Privacy Policy

1. Scope and Controller

This Privacy Policy describes how DocBeacon ("we", "us", "our") collects, uses, discloses, and protects personal information when you use our websites, applications, and related services (the "Services"). If you are located in the EEA/UK, DocBeacon is the controller for personal data we collect directly from you; for Customer Content, we act as a processor on behalf of the Customer. For account, billing, support, website, and service analytics data we collect directly, we act as an independent controller globally.

2. Information We Collect

  • Account Information: name, email address, password, and profile settings you provide.
  • Customer Content: documents, files, and metadata you upload or submit to the Services (which may include personal data provided by you).
  • Usage and Device Data: IP address, device identifiers, browser type, operating system, pages viewed, time spent, interactions (e.g., document views, downloads), and diagnostic logs.
  • Payment Information: billing details processed by our payment processor (we do not store full payment card numbers).
  • Cookies and Similar Technologies: identifiers that help us operate, secure, and improve the Services.

Sensitive Data: We do not intentionally collect or process special categories of personal data or similarly sensitive information. Please do not submit health information, biometric data, government identifiers, financial account numbers, authentication credentials, children’s data, or other data subject to specialized regulations (e.g., HIPAA, FERPA, PCI DSS, ITAR).

3. Sources of Information

We collect information directly from you, automatically through the Services, and from third parties such as identity providers, payment processors, conversion partners, and analytics providers.

4. How We Use Information (Purposes and Legal Bases)

  • Provide and maintain the Services (performance of contract).
  • Process payments and subscriptions (performance of contract/legal obligation).
  • Communicate with you about updates, security, and administrative matters (legitimate interests/contract).
  • Improve and develop features, including analytics and troubleshooting (legitimate interests).
  • Protect, investigate, and prevent security incidents and abuse (legitimate interests/legal obligation).
  • Marketing with your consent where required; you may opt out of non-essential communications at any time.

5. Sharing of Information

  • Service Providers: We share information with vendors who process data on our behalf, such as payment processing (e.g., Paddle), document conversion (e.g., CloudConvert), hosting, email delivery, and analytics. We use commercially reasonable efforts to engage providers under appropriate data protection commitments. We maintain a list of key sub-processors and will provide reasonable prior notice of material changes. If you reasonably object to a new sub-processor, we will work in good faith to provide a commercially reasonable alternative or, if none is feasible, allow you to terminate the affected Services without penalty.
  • Compliance and Protection: We may disclose information to comply with law, legal process, or to protect rights, property, and safety.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, information may be transferred subject to this Policy.
  • Aggregated/De-identified Data: We may share or publish information that does not identify you.

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising as defined by applicable law.

6. International Transfers

We may transfer personal information to countries other than your own. Where required, we implement appropriate safeguards such as EU Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement (IDTA) or Addendum, and other legally recognized mechanisms.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Policy, comply with legal obligations, resolve disputes, and enforce agreements. Retention for Customer Content may be controlled by the Customer’s settings and instructions. We may also retain limited information for fraud prevention, security, and compliance where permitted by law.

8. Security

We use reasonable technical and organizational measures to protect personal information. Security is a shared responsibility: you are responsible for safeguarding account credentials and configuring appropriate access controls in your environment. We will notify you without undue delay of a confirmed Security Incident affecting personal information processed in the Services and will provide information reasonably necessary to help you meet legal obligations. Where required by law, we will use commercially reasonable efforts to issue initial notice within 72 hours after confirmation.

9. Your Rights and Choices

  • EEA/UK Individuals: You may have the right to request access, rectification, erasure, restriction, portability, and to object to processing. You may also withdraw consent where processing is based on consent.
  • California Residents: You may have rights to know, delete, correct, and to opt out of the "sale" or "sharing" of personal information (we do not sell personal information as defined by California law). We will not discriminate against you for exercising your rights.
  • Marketing Preferences: You may opt out of non-essential emails by using the unsubscribe link or contacting us.

To exercise rights, contact support@docbeacon.io. For Customer Content, please direct requests first to the Customer (the data controller); we will support the Customer in responding to verified requests as required by law. We may request information necessary to verify your identity and request.

10. Cookies and Tracking

We use cookies and similar technologies to provide, secure, and improve the Services. You can manage cookie preferences through your browser settings. Some features may not function properly without certain cookies. We do not respond to "Do Not Track" signals at this time.

11. Children’s Privacy

The Services are not directed to individuals under the age of 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us to request deletion.

12. Customer Content and Processor Role

For Customer Content, we process data on behalf of the Customer and in accordance with the Customer’s instructions and settings. Customers are responsible for obtaining necessary consents and providing required disclosures to individuals whose personal data may be included in Customer Content. We make available a standard Data Processing Addendum (DPA) that incorporates appropriate cross-border transfer mechanisms (e.g., EU SCCs and UK IDTA, where applicable). We generally do not negotiate bespoke DPAs; however, for enterprise plans we may consider limited modifications (for example, notification timelines, audit procedures, or aligning liability with our Terms). Please contact support@docbeacon.io to request our standard DPA.

13. Third-Party Links and Services

The Services may contain links to or integrations with third-party websites or services. We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide reasonable notice (e.g., by email or in-product notice). Your continued use of the Services after the effective date of the updated Policy constitutes acceptance.

15. Contact Us

If you have questions, concerns, or complaints about this Policy or our practices, contact support@docbeacon.io. Depending on your location, you may have the right to lodge a complaint with a supervisory authority.

DocBeacon is operated by VIOware Technologies Co.

Last updated: 16 September 2025