Data Protection Policy

Last updated: March 13, 2026

At Doc Custodian ("Company," "we," "us," or "our"), protecting the data you entrust to us is of significant importance. This Data Protection Policy ("Policy") describes in detail the technical, administrative, and organizational measures we implement to safeguard, process, store, and manage the documents, files, personal information, and other data associated with your use of the Doc Custodian platform and all related services (collectively, the "Service"). This Policy is provided for informational purposes only and is intended to give you transparency into our data protection practices. This Policy does not create, constitute, or imply any contractual obligations, warranties, guarantees, representations, service level agreements, or commitments beyond what is expressly stated in our Terms of Service. All data protection measures described herein are provided on a commercially reasonable, best-effort basis, and the Company makes no warranty or guarantee that such measures will prevent all unauthorized access, data breaches, data loss, or other security incidents.

1. Scope and Applicability

This Policy applies to all data collected, processed, stored, transmitted, and managed by the Company in connection with the operation of the Service, including but not limited to data provided by users, data generated through use of the Service, and data received from third-party sources. This Policy applies to all users of the Service, including individual users, workspace administrators, workspace members, and any other persons whose data is processed by the Service. This Policy should be read in conjunction with our Terms of Service, Privacy Policy, and Security Policy, each of which is incorporated herein by reference. In the event of any conflict between this Policy and our Terms of Service, the Terms of Service shall prevail to the extent of such conflict.

2. Data Classification

For purposes of this Policy, we classify data processed by our Service into the following categories, each of which is subject to the applicable protection measures described herein:

  • User Content: Documents, images, files, attachments, and any other materials you upload, submit, store, or transmit through the Service, together with any extracted text, structured data, converted outputs, AI-generated analysis, summaries, and other derivative content generated by the Service from your uploaded materials. User Content is your data — you retain all ownership rights, title, and interest in and to your User Content as described in our Terms of Service.
  • Account Data: Personal information and account-related data, including but not limited to your name, email address, profile information, workspace name and configuration, subscription plan details, billing information and payment status, workspace membership records, role assignments, permission settings, and authentication-related data.
  • Operational Data: Data generated by or in connection with the operation and use of the Service, including but not limited to activity logs, audit trails, usage metrics, performance data, error logs, diagnostic data, system health information, API request logs, and other technical and operational information.

3. Data Storage and Encryption

3.1 Encryption at Rest

All User Content, Account Data, and other sensitive information stored within our cloud infrastructure is encrypted at rest using industry-standard encryption algorithms and protocols. This includes, but is not limited to, document files stored in object storage, extracted data and processed content, database records containing account and workspace information, backup copies and archived data, and temporary files created during document processing. Encryption at rest is managed through our cloud infrastructure provider's native encryption capabilities, which employ widely recognized cryptographic standards.

3.2 Encryption in Transit

All data transmitted between your browser, client application, or device and our servers is encrypted in transit using Transport Layer Security (TLS) protocols. Additionally, internal service-to-service communications, API traffic between system components, data transfers between our services and third-party providers, and database connections and queries are encrypted to protect data during transmission. We enforce the use of secure, up-to-date TLS versions and cipher suites, and connections using outdated or insecure protocols are rejected.

3.3 Storage Infrastructure

User Content and associated data are stored on secure, enterprise-grade cloud infrastructure located in the United States, provided by reputable and established cloud hosting providers. We select infrastructure providers that maintain comprehensive physical security measures, network security controls, environmental protections, and operational best practices. The specific hosting providers and infrastructure configurations we use are subject to change as we evaluate and improve our infrastructure, and we do not disclose the identity of our infrastructure providers in this Policy. We are not responsible for and do not guarantee the security practices, compliance status, or operational reliability of our third-party infrastructure providers beyond the terms of our contractual agreements with them.

3.4 Key Management

Encryption keys used to protect your data are managed through our cloud infrastructure provider's key management service, which provides secure key generation, storage, rotation, and access control capabilities. Access to encryption keys is strictly controlled and limited to authorized services and personnel on a need-to-know basis.

