalizing everything into a consistent internal representation.

For digital PDFs (those created from word processors or digital systems), text extraction is straightforward — libraries like pdf-parse or pdfplumber pull text directly without any OCR. These documents are already "solved" and typically yield 99%+ text accuracy.

For scanned documents and photographs, the situation is more complex. The image quality varies enormously. A crisp 300 DPI office scan is a different problem than a smartphone photo of a form on a clipboard in a construction yard, taken at an angle with shadows. Pre-processing becomes essential: deskewing, contrast adjustment, noise reduction, and binarization (converting to pure black and white) all happen before OCR even begins.

Pre-processing matters more than model selection

In our testing across hundreds of real documents, pre-processing improvements (deskewing, contrast enhancement, resolution upscaling) delivered a 15-25% improvement in OCR accuracy on degraded scans. Switching OCR engines on the same unprocessed images only yielded a 3-7% difference. Fix the input quality first.

Stage 2: OCR — Tesseract vs Cloud Services

The OCR engine choice is a consequential decision. We have used both open-source (Tesseract) and cloud-based (Google Cloud Vision, AWS Textract, Azure Form Recognizer) options extensively. Here is an honest comparison based on production usage.

Factor	Tesseract 5	Cloud OCR (Google/AWS/Azure)
Character accuracy (clean scan)	95-98%	97-99.5%
Character accuracy (degraded scan)	75-88%	85-95%
Table extraction	Poor (requires post-processing)	Good (native table detection)
Handwriting recognition	Very limited	Moderate to good
Multi-language support	Good (100+ languages, trainable)	Excellent (auto-detection)
Cost per 1,000 pages	EUR 0 (compute only)	EUR 1.50 - 15 depending on features
Data privacy	Full (runs locally)	Data leaves your network
Processing speed (per page)	1-3 seconds	0.5-2 seconds

Our recommendation: use Tesseract for clean, well-scanned documents where data privacy matters and volumes are high. Use cloud OCR when dealing with degraded scans, handwritten annotations, or complex table layouts — but only if the documents do not contain sensitive data, or if your data processing agreement with the cloud provider covers your compliance requirements.

For our maritime document AI system, we use Tesseract exclusively because the documents contain commercially sensitive information. For a construction industry client processing site inspection photos, we use Google Cloud Vision because the image quality is often poor and the content is not confidential. The right choice depends on your data.

Stage 3: LLM-Powered Extraction

This is where the system transitions from raw text to structured data. The OCR output — a string of text with layout information — feeds into an LLM that understands the document type and extracts specific fields.

The prompt architecture is critical. We do not send the entire document to the LLM with a generic instruction like "extract the key information." That produces inconsistent, rambling output. Instead, we use a three-layer prompt structure:

System prompt: Defines the extraction schema and output format. Specifies every field the model should look for, its expected data type, and how to handle missing or ambiguous values. This prompt never changes per request — it is a constant for each document type.
Context injection: Provides domain-specific reference material — a glossary of industry terms, example extractions from similar documents, and validation rules. For maritime documents, this includes the relevant regulatory framework. For construction, it includes building codes and inspection standards. This layer transforms a general-purpose model into a domain expert.
Document payload: The actual OCR text, chunked if the document exceeds the model's context window. Each chunk includes positional metadata so the model can reason about where information appears (headers, footers, tables, sidebars).

The output is always structured JSON. No free-form text responses. The model returns a defined schema — fields, values, confidence scores, and source references pointing back to specific sections of the original document. This makes validation and downstream processing deterministic.

Structured output is non-negotiable

We enforce JSON schema validation on every LLM response. If the model returns malformed output, the request retries with a corrective prompt that includes the validation error. In practice, this happens on less than 2% of requests with well-engineered prompts. But that 2% would corrupt your data pipeline if you did not catch it.

Stage 4: Post-Processing and Validation

LLM extraction is probabilistic. The model can confidently produce wrong values — transposing digits in an invoice number, misinterpreting a date format, or conflating two similar fields. Post-processing catches these errors before they enter your system.

