DocsMake

Privacy Policy

Last updated: March 1, 2026

1. Introduction

DocsMake ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our document automation platform.

This policy applies to users in the European Union (EU), United States (US), and worldwide. We comply with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, company name, billing information
  • Document Data: Templates, data files, and generated documents you upload or create
  • Communication Data: Messages, feedback, and support requests
  • Waitlist Data: Email address, name, and use case information

2.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent, actions taken
  • Device Information: Browser type, operating system, device identifiers
  • Log Data: IP address, access times, error logs
  • Cookies: Session cookies, preference cookies, analytics cookies

3. How We Use Your Information

  • Provide and maintain our document automation services
  • Process your documents and generate PDFs
  • Send you service updates, security alerts, and administrative messages
  • Respond to your inquiries and provide customer support
  • Improve our platform, develop new features, and conduct research
  • Prevent fraud, unauthorized access, and ensure platform security
  • Comply with legal obligations and enforce our Terms of Use
  • Send marketing communications (with your consent, where required)

4. Legal Basis for Processing (GDPR)

For EU users, we process your personal data based on:

  • Contract Performance: Processing necessary to provide our services
  • Legitimate Interests: Improving our platform, preventing fraud, analytics
  • Legal Obligation: Compliance with laws and regulations
  • Consent: Marketing communications and optional features (you may withdraw consent anytime)

5. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

5.1 Service Providers

  • Cloud hosting providers (data storage and processing)
  • Payment processors (billing and subscriptions)
  • Email service providers (transactional emails)
  • Analytics providers (Google Analytics, with anonymization)

5.2 Legal Requirements

We may disclose information if required by law, court order, or governmental authority, or to protect our rights, property, or safety.

6. Data Storage and Security

We implement industry-standard security measures including encryption, access controls, and regular security audits. Your documents are:

  • Encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Stored on secure servers in data centers compliant with SOC 2 standards
  • Accessible only by authorized personnel on a need-to-know basis
  • Automatically deleted after the retention period (unless you choose to keep them)

Data Location: Data may be processed and stored in the US and EU. For EU users, we ensure adequate safeguards through Standard Contractual Clauses.

7. Data Retention

  • Account Data: Retained while your account is active and for 90 days after deletion
  • Generated Documents: Retained according to your settings (default: 30 days)
  • Templates: Retained until you delete them
  • Logs and Analytics: Retained for up to 26 months
  • Billing Records: Retained for 7 years for tax compliance

8. Your Rights

8.1 GDPR Rights (EU Users)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Request limitation of processing
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for marketing or optional processing
  • Lodge a Complaint: File a complaint with your local data protection authority

8.2 CCPA Rights (California Users)

California residents have the right to:

  • Know what personal information is collected
  • Know whether personal information is sold or disclosed
  • Opt-out of the sale of personal information (we do not sell data)
  • Request deletion of personal information
  • Non-discrimination for exercising privacy rights

To exercise your rights: Email us at privacy@docsmake.com or use the in-app settings.

9. Cookies and Tracking

We use the following types of cookies:

  • Essential Cookies: Required for platform functionality (session management)
  • Analytics Cookies: Google Analytics to understand usage patterns (anonymized)
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling essential cookies may affect platform functionality.

10. Third-Party Services

We use the following third-party services:

  • Google Analytics: Website analytics (anonymized IP addresses)
  • Payment Processors: Stripe for secure payment processing
  • Email Services: Transactional email delivery
  • Cloud Infrastructure: Secure document storage and processing

These providers have their own privacy policies and may collect data independently.

11. Children's Privacy

DocsMake is not intended for children under 16 (EU) or 13 (US). We do not knowingly collect personal information from children. If we discover we have collected data from a child, we will delete it immediately.

12. International Data Transfers

Your data may be transferred to and processed in countries outside your residence, including the United States. We ensure appropriate safeguards through:

  • EU Standard Contractual Clauses (SCCs) for EU data
  • Adequate data protection agreements with service providers
  • Compliance with EU-US Data Privacy Framework principles

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or platform notification at least 30 days before they take effect. Your continued use after changes constitutes acceptance.

14. Contact Us

For privacy-related questions, concerns, or to exercise your rights:

EU Representative: For GDPR inquiries, contact our EU representative at eu-privacy@docsmake.com

We will respond to all requests within 30 days (or as required by applicable law).

15. Your California Privacy Rights

California residents have specific rights under the CCPA. In the past 12 months, we have:

  • Not sold personal information
  • Not shared personal information for cross-context behavioral advertising
  • Collected personal information as described in Section 2

To exercise your CCPA rights, email privacy@docsmake.com with "CCPA Request" in the subject line.

16. Data Security Incident Response

In the event of a data breach affecting your personal information, we will:

  • Notify you within 72 hours (as required by GDPR)
  • Inform relevant supervisory authorities
  • Provide details about the breach, affected data, and remedial actions
  • Take immediate steps to secure systems and prevent future incidents
← Back to DocsMake