4. Data Isolation and Multi-Tenancy

Doc Custodian operates a multi-tenant architecture in which multiple workspaces share common infrastructure while maintaining logical data isolation. We implement the following measures to ensure the separation and protection of data between workspaces:

  • Workspace-Level Data Separation: Each workspace's data is logically isolated from all other workspaces through a combination of application-level access controls, database-level filtering, and storage-level segregation. Users can only access documents, files, data, and resources within the workspaces to which they have been granted membership by a workspace administrator. Cross-workspace data access is prevented by design through multiple layers of access control enforcement.
  • Role-Based Access Control: Within each workspace, access to documents, features, settings, and administrative functions is governed by role-based access control mechanisms. Each workspace member is assigned a role (such as administrator or member) that determines the scope of their permissions and the actions they are authorized to perform within the workspace. Workspace administrators are responsible for assigning and managing roles within their workspace.
  • API-Level Authorization Enforcement: Every API request to the Service is subject to authentication and authorization verification before any data is accessed, modified, or returned. The system verifies the requesting user's identity, confirms their active membership in the target workspace, validates their role-based permissions for the requested action, and enforces workspace-scoped data filtering to ensure that only authorized data is accessed. Requests that fail any of these checks are rejected and logged.

5. Access Controls

5.1 User Authentication

The Service supports user authentication through established third-party identity providers as well as direct credential-based authentication, utilizing industry-standard authentication protocols and frameworks. Authentication credentials, where applicable, are securely managed through dedicated third-party authentication and credential management services, and are never stored in plaintext on our systems. We implement measures to protect against brute-force attacks, credential stuffing, and other common authentication-based threats.

5.2 Session Management

User sessions are managed using cryptographically signed tokens stored in secure, HTTP-only cookies with appropriate security attributes. Sessions are configured to expire automatically after a period of inactivity and are refreshed transparently during active use to maintain a balance between security and user convenience. Session tokens are invalidated upon logout and periodically refreshed to reduce the window of vulnerability.

5.3 Administrative and Internal Access

Access to production systems, databases, infrastructure, and other internal systems is strictly restricted to authorized Company personnel who require such access for the performance of their duties. We follow the principle of least privilege, granting only the minimum level of access necessary for each role and function. Administrative access to production systems requires additional authentication measures and is subject to logging and periodic review.

6. Data Processing

6.1 Document Extraction and Conversion

When you use the Service's document extraction and conversion features, your documents may be transmitted to third-party processing services for automated analysis, text extraction, optical character recognition (OCR), format conversion, and related processing. Documents are processed on-demand in response to your explicit requests and are not intended to be retained by third-party processing services beyond the duration of the active processing session. However, the Company cannot guarantee or warrant the data handling practices of third-party processing services beyond the terms of our contractual agreements with them.

6.2 AI-Powered Analysis and Features

Certain features of the Service, including document summarization, document classification, content analysis, and other AI-powered capabilities, process your documents through third-party artificial intelligence and machine learning services. Your documents are transmitted for processing only when you actively use these features, are processed in real-time, and are not used by us or, to the best of our knowledge and subject to our contractual agreements, by our AI service providers to train, fine-tune, improve, or otherwise develop AI models, machine learning models, or other algorithmic systems. Notwithstanding the foregoing, we cannot fully control or guarantee how third-party AI providers process, handle, store, or retain data beyond the scope of our contractual agreements with them, and we disclaim any liability arising from the data handling practices of such providers.

7. Data Retention and Deletion

Our data retention practices are designed to retain your data for as long as reasonably necessary to fulfill the purposes for which it was collected and to comply with our legal obligations, while respecting your right to have your data deleted when it is no longer needed. General retention practices include:

  • Active Subscriptions: Your User Content, Account Data, and associated information are retained for the duration of your active subscription and for as long as your account remains in good standing.
  • Post-Cancellation Grace Period: Following the cancellation or expiration of your subscription, we may retain your data for a limited grace period at our discretion to allow you to reactivate your subscription, retrieve your documents, or export your data. After this grace period, your data may be permanently and irrevocably deleted from our active systems without further notice. We have no obligation to retain your data after the expiration of the grace period.
  • Deletion Requests: You may request deletion of your data at any time by contacting us. We will make commercially reasonable efforts to process deletion requests in a timely manner. However, please note that residual copies of your data may remain in our backup systems, archived storage, log files, or disaster recovery systems for a limited period before being permanently purged through normal backup rotation processes.
  • Backup and Disaster Recovery: Encrypted backups of critical data may be retained for a limited period after data deletion from active systems for disaster recovery and business continuity purposes. Such backups are subject to the same security measures as active data and are purged through regular rotation cycles.
  • Legal and Regulatory Retention: Notwithstanding the foregoing, we may retain certain information for longer periods as required by applicable law, regulation, legal process, litigation hold, governmental investigation, or other legal obligation.