Our validation layer includes:

Format validation: Dates must parse correctly. Currency amounts must match expected formats (EUR vs USD, comma vs period decimal separators). Tax IDs must match the country-specific pattern (DE: 11 digits, AT: ATU + 8 digits, CY: 8 digits + letter).
Cross-reference validation: Line item totals must sum to the invoice total. Start dates must precede end dates. Reference numbers must match between linked documents.
Confidence thresholding: Each extracted field carries a confidence score from the LLM. Fields below a configurable threshold (we typically use 0.85) get flagged for human review rather than auto-accepted. This is the human-in-the-loop mechanism — the system processes the easy 80-90% automatically and routes the uncertain remainder to a reviewer.
Historical consistency: If an invoice from a known vendor contains a VAT number that differs from previous invoices, that gets flagged. If a certificate expiry date is earlier than the issue date, that gets flagged. These rules encode business logic that no LLM prompt can fully cover.

Stage 5: Output and Integration

The validated, structured data needs to go somewhere useful. We typically build three output channels:

Database storage: PostgreSQL with the full extraction result, original document reference, extraction metadata (timestamp, model version, confidence scores), and audit trail. This becomes the searchable history of every document the system has processed.
API output: REST endpoints that downstream systems (ERP, accounting, compliance platforms) can query. Each extraction is available as a JSON object within seconds of processing completing.
Human review interface: A dashboard showing documents that need manual attention — low-confidence extractions, validation failures, and anomalies. Reviewers see the original document side-by-side with extracted data and can approve, correct, or reject entries. Every correction feeds back into the system's prompt engineering.

Accuracy Metrics That Actually Matter

Vendors love quoting "99% accuracy" for their document AI products. That number is meaningless without context. Here are the metrics we track and the benchmarks we see in production across our deployments.

Metric	Definition	Our Production Benchmarks
Character Error Rate (CER)	Percentage of incorrectly recognized characters	1.5-4% on clean scans, 8-15% on degraded
Field Extraction Accuracy	Percentage of fields correctly extracted and typed	92-97% across all document types
Straight-Through Processing	Percentage of documents needing no human review	75-88% depending on document quality
False Positive Rate	Fields flagged for review that were actually correct	8-12% (tuning threshold trades this against misses)
End-to-End Latency	Time from upload to structured output	15-90 seconds per document (varies with length)

The metric that matters most for ROI calculation is straight-through processing rate. If 85% of documents process automatically with 95%+ accuracy, and the remaining 15% route to a human reviewer who spends 2 minutes per document instead of 20, you have reduced total processing time by roughly 90%. That is the number your CFO cares about.

Real-World Examples: What We Have Built

Maritime: Compliance Document Analysis

Our maritime document AI system processes inspection reports, classification surveys, and regulatory filings for a European fleet operator. The system handles four analysis modes: compliance checking against SOLAS/MARPOL/ISM regulations, risk assessment aggregating findings across vessels, operational insights extraction from crew and maintenance reports, and document comparison for regulatory change tracking. Documents arrive in English, Greek, German, and Norwegian — often mixed within a single report. Average processing time: under three minutes per 20-page report. Self-hosted on the client's own infrastructure with Ollama because no document data was allowed to leave their network.

Legal: Contract Clause Extraction

A legal services firm needed to extract and categorize clauses from commercial contracts — liability limitations, termination conditions, non-compete provisions, and payment terms. The challenge was that contracts from different counterparties used wildly different structures, numbering systems, and clause naming conventions. A rule-based approach was out of the question. The LLM-based system identifies clause types by semantic content rather than structural position. It processes a standard 40-page contract in about 90 seconds and produces a structured summary with clause-level references back to the source document. The firm's lawyers use it as a first-pass filter before deep review — reducing initial contract review time from two hours to fifteen minutes.

