1. Information We Collect
Account Information
When you create an account, we collect your name, email address, and password (stored as a secure hash). If you sign up through a third-party provider (Google, GitHub), we receive only the profile data you authorize.
Usage Data
We automatically collect data about how you interact with Docme — pages visited, features used, upload sizes, and session duration. This data is used to improve our service and is never sold.
Document Metadata
We store metadata about documents you upload (file name, size, type, upload date). Document contents are encrypted at rest and are never read or analyzed by Docme staff.
Viewer Analytics
When recipients view your shared documents, we collect the IP address (used for approximate geolocation only), browser type, device type, and time-per-page data. This data is visible to the document owner.
2. How We Use Your Information
To provide the service
We use your information to authenticate you, store your documents, generate share links, deliver analytics, and send you transactional emails (e.g., password resets, document access notifications).
To improve Docme
Aggregated, anonymized usage data helps us understand which features are most valuable and where we should invest in improvements. This data cannot be traced back to individuals.
To communicate with you
We may send you product updates, security alerts, and occasional marketing emails. You can unsubscribe from marketing emails at any time via the link in the email footer.
3. Data Sharing and Third Parties
We do not sell your data
Docme does not sell, rent, or trade your personal information to third parties. Period.
Service providers
We use a limited number of trusted service providers to operate Docme: cloud infrastructure (AWS), transactional email (Postmark), and payment processing (Stripe). Each provider is bound by strict data processing agreements.
Legal requirements
We may disclose your information if required by law, court order, or governmental authority. We will notify you unless legally prohibited from doing so.
4. Data Security
Encryption
All data is transmitted over TLS 1.2+ (HTTPS). Documents stored in our object storage are encrypted at rest using AES-256. Database records containing sensitive fields are additionally encrypted at the application layer.
Access controls
Access to production data is restricted to a small number of authorized engineers and requires multi-factor authentication. All access is logged and audited.
Incident response
In the event of a data breach affecting your personal information, we will notify you within 72 hours via email and provide clear information about what was affected and what steps to take.
5. Your Rights
Access and portability
You can export all your data (documents, analytics, account info) at any time from your account settings. We provide exports in standard JSON and CSV formats.
Deletion
You can delete your account and all associated data at any time from your profile settings. Deletion is permanent and irreversible. We retain anonymized, aggregated statistics that cannot be linked back to you.
GDPR and CCPA
If you are located in the EU/EEA or California, you have additional rights under GDPR and CCPA respectively, including the right to object to processing and to lodge a complaint with a supervisory authority. Contact privacy@docme.cc to exercise these rights.
7. Contact Us
For privacy questions, data requests, or concerns, contact our Privacy team at privacy@docme.cc. We aim to respond within 5 business days.