8. Data Portability and Export

We believe you should have access to your data and the ability to take it with you. You may download your original uploaded documents through the Service at any time during your active subscription. If you require export of other data, including extracted data, metadata, or account information, you may contact us to request a data export. We will make commercially reasonable efforts to provide requested data exports in a commonly used, machine-readable format, to the extent technically feasible and subject to any applicable legal restrictions. Data export functionality may vary based on your subscription plan and the type of data requested. We reserve the right to charge a reasonable fee for data export requests that are excessive, repetitive, or technically burdensome, to the extent permitted by applicable law.

9. Sub-Processors

We engage third-party sub-processors to assist us in delivering various aspects of the Service, including but not limited to cloud infrastructure and hosting, data storage and management, payment processing and billing, user authentication and identity verification, document processing and extraction, artificial intelligence and machine learning processing, email delivery and communications, and system monitoring and analytics. These sub-processors are carefully selected based on their security practices, reliability, and compliance posture, and are bound by contractual obligations that require them to protect the confidentiality and security of any data they process on our behalf. The specific sub-processors we engage may change from time to time as we evaluate, improve, and evolve the Service, and we do not disclose the identity of individual sub-processors in this Policy. If you have specific concerns about our sub-processing arrangements, please contact us using the information provided in Section 13.

10. Breach Notification

In the event that the Company becomes aware of a confirmed data breach that results in the unauthorized access to, disclosure of, alteration of, or destruction of your personal information or User Content, we will take the following steps to the extent required by applicable law and as commercially reasonable under the circumstances:

  • Promptly investigate the nature, scope, and cause of the incident and take reasonable steps to contain the breach and mitigate any ongoing harm.
  • Notify affected users of the breach in accordance with the requirements of applicable data breach notification laws, including the nature of the incident, the categories of data affected, the likely consequences, and the steps we have taken or plan to take to address the breach.
  • Notify applicable regulatory authorities, data protection authorities, and law enforcement agencies as required by applicable law, including but not limited to the Office of the Privacy Commissioner of Canada for breaches affecting Canadian residents and applicable state attorneys general for breaches affecting U.S. residents.
  • Provide affected users with guidance on recommended protective measures they may take in response to the breach, such as changing passwords, monitoring accounts for suspicious activity, and placing fraud alerts on credit reports.

Notwithstanding the foregoing, we make no specific commitments regarding breach notification timelines, methods, or content beyond what is required by applicable law. Our breach notification efforts are provided on a commercially reasonable, best-effort basis and are subject to the requirements and constraints of applicable law and the circumstances of each incident.

11. Regulatory Compliance

Our data protection practices are designed with applicable privacy and data protection laws in mind, including but not limited to:

  • United States: Applicable federal and state privacy and data protection laws, including but not limited to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable state consumer privacy laws.
  • Canada: The Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation, including but not limited to the Alberta Personal Information Protection Act, the British Columbia Personal Information Protection Act, and Quebec's Act Respecting the Protection of Personal Information in the Private Sector.

We strive to implement data protection practices that are consistent with industry best practices and applicable legal requirements. However, we do not represent, warrant, or guarantee compliance with, or certification under, any specific security, privacy, or data protection framework, standard, or certification program, including but not limited to SOC 2, ISO 27001, ISO 27018, NIST Cybersecurity Framework, PCI DSS, HIPAA, or any other regulatory framework or industry standard. Our commitment is to implement commercially reasonable security measures appropriate for the nature of our Service and the data we process.

12. Disclaimer

While we implement commercially reasonable technical, administrative, and organizational measures designed to protect your data, you acknowledge and agree that no system, network, application, database, or data storage mechanism is completely secure, impervious to attack, or immune from all potential threats. We cannot and do not warrant, guarantee, or represent that your data will never be accessed, disclosed, altered, corrupted, lost, or destroyed as a result of a breach of our security measures, the actions or omissions of third-party service providers, technical failures, human error, malicious attacks, or any other cause, whether within or beyond our control. The data protection measures described in this Policy are provided on a commercially reasonable, best-effort basis and do not constitute, create, or imply any warranty, guarantee, service level agreement, performance commitment, or contractual obligation of any kind beyond what is expressly stated in our Terms of Service. Your use of the Service and your decision to store data through the Service is at your own risk. For important limitations on our liability, please refer to the Limitation of Liability and Disclaimer of Warranties sections in our Terms of Service.

13. Contact Us

If you have any questions, concerns, comments, or requests regarding our data protection practices, if you wish to request data export or deletion, or if you need to report a data security concern or potential breach, please contact us using the following information: