Privacy Policy

Last Updated: October 8, 2025

At DocsFlow, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://docsflow.com and use our services. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access our website or use our services.

Information We Collect

We collect information that you provide directly to us when you register for an account, create or modify your profile, set preferences, sign-up for or make purchases through our services. This information may include:

• Personal identifiers (name, email address, phone number)
• Account credentials (username, password)
• Billing information (credit card details, billing address)
• Company information (company name, size, industry)
• User-generated content (prompts, queries, feedback)
• Usage data (features used, interaction patterns)

How We Use Your Information

We may use the information we collect for various purposes, including to:

• Provide, maintain, and improve our services
• Process transactions and send related information
• Send administrative messages, updates, security alerts, and support messages
• Respond to your comments, questions, and requests
• Personalize your experience and deliver content relevant to your interests
• Monitor and analyze trends, usage, and activities in connection with our services
• Detect, investigate, and prevent fraudulent transactions and other illegal activities
• Comply with legal obligations

GDPR Compliance - Lawful Basis for Processing

If you are in the European Economic Area (EEA) or UK:

• Lawful Basis: Processing is based on contract (to provide the Service), legitimate interest (improving features), or consent (optional analytics).
• Your Rights: You may request access, correction, deletion, restriction, or portability of your data, or object to certain processing. You also have the right to lodge a complaint with your Supervisory Authority.

Data Storage and Security

We implement appropriate technical and organizational measures to protect the security of your personal information. However, please be aware that no security measures are perfect or impenetrable, and we cannot guarantee the security of your data transmitted to our services.

Your data is stored on secure servers and we maintain strict access controls to protect your information. We use industry-standard encryption for data in transit and at rest.

Data Retention

Uploaded documents are retained until deleted by you or your account is closed. Other data is retained only as long as necessary for the purposes stated above, typically:

• Account data: For the duration of your account plus 30 days after closure
• Usage data: Up to 2 years for analytics purposes
• Legal compliance data: As required by applicable law

Data Sharing

We do not sell personal data. We may share with:

• Service providers (e.g., hosting and infrastructure).
• Legal authorities when required by law.
• Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business.
• With Your Consent: We may disclose your information for any other purpose with your consent.

Third-Party Services

We may use third-party services that collect, monitor and analyze data. These include:

• OpenAI
• Google Analytics
• AWS
• Microsoft Azure

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our services and hold certain information. Cookies are files with a small amount of data that may include an anonymous unique identifier.

We use cookies for the following purposes:

• To maintain your authenticated session and preferences
• To understand how you use our services
• To enhance the security of our services
• To personalize your experience
• To analyze the effectiveness of our marketing campaigns

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our services.

Analytics

We may use third-party Service Providers to monitor and analyze the use of our services. These services help us understand how users interact with our services, which pages are visited most often, and how users navigate through our website. This information is used to improve our services and user experience.

Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information, including:

• The right to access personal information we hold about you
• The right to request correction of inaccurate personal information
• The right to request deletion of your personal information
• The right to object to processing of your personal information
• The right to data portability
• The right to withdraw consent

GDPR Privacy Rights (For European Economic Area Residents)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR). We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Information.

Under the GDPR, you have the following specific rights:

• The right to access, update or delete the information we have on you
• The right of rectification - the right to have your information corrected if it is inaccurate or incomplete
• The right to object to our processing of your Personal Information
• The right of restriction - the right to request that we restrict the processing of your personal information
• The right to data portability - the right to be provided with a copy of your Personal Information in a structured, machine-readable and commonly used format
• The right to withdraw consent at any time where we relied on your consent to process your personal information

To exercise these rights, please contact us using the contact information provided at the end of this Privacy Policy. You also have the right to lodge a complaint with your local Supervisory Authority if you believe we have not complied with data protection laws.

CCPA Privacy Rights (For California Residents)

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA). This section describes your CCPA rights and explains how to exercise those rights.

Under the CCPA, you have the following rights:

• The right to know about the personal information we collect about you and how it is used and shared
• The right to delete personal information collected from you (with certain exceptions)
• The right to opt-out of the sale of your personal information
• The right to non-discrimination for exercising your CCPA rights

To exercise these rights, please contact us using the contact information provided at the end of this Privacy Policy.

Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect data from minors.

International Data Transfers

Data may be processed outside your jurisdiction. Where applicable, we rely on Standard Contractual Clauses (SCCs) to safeguard data transfers to countries without adequate data protection laws.

For transfers from the EU/UK to third countries, we ensure appropriate safeguards are in place in accordance with GDPR requirements.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, please contact us at privacy@docsflow.com or by mail at: