DocsGPT Cloud

1. Introduction

DocsGPT Cloud, operated by Arc53 ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our AI-powered document Q&A platform ("Service").

By using our Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Personal Information You Provide

• Account Information: Name, email address, profile information
• Billing Information: Payment details, billing addresses (processed by Stripe)
• Organization Information: Company details, team member information
• Communication Data: Support requests, feedback, correspondence

2.2 Documents and Content

• Uploaded Documents: PDFs, Word documents, spreadsheets, and other files you upload
• Document Content: Text extracted from your documents for processing
• AI Interactions: Questions you ask and AI-generated responses
• User Feedback: Ratings and feedback on AI responses

2.3 Automatically Collected Information

• Usage Analytics: Feature usage, interaction patterns, session duration
• Technical Data: IP addresses, browser type, device information, operating system
• Performance Data: API response times, error rates, system performance metrics
• Cookies and Tracking: Website behavior, preferences, authentication tokens

2.4 Third-Party Information

• Authentication Data: Information from Clerk.dev authentication service
• Social Media: Profile information if you connect social media accounts
• Integration Data: Information from connected services (Google Drive, GitHub, etc.)

3. How We Use Your Information

3.1 Core Service Functionality

• Process and analyze your documents using AI models
• Generate responses to your questions about documents
• Provide document search and retrieval capabilities
• Enable collaboration within organizations
• Maintain and improve AI model performance

3.2 Account and Billing Management

• Create and maintain your user account
• Process payments and manage subscriptions
• Send billing notifications and receipts
• Provide customer support services
• Verify identity and prevent fraud

3.3 Service Improvement and Analytics

• Analyze usage patterns to improve the Service
• Monitor system performance and reliability
• Conduct research and development for new features
• Generate aggregated, anonymized usage statistics
• Track user satisfaction and feedback

3.4 Communication

• Send transactional emails (account notifications, billing updates)
• Provide customer support responses
• Send product updates and feature announcements
• Deliver security alerts and important notices

4. How We Share Your Information

4.1 Third-Party Service Providers

We share information with trusted service providers who assist in operating our Service:

4.2 Business Transfers

We may share information in connection with mergers, acquisitions, or asset sales. Users will be notified via email and/or Service notice of any change in ownership.

4.3 Legal Requirements

We may disclose information when required by law, legal process, or to:

• Comply with legal obligations
• Protect the rights, property, or safety of DocsGPT, users, or others
• Investigate potential violations of our Terms of Service
• Respond to claims of intellectual property infringement

4.4 Consent

We may share information for other purposes with your explicit consent.

5. Data Security and Protection

5.1 Security Measures

• Encryption of data in transit and at rest
• Secure authentication using JWT tokens
• Regular security assessments and updates
• Access controls and role-based permissions
• Monitoring for suspicious activities

5.2 Data Storage

• Primary data stored in MongoDB databases
• Vector embeddings stored in specialized databases (FAISS, Elasticsearch, etc.)
• File storage in secure cloud storage (AWS S3)
• Redis caching for temporary data
• Data stored across multiple secure regions: Frankfurt, Germany; United States; Netherlands; United Kingdom

5.3 Data Breach Response

In the event of a data breach affecting personal information, we will:

• Promptly investigate and contain the incident
• Notify affected users within 72 hours when required by law
• Cooperate with law enforcement and regulatory authorities
• Take steps to prevent future incidents

6. Your Privacy Rights

6.1 Access and Portability

• View and download your personal information
• Export your documents and data
• Receive copies of data we hold about you

6.2 Correction and Updates

• Correct inaccurate personal information
• Update your account details and preferences
• Modify organization settings and permissions

6.3 Deletion and Retention

• Delete your account and associated data
• Request removal of specific documents or content
• Data is typically deleted within 30 days of account termination

6.4 Consent Management

• Withdraw consent for optional data processing
• Opt out of non-essential communications
• Manage cookie preferences and tracking

6.5 Regional Privacy Rights

7. Data Retention

7.1 Account Data

• Personal information retained while your account is active
• Billing records retained for 7 years for accounting purposes
• Usage analytics retained for 2 years for service improvement

7.2 Document Data

• Documents retained based on your subscription tier
• Vector embeddings retained to enable document search
• AI interaction history retained for conversation history retrieval

7.3 Automatic Deletion

• Inactive free accounts may be deleted after 12 months
• Cancelled subscriptions may retain data for 30 days
• Deleted data is typically purged within 30 days

8. International Data Transfers

8.1 Cross-Border Processing

Your information may be processed in countries other than your residence, including:

• United Kingdom (company headquarters)
• Germany (service providers and data processing)
• United States (service providers and data processing)
• Netherlands (service providers and data processing)
• Other regions where our service providers operate

8.2 Transfer Safeguards

We ensure appropriate safeguards for international transfers through:

• Standard contractual clauses with service providers
• Adequacy decisions where applicable
• Additional security measures for sensitive data

9. Children's Privacy

9.1 Age Restrictions

• Our Service is not intended for children under 13
• We do not knowingly collect information from children under 13
• If we discover we have collected information from a child under 13, we will delete it

9.2 Teen Users (13-17)

• Users aged 13-17 must have parental consent
• Parents may request access to their teen's information
• Special protections apply for teen user data

10. Cookies and Tracking Technologies

10.1 Types of Cookies

• Essential Cookies: Required for Service functionality
• Analytics Cookies: Help us understand usage patterns
• Preference Cookies: Remember your settings and preferences
• Marketing Cookies: Deliver relevant content and advertisements

10.2 Managing Cookies

• Browser settings can control cookie acceptance
• Some Service features may not work without essential cookies
• Third-party cookies are governed by third-party privacy policies

10.3 Do Not Track

Our Service does not currently respond to Do Not Track browser signals, but we provide other privacy controls as described in this policy.

11. Updates to This Privacy Policy

11.1 Policy Changes

• We may update this Privacy Policy periodically
• Material changes will be communicated via email or Service notification
• Continued use after changes constitutes acceptance
• Previous versions available upon request

11.2 Notification Methods

• Email notifications to registered users
• Updated effective date at the top of this policy

12. Third-Party Services and Links

12.1 Integrated Services

Our Service integrates with third-party services with their own privacy policies:

• Clerk.dev (authentication)
• Stripe (payments)
• PostHog (analytics)
• AI model providers
• Cloud storage providers

12.2 External Links

Our Service may contain links to external websites. We are not responsible for the privacy practices of linked sites.

13. Contact Information

13.1 Privacy Inquiries

For questions about this Privacy Policy or your personal information:

• Email: contact@docsgpt.cloud
• Company: Arc53
• Address: 101 Rose Street South Lane, Edinburgh, Scotland, EH2 3JG
• Phone: [Available upon request]

13.2 Data Protection Officer

If required by law, our Data Protection Officer can be contacted at:

• Email: contact@docsgpt.cloud

13.3 Supervisory Authorities

EU residents may contact their local data protection authority with concerns or complaints.

14. Legal Basis for Processing (GDPR)

For EU users, our legal bases for processing personal information include:

• Contract: Processing necessary to provide the Service
• Legitimate Interest: Analytics, security, and service improvement
• Consent: Optional features and communications
• Legal Obligation: Compliance with applicable laws

15. Automated Decision Making

15.1 AI Processing

Our Service uses AI models to process documents and generate responses. This processing is:

• Necessary for Service functionality
• Subject to human oversight when requested
• Not used for solely automated decision-making with legal effects

15.2 User Control

You maintain control over:

• What documents to upload and process
• Which AI models to use
• How to interpret and use AI responses