Docustrate
Preview

Privacy Policy

Effective Date: September 4, 2025

This Privacy Policy describes how Docustrate ("we," "us," or "our") collects, uses, and protects your information when you use our document intelligence services ("Services").

1. Information We Collect

1.1 Information You Provide

We collect information you directly provide to us, including:

  • Account Information: Name, email address, company name, and role
  • Authentication Data: OAuth tokens from connected services (SharePoint, Jira, etc.)
  • Communications: Support inquiries, feedback, and correspondence
  • Preferences: Service settings and configuration choices

1.2 Information We Collect Automatically

When you use our Services, we automatically collect:

  • Usage Data: Search queries, feature usage, and interaction patterns
  • Technical Data: IP address, browser type, device information, and access times
  • Performance Data: Service response times and error logs

1.3 Document Data

We process documents from your connected sources to provide search functionality:

  • Document content is processed to create searchable indexes
  • We maintain document metadata (title, author, dates, permissions)
  • Original documents remain in your source systems
  • We do not permanently store full document content

2. How We Use Your Information

2.1 Service Delivery

  • Process and index documents for search functionality
  • Authenticate and authorize access to connected services
  • Provide customer support and respond to inquiries
  • Send service updates and important notifications

2.2 Service Improvement

  • Analyze usage patterns to improve features
  • Monitor system performance and reliability
  • Develop new features based on user needs
  • Conduct research on search effectiveness

2.3 Security and Compliance

  • Detect and prevent fraudulent or abusive activity
  • Comply with legal obligations and requests
  • Enforce our Terms of Service
  • Protect rights and safety of users

3. Data Sharing and Disclosure

3.1 We Do Not Sell Your Data

We never sell, rent, or trade your personal information or document content to third parties.

3.2 Limited Sharing

We may share information only in these circumstances:

  • Service Providers: Trusted vendors who help operate our Services (cloud infrastructure, analytics)
  • Legal Requirements: When required by law or valid legal process
  • Business Transfers: In connection with merger, acquisition, or asset sale
  • Consent: With your explicit permission

3.3 Third-Party Services

Our Services integrate with:

  • Microsoft Azure (cloud infrastructure)
  • OpenAI/Anthropic (AI processing)
  • Analytics providers (anonymized usage data)

4. Data Security

4.1 Security Measures

We implement industry-standard security measures:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Access controls and authentication mechanisms
  • Regular security audits and penetration testing
  • Employee security training and access restrictions

4.2 Incident Response

In case of a data breach, we will:

  • Notify affected users within 72 hours
  • Provide details about the incident and affected data
  • Offer guidance on protective measures
  • Cooperate with regulatory authorities

5. Data Retention

5.1 Retention Periods

  • Account Data: Retained while account is active plus 30 days
  • Search Indexes: Updated continuously, deleted upon account termination
  • Usage Logs: Retained for 90 days for operational purposes
  • Analytics Data: Aggregated and anonymized after 12 months

5.2 Data Deletion

You can request deletion of your data at any time. We will delete your information within 30 days, except where retention is required by law.

6. Your Rights and Choices

6.1 Access and Control

You have the right to:

  • Access your personal information
  • Correct inaccurate data
  • Request data portability
  • Delete your account and data
  • Opt-out of marketing communications

6.2 European Data Rights

Under GDPR, EU residents have additional rights:

  • Right to be forgotten
  • Right to restrict processing
  • Right to object to processing
  • Right to lodge a complaint with supervisory authorities

7. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards through:

  • EU-approved Standard Contractual Clauses
  • Data processing agreements with all vendors
  • Selection of vendors with adequate privacy protections

8. Children's Privacy

Our Services are not intended for children under 16. We do not knowingly collect information from children. If we learn we have collected data from a child, we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or Service notification at least 30 days before the effective date.

10. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

11. Legal Basis for Processing (GDPR)

We process personal data based on:

  • Contract: To provide Services you requested
  • Legitimate Interests: To improve Services and ensure security
  • Legal Obligations: To comply with applicable laws
  • Consent: For marketing communications and optional features