Privacy Policy

Last updated: January 19, 2026

1. Introduction

Documentor ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you use our documentation platform and services.

This policy complies with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable European Union data protection laws.

2. Data Controller

Documentor is the data controller responsible for your personal data. If you have any questions about this privacy policy or our data practices, please contact us at:

Email: privacy@documentor.app
Address: [Your Business Address]
Data Protection Officer: dpo@documentor.app

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Information You Provide

  • Account Information: Name, email address, password (encrypted), and profile picture
  • Organization Data: Organization name, billing information, and team member details
  • Content: Documents, files, and other content you create or upload to our platform
  • Communications: Messages you send to us via email or support channels

3.2 Automatically Collected Information

  • Usage Data: How you interact with our services, features used, and time spent
  • Device Information: Browser type, operating system, device identifiers
  • Log Data: IP address, access times, pages viewed, and referring URLs
  • Cookies: Essential and analytics cookies (see Section 9)

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

  • Contract Performance (Art. 6(1)(b)): To provide our services, manage your account, and fulfill our contractual obligations
  • Legitimate Interests (Art. 6(1)(f)): To improve our services, ensure security, and prevent fraud
  • Consent (Art. 6(1)(a)): For marketing communications and non-essential cookies (you can withdraw consent at any time)
  • Legal Obligation (Art. 6(1)(c)): To comply with applicable laws and regulations

5. How We Use Your Data

We use your personal data for the following purposes:

  • Providing and maintaining our documentation platform
  • Managing your account and organization
  • Processing payments and billing
  • Sending service-related notifications
  • Responding to your inquiries and support requests
  • Improving and personalizing our services
  • Ensuring the security of our platform
  • Complying with legal obligations
  • Marketing communications (only with your consent, and you can opt-out anytime)

6. Data Sharing

We do not sell your personal data. We may share your data with:

  • Service Providers: Third-party vendors who help us operate our services (hosting, payment processing, analytics)
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly agree to share your data

All third-party service providers are bound by data processing agreements that ensure GDPR compliance.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • EU-US Data Privacy Framework (for certified US organizations)
  • Adequacy decisions where applicable

You may request a copy of the safeguards we use by contacting us.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Account Data: Until you delete your account, plus 30 days for backup purposes
  • Content: Until you delete it or your account is terminated
  • Billing Records: 7 years as required by tax and accounting laws
  • Log Data: Up to 12 months for security and analytics purposes
  • Support Communications: Up to 3 years after resolution

9. Cookies and Tracking

We take a privacy-first approach to cookies and tracking. We only use essential cookies required for the website to function properly:

  • Authentication Cookies: Keep you signed in to your account securely
  • Session Cookies: Maintain your session state while using the application
  • Preference Cookies: Remember your settings such as theme and language preferences

No Analytics or Tracking Cookies: We do not use any third-party analytics cookies, advertising trackers, or user behavior tracking tools. Your browsing activity on our platform is not tracked or shared with third parties.

Admin Dashboard Metrics: For internal business purposes, we maintain an admin dashboard that displays aggregate, anonymized statistics (such as total document count and storage usage). These metrics are calculated server-side from database aggregates and do not involve any client-side tracking or individual user monitoring.

You can manage cookie preferences through your browser settings. Note that disabling essential cookies may prevent you from signing in or using core features of the application.

10. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access (Art. 15): Request a copy of your personal data
  • Right to Rectification (Art. 16): Request correction of inaccurate data
  • Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
  • Right to Restriction (Art. 18): Request limitation of processing
  • Right to Data Portability (Art. 20): Receive your data in a machine-readable format
  • Right to Object (Art. 21): Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing)

To exercise these rights, contact us at privacy@documentor.app. We will respond within 30 days.

11. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. You can contact the data protection authority in your country of residence or where the alleged infringement occurred. A list of EU data protection authorities is available at edpb.europa.eu.

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication mechanisms
  • Regular security assessments and audits
  • Access controls and employee training
  • Incident response procedures

13. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at privacy@documentor.app.

14. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or through a notice on our website. The "Last updated" date at the top of this policy indicates when it was last revised.

15. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us:

Email: privacy@documentor.app
General Inquiries: hello@documentor.app