Privacy Policy

DociShield ("DociShield", "we", "us" or "our") provides a document workflow platform consisting of Secure Sharing, Contracts and Payments, Document Protection and Audit Trails. This Privacy Policy explains how we collect, use, store, share and protect personal data when you use our website, applications and related services (together, the "Services").

By using the Services you acknowledge that you have read and understood this Privacy Policy. If you do not agree with it, you should not use the Services. If you have any questions, please contact us.

We collect the following categories of personal data:

A. Account and identity data

When you create an account we collect your name, email address, business name, role, country and authentication credentials. We also collect billing details required to process subscription payments.

B. Document and content data

We process the documents you upload to the Services and the metadata associated with them, such as titles, recipients, protection settings, signature fields and payment requirements. We act as a processor of this content on your behalf.

C. Usage and device data

We collect information about how you interact with the Services, including pages viewed, features used, IP address, browser type, device identifiers, operating system and approximate location derived from your IP address.

D. Recipient and signer data

When you send a document we collect the recipient's name, email address, signature metadata, consent records, timestamps and IP address. This data is collected to establish the integrity of the signature and to maintain the audit trail.

E. Support and communications data

When you contact us we collect the content of your message together with any information you choose to provide so that we can respond and improve the Services.

• Directly from you when you create an account, upload documents, configure protection settings or contact us.
• Automatically through cookies, server logs and analytics tools as you interact with the Services.
• From signers and recipients when they view, consent to or sign documents you have sent through Secure Sharing or Contracts and Payments.
• From integration partners such as our payment processor when you take payment through Contracts and Payments.

• To provide and operate the Services, including Secure Sharing, Contracts and Payments, Document Protection and Audit Trails.
• To authenticate users, manage subscriptions and process payments.
• To enforce the document protection rules you configure and to generate tamper-evident audit trails.
• To communicate with you about account activity, security events and product updates.
• To improve the Services, diagnose technical issues and protect against abuse, fraud and security threats.
• To comply with our legal, regulatory and contractual obligations.

Where the GDPR or equivalent legislation applies, we rely on the following lawful bases:

• Performance of a contract: to deliver the Services you have requested.
• Legitimate interests: to secure the Services, prevent fraud, generate audit trails and improve our product, balanced against your rights and interests.
• Legal obligation: to comply with applicable laws, regulations and lawful requests.
• Consent: where you have explicitly opted in, for example to receive marketing communications.

We do not sell your personal data. We share personal data only where necessary to provide the Services or to comply with the law:

• Service providers and sub-processors that host our infrastructure, deliver email, process payments (such as Stripe) and provide analytics, under written data processing terms.
• Recipients of documents you send through the Services, who will see the document content and the information you choose to include.
• Regulators, law enforcement and other authorities where required by law or to protect the rights, property or safety of DociShield, our customers or others.
• Successors in interest in the event of a merger, acquisition or restructuring, subject to equivalent privacy protections.

DociShield operates globally. Personal data may be transferred to and processed in countries other than the country in which it was collected. Where we transfer personal data outside your country we put in place appropriate safeguards, such as Standard Contractual Clauses or equivalent mechanisms, to ensure your data continues to be protected.

We retain personal data only for as long as is necessary to provide the Services, to comply with our legal obligations, to resolve disputes and to enforce our agreements. Audit trail records are retained according to your plan's retention period and applicable regulatory requirements. When personal data is no longer required we delete or anonymise it.

We employ industry-standard technical and organizational measures to protect your data, including AES-256 encryption at rest, TLS 1.2 or higher in transit, role-based access controls, logging and monitoring. Document Protection rules you set are enforced technically at the platform layer.

No system can guarantee perfect security. If we become aware of a security incident affecting your personal data we will notify you in accordance with applicable law.

Subject to applicable law, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate or incomplete data.
• Request deletion of your personal data.
• Object to or restrict certain processing activities.
• Receive a portable copy of data you have provided to us.
• Withdraw any consent you have previously given.

To exercise any of these rights, please contact us. We will respond within the time frames required by applicable law.

We use cookies and similar technologies to operate the Services, remember your preferences and understand how the Services are used. Further details are set out in our Cookie Policy. You can control non-essential cookies through your browser settings or through the in-product cookie controls.

When you use Contracts and Payments to collect signatures and payment from your customers, you act as the controller of the personal data you collect from those customers and DociShield acts as a processor on your behalf.

You are responsible for ensuring you have the lawful basis to collect and process that personal data, for providing your own privacy notice to your customers and for handling any rights requests they make to you. We will assist where required by applicable law.

We may update this Privacy Policy from time to time to reflect changes in our practices, the Services or applicable law. When we make material changes we will update the "Last Updated" date at the top of this page and, where appropriate, notify you through the Services or by email.

If you have any questions or complaints about this Privacy Policy or our handling of your personal data, please contact us. We will work in good faith to resolve your concerns.

You also have the right to lodge a complaint with your local data protection authority.