Privacy Policy

1. Introduction

Doc Bridge ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide to us:

• Account Information: Name, email address, password, and organization details
• Profile Information: Display name, profile picture, and preferences
• Document Content: Files, documents, and associated metadata you upload
• Communication Data: Messages, queries, and feedback you submit
• Payment Information: Billing details (processed by third-party payment processors)

2.2 Automatically Collected Information

When you use the Service, we automatically collect:

• Usage Data: Features used, pages visited, time spent, and interaction patterns
• Device Information: IP address, browser type, operating system, and device identifiers
• Log Data: Access times, errors, and performance metrics
• Cookies and Tracking: Session identifiers and preference cookies

2.3 AI Processing Data

Your documents and queries are processed by AI systems. We collect metadata about AI interactions, including query patterns, response quality, and usage statistics.

3. How We Use Your Information

We use collected information for the following purposes:

• Service Delivery: Process documents, provide search results, and enable collaboration
• Account Management: Create and maintain your account, authenticate users
• Service Improvement: Analyze usage patterns, improve AI models, fix bugs
• Communication: Send service updates, security alerts, and support responses
• Security: Detect fraud, prevent abuse, and protect user data
• Compliance: Meet legal obligations and enforce our Terms
• Analytics: Generate anonymized usage statistics and insights

4. Data Sharing and Disclosure

4.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information or document content to third parties.

4.2 Service Providers

We share data with trusted service providers who assist us:

• AI Providers: Third-party AI services (e.g., OpenAI, Anthropic) process your queries
• Cloud Hosting: Infrastructure providers store and process your data
• Payment Processors: Payment service providers handle billing
• Analytics Services: Tools that help us understand usage patterns
• Email Services: Providers that send transactional emails

All service providers are contractually obligated to protect your data and use it only for specified purposes.

4.3 Legal Requirements

We may disclose information if required by law or if we believe it necessary to:

• Comply with legal obligations, court orders, or government requests
• Enforce our Terms and Conditions
• Protect our rights, property, or safety
• Prevent fraud or security threats

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

4.5 Team Collaboration

Within your organization, data is shared with team members according to the permissions you configure.

5. Data Security

We implement industry-standard security measures:

• Encryption: Data is encrypted in transit (TLS) and at rest
• Access Controls: Role-based permissions and authentication
• Infrastructure Security: Secure cloud hosting with regular audits
• Monitoring: Continuous monitoring for security threats
• Incident Response: Procedures to respond to data breaches

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Retention periods vary based on data type:

• Account Data: Retained until account deletion plus 30 days
• Documents: Retained until you delete them or close your account
• Usage Logs: Typically retained for 90 days
• Backups: May persist in backups for up to 90 days after deletion
• Legal Requirements: Some data may be retained longer to comply with laws

7. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

7.1 Access and Portability

Request a copy of your personal data in a structured, machine-readable format.

7.2 Correction

Update or correct inaccurate information through your account settings.

7.3 Deletion

Request deletion of your account and associated data (subject to legal retention requirements).

7.4 Objection and Restriction

Object to or request restriction of certain data processing activities.

7.5 Withdraw Consent

Where processing is based on consent, you may withdraw consent at any time.

To exercise these rights, please contact us at privacy@docbridge.com.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your session and authentication
• Remember your preferences
• Analyze usage patterns and improve the Service
• Provide security features

You can control cookies through your browser settings. Disabling cookies may limit Service functionality.

9. Third-Party AI Services

The Service uses third-party AI providers (such as OpenAI, Anthropic) to process your documents and queries. When you use the Service:

• Your content is sent to AI providers for processing
• AI providers may use data to improve their models (subject to their policies)
• We use enterprise agreements that provide enhanced privacy protections
• You should review the privacy policies of our AI providers

We select AI providers based on their security and privacy practices.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

• Standard contractual clauses
• Data processing agreements
• Compliance with applicable data protection laws

11. Children's Privacy

The Service is not intended for children under 13 (or 16 in the EU). We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell data)
• Right to non-discrimination for exercising your rights

13. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation:

• Right to access, rectification, erasure, and data portability
• Right to restrict processing and object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

Our legal basis for processing includes: contract performance, legitimate interests, legal obligations, and your consent where applicable.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top indicates when changes were made.

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

15. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of discovery.

16. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: privacy@docbridge.com
Address: [Your Business Address]
Data Protection Officer: dpo@docbridge.com