1. Introduction
DocuLume ("we", "us", or "our") is committed to protecting your personal data and your right to privacy. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and what rights you have in relation to it.
This policy applies to all users of the DocuLume platform and website. Please read it carefully.
2. Data We Collect
We collect the following categories of personal data:
- Account Data: Name, email address, username, company name, profile picture, and password hash (encrypted).
- Authentication & Security Data: Login timestamps, IP addresses, browser user-agent strings, and Terms & Conditions acceptance records (for legal audit purposes).
- Usage Data: Pages accessed, features used, search queries within the platform, session duration, and error logs.
- Document Content: Documents, contracts, and other files you upload to the Service. This content is processed solely to provide the Service to you.
- Communication Data: Any information you include in support requests, feedback forms, or other communications with us.
- Payment & Billing Data: Where applicable, payment information is processed by our third-party payment processor and is not stored directly by DocuLume.
3. How We Use Your Data
We use your personal data for the following purposes:
- To create and manage your account and provide access to the Service.
- To process and analyse documents you upload as requested by you.
- To ensure platform security, detect fraud, and prevent abuse.
- To record evidence of your acceptance of our Terms & Conditions.
- To send essential transactional communications (e.g. password resets, security alerts).
- To improve and develop our products and features (using aggregated or anonymised data).
- To comply with legal obligations.
We do not sell your personal data to third parties. We do not use your content (documents you upload) to train AI models without your explicit consent.
4. Legal Bases for Processing (GDPR)
Where the General Data Protection Regulation (GDPR) applies, we process your personal data on the following legal bases:
- Contract: Processing necessary to provide the Service you have subscribed to.
- Legal Obligation: Processing required to comply with applicable law.
- Legitimate Interests: Security monitoring, fraud prevention, and product improvement, where these do not override your rights.
- Consent: Where we rely on consent (e.g. optional marketing communications), you may withdraw consent at any time.
5. Data Sharing
We may share your data with the following categories of third parties only as necessary to provide the Service:
- Cloud Infrastructure Providers (e.g. Microsoft Azure) for hosting and storage.
- AI / LLM Service Providers for document analysis features. We select providers whose terms of service prohibit the use of customer data for model training. Your documents are not used to train AI models.
- Authentication Providers where SAML/SSO is configured by your organisation.
- Legal & Compliance: Where we are required to do so by law, court order, or regulatory authority.
Sub-processor Transparency: A current list of our third-party sub-processors is available upon request. We work with sub-processors whose terms include appropriate data processing and security requirements.
6. Data Retention
We retain your personal data for as long as your account is active or as necessary to provide the Service. Login history and consent records may be retained for legal and audit purposes. When you delete your account, we will delete or anonymise your personal data within 90 days, except where retention is required by law.
Trial account data may be deleted 30 days after the trial period ends without further notice.
7. Your Rights
You may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate data.
- Deletion: Request deletion of your data, subject to legal retention requirements.
- Data Portability: Request an export of your data.
- Withdraw Consent: Where consent is the legal basis, withdraw it at any time without affecting prior processing.
To exercise your rights, please contact us at support@pspinsights.com. We will respond within 30 days.
8. Cookies & Tracking
DocuLume uses strictly necessary cookies and session tokens (including an HttpOnly refresh token cookie) solely to authenticate users and maintain session security. We do not use advertising or third-party tracking cookies.
9. Data Location
DocuLume is intended for use in the United States. Your data is stored and processed in the United States on Microsoft Azure infrastructure.
10. Security
We implement industry-standard technical and organisational security measures including encryption in transit (TLS), encryption at rest, access controls, audit logging, and regular security assessments. Despite our efforts, no system is completely immune to security risks. We recommend using strong, unique passwords and enabling any available multi-factor authentication.
We maintain comprehensive incident response policies. In the event of a verified security breach that results in the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of your personal data or Document Content, we will notify you without undue delay. Notifications will include the nature of the breach, the likely consequences, and the measures we are taking to mitigate any adverse effects, in accordance with applicable legal and regulatory requirements.
11. Children's Privacy
The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be reflected in an updated version number and effective date above. Continued use of the Service after any update constitutes your acceptance of the revised policy.
13. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at support@pspinsights.com.