DocuNile Inc. ("DocuNile", "we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights regarding that data. This Policy applies to all users of the DocuNile platform, website, Scanner Bridge utility, and related services.
1. Data Controller
DocuNile Inc. is the data controller for personal data collected through our website and cloud-hosted platform. For on-premises and air-gapped deployments, your organization is the data controller for all Customer Data stored within your infrastructure, and DocuNile acts solely as a data processor.
Contact our Data Protection Officer: privacy@docunile.com
2. Data We Collect
2.1 Account & Identity Data
- Full name and email address (required for account creation)
- Organization name and domain
- Job title and role (optional, used for access control)
- Profile photo (optional)
- Authentication credentials (stored as salted hashes — we never store plain-text passwords)
- SSO/SAML identity provider tokens and session identifiers
2.2 Documents & Customer Data
When you use the DMS or e-signature features, you upload documents and records. These may contain personal data about third parties (e.g., contract counterparties, patient records, employee files). You, as the tenant administrator, are responsible for the lawful basis for processing this data. DocuNile processes it only on your instructions.
- Uploaded documents (PDF, TIFF, DOC, images, and other file formats)
- AI-extracted metadata: parties, dates, financial terms, clause summaries
- Physical archive records and box contents metadata
- Electronic signature envelopes: signer names, email addresses, signing timestamps, IP addresses, device fingerprints, signature images, and certificate data
- Scanner Bridge captures: scanned document binary data transmitted to the platform
2.3 Usage & Telemetry Data
- Pages visited, features accessed, and time spent in the application
- API requests and response codes (excluding request/response body content)
- AI credit consumption per operation type
- File upload counts, sizes, and MIME types
- Error logs (anonymized — no document content is included)
2.4 Technical & Device Data
- IP address (used for geolocation-based access controls and fraud prevention)
- Browser type and version, operating system
- Device fingerprint (for e-signature audit trails only)
- Scanner Bridge: device hostname, USB device identifiers (for PKI token verification)
- Session tokens and cookies
2.5 Billing & Payment Data
- Company billing address and VAT/Tax ID
- Payment method details are processed by our payment processor (Stripe). DocuNile does not store full card numbers.
- Invoice history and subscription status
2.6 Demo & Contact Requests
- Name, company name, work email address, and phone number submitted via our demo request form
- Messages describing your use case or requirements
3. How We Use Your Data
We use the data we collect for the following purposes:
- Service delivery: Authenticating users, processing documents, generating AI outputs, managing e-signature workflows, and operating physical archive records.
- Audit & compliance: Maintaining immutable append-only audit logs of all tenant activity for regulatory compliance and evidence preservation.
- Security: Detecting and preventing unauthorized access, fraudulent activity, and abuse. IP addresses and device data are used for anomaly detection.
- Customer support: Responding to inquiries, support tickets, and demo requests submitted through our website or in-product support channels.
- Product improvement: Aggregated, anonymized usage telemetry to understand feature adoption and improve the platform. We never use your document content for this purpose.
- Communications: Sending transactional emails (password resets, signature requests, system alerts) and, where you have opted in, product updates and marketing communications.
- Billing: Processing payments, managing subscriptions, and issuing invoices.
- Legal obligations: Complying with applicable laws, responding to lawful requests from courts or government authorities.
4. AI Processing & Your Documents
When you use DocuNile's AI features (summarization, extraction, semantic search, risk scoring, grounded chat), your documents are processed by AI models. We want to be explicit about how this works:
- Tenant isolation: AI processing occurs within your tenant boundary. Documents from one tenant are never used as context for another tenant's queries.
- No training use: Your documents and extracted data are never used to train, fine-tune, or improve AI models — either by DocuNile or any third-party AI provider.
- Model providers: For cloud deployments, we route AI requests to third-party large language model providers (currently OpenRouter / Anthropic) under data processing agreements that prohibit training on customer data. For on-premises deployments, AI processing occurs entirely within your infrastructure.
- Vector embeddings: Document content is converted to numerical vector embeddings and stored in your tenant's PostgreSQL/pgvector instance. These embeddings are not human-readable and are deleted when you delete the source document.
5. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA) and United Kingdom, our legal bases for processing personal data are:
- Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service you subscribed to.
- Legitimate interests (Art. 6(1)(f)): Security monitoring, fraud prevention, product improvement (using anonymized data), and responding to demo requests.
- Consent (Art. 6(1)(a)): Marketing communications and optional analytics. You can withdraw consent at any time.
- Legal obligation (Art. 6(1)(c)): Compliance with applicable laws, including data breach notification obligations.
6. Data Sharing & Third Parties
We do not sell your personal data. We may share data with the following categories of third parties, under contractual data processing obligations:
- Cloud infrastructure: Amazon Web Services (AWS) — document storage (S3), compute, and database hosting. Data is encrypted at rest and in transit.
- AI processing: OpenRouter / Anthropic — for processing AI queries. Only document content required for the specific query is transmitted. Zero training data use.
- Payment processing: Stripe — for billing and payment processing. Governed by Stripe's Privacy Policy and PCI DSS compliance.
- Authentication (cloud): WorkOS AuthKit — for enterprise SSO, SAML, and OAuth integrations where configured.
- Email delivery: Transactional email providers for sending system notifications and support communications.
- Legal compliance: We may disclose data to law enforcement or courts when required by law, with a valid legal process, or to protect the rights and safety of our users.
For on-premises and air-gapped deployments, no data is transmitted to any of the above third parties from your environment unless explicitly configured by you.
7. Data Retention
- Active accounts: Customer Data is retained for as long as your subscription is active.
- After cancellation: Customer Data is retained for 30 days post-cancellation to allow export, then permanently deleted.
- Audit logs: Append-only audit logs are retained for 7 years by default (configurable per plan) for compliance purposes.
- E-signature records: Signed envelopes and certificates are retained for the period specified in your plan or as required by applicable electronic signature laws.
- Demo requests: Contact information from demo requests is retained for 2 years or until you request deletion.
- Anonymized telemetry: Aggregated, anonymized usage data may be retained indefinitely as it does not constitute personal data.
8. Data Security
We apply technical and organizational measures to protect your data, including:
- AES-256 encryption at rest for all stored documents and database records
- TLS 1.3 encryption for all data in transit
- Per-tenant cryptographic key isolation — no shared encryption keys between tenants
- Append-only audit log architecture that prevents deletion or modification of records
- Role-based access controls (RBAC) with fine-grained permission scoping
- SOC 2 Type II designed controls
- Regular penetration testing and vulnerability scanning
9. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate personal data.
- Erasure ("right to be forgotten"): Request deletion of your personal data, subject to our retention obligations.
- Restriction: Request that we restrict processing of your data in certain circumstances.
- Portability: Receive your personal data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests.
- Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.
To exercise any of these rights, contact us at privacy@docunile.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority (e.g., the UK ICO or an EU supervisory authority).
10. Cookies
We use the following cookies:
- Session cookies (essential): Required for authentication and to maintain your logged-in state. These expire when you close your browser or when your session times out.
- Preference cookies (functional): Store your UI preferences (theme, language). These persist for 12 months.
- Analytics cookies (optional): Aggregated usage analytics to improve the platform. You can opt out via the cookie consent banner.
We do not use third-party advertising or tracking cookies.
11. International Data Transfers
If you are located in the EEA or UK and use our cloud-hosted Service, your data may be processed in data centers outside the EEA/UK (e.g., AWS US East). We ensure adequate safeguards through Standard Contractual Clauses (SCCs) approved by the European Commission.
For customers with strict data residency requirements, we offer region-specific hosting in EU data centers (AWS Frankfurt) as part of our Enterprise plan.
12. Children's Privacy
The Service is not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or via a prominent notice within the Service at least 14 days before the changes take effect.
14. Contact Us
For any privacy-related questions, requests, or complaints:
DocuNile Inc.
Data Protection Officer
Email: privacy@docunile.com
For EU/UK inquiries: we can be reached via our registered representative in the EU.