Construction: Site Inspection Reports

Construction site inspections generate photos with handwritten notes, printed checklists with checkmarks and annotations, and free-form observation reports. The document quality is consistently poor — photographed in outdoor conditions, often at angles, sometimes partially obscured. This is the hardest OCR scenario. We use Google Cloud Vision for the OCR stage because its degraded-image handling is significantly better than Tesseract for this use case. The LLM layer extracts deficiency findings, categorizes them by building code section, assigns severity levels, and generates a compliance status for each inspection item. The GC processes about 200 inspections per week through the system.

Common Failure Modes and How to Avoid Them

After building document processing systems for over two years, we have seen the same failure patterns repeatedly. Here is what kills document AI projects and how to prevent it.

→Underestimating document variability. Your sample set of 20 documents during development does not represent the thousands of variations in production. Test with the ugliest, most unusual documents you can find during development — not the clean samples.
→No feedback loop for corrections. When a human reviewer corrects an extraction error, that correction should feed back into your prompt engineering and validation rules. Without this loop, the system never improves and the same errors recur indefinitely.
→Over-relying on the LLM. An LLM is not a substitute for business logic validation. If your invoice total does not match the sum of line items, a format check catches that more reliably than hoping the LLM will flag it. Use the LLM for what it is good at (understanding unstructured text) and traditional code for what code is good at (deterministic validation).
→Ignoring multi-language documents. A document that mixes English headings with German body text and French annotations in the margins is common in European business. Your pipeline needs to handle this gracefully — either through multi-language OCR models or language detection and routing.
→Skipping the human-in-the-loop design. No document AI system should auto-accept everything. Design the review workflow from day one, not as an afterthought. Your users need to trust the system, and trust comes from being able to verify and correct.

Self-Hosted vs Cloud: The Privacy Question

For European businesses, the data privacy dimension of document processing is not optional. Documents often contain personal data (employee names, addresses), financial data (bank details, tax IDs), or commercially sensitive information (pricing, contract terms). Sending these to a US-hosted cloud API raises GDPR questions that are not worth the legal risk for many organizations.

We offer two deployment models. Self-hosted: the entire pipeline runs on the client's infrastructure or on EU-hosted servers that we manage. No data leaves the controlled environment. This adds infrastructure cost and maintenance overhead, but eliminates data sovereignty concerns entirely. Hybrid: OCR runs locally (Tesseract for text extraction), and only anonymized, non-sensitive extracted text goes to a cloud LLM for processing. This gives you the quality advantage of larger cloud models while keeping raw documents private.

All our systems are EU-hosted by default. We do not use US-based APIs unless a client specifically requests it and accepts the compliance implications. This is not a marketing position — it is a technical architecture decision that reflects how European data protection works in practice.

What It Costs and How Long It Takes

A document processing system typically falls into our mid-tier project scope. For a single document type (e.g., invoices only, or inspection reports only), expect four to six weeks of development and an investment of EUR 8,000-12,000. This includes the OCR pipeline, LLM extraction with custom prompts for your document type, validation layer, human review interface, and API integration.

For multi-document-type systems (processing invoices, contracts, and compliance reports through the same pipeline), the timeline extends to eight to twelve weeks and the investment is EUR 15,000-20,000. Each additional document type requires its own prompt engineering, validation rules, and testing — there is no shortcut.

Ongoing costs depend on your deployment model. Self-hosted: EUR 80-300/month for server infrastructure plus EUR 300-800/month for maintenance and model updates. Cloud-hosted: per-document API costs (typically EUR 0.01-0.05 per page depending on features used) plus maintenance.

Is Document AI Right for Your Use Case?

Document AI makes sense when you process more than 50 documents per week of the same type, when the extraction task requires understanding context (not just reading fixed fields from a known template), and when errors in manual processing have real consequences — financial, regulatory, or operational.

It does not make sense when your documents are already digital and well-structured (use an API integration instead), when volumes are low enough that manual processing takes less than an hour per week, or when the document types change so frequently that no stable extraction schema exists.

Book a free discovery call to discuss whether document AI fits your situation. We will review a sample of your documents and give you a realistic assessment of what automation can achieve — including what it cannot.