Privacy Policy

Docmiral Ltd ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with:

• The UK General Data Protection Regulation (UK GDPR)
• The EU General Data Protection Regulation (GDPR)
• The Data Protection Act 2018
• UK Information Commissioner's Office (ICO) guidelines

1. Data Controller

Docmiral Ltd is the data controller responsible for your personal data. You can contact us at:

2. Information We Collect

2.1 Personal Information

When you create an account or use our services, we collect:

• Account Information: Username, email address, password (encrypted)
• Authentication Data: OAuth tokens (Google Sign-In)
• Profile Information: Display name, preferences, settings

2.2 Document Data

• User-Created Documents: Resumes, invoices, receipts, and other documents you create
• Templates: Custom templates you design or modify
• Bucket Data: Reusable data you store in our Buckets feature
• Temporary Documents: Documents created for preview or download that are never stored permanently on our servers

2.3 Usage Data

• Technical Information: IP address, browser type, device information, operating system
• Analytics Data: Page views, session duration, feature usage (via Google Analytics)
• API Usage: API calls, tokens consumed, request timestamps
• AI Interactions: Conversations with TARS AI assistant for document generation

2.4 Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: Required for authentication, security, and core functionality
• Analytics Cookies: Google Analytics for understanding usage patterns (requires your consent)

3. Legal Basis for Processing

Under UK GDPR and GDPR, we process your personal data based on:

• Contractual Necessity: To provide our document generation services and fulfill our terms of service
• Consent: For analytics cookies and marketing communications (you can withdraw consent at any time)
• Legitimate Interests: To improve our services, prevent fraud, and ensure platform security
• Legal Obligations: To comply with UK and EU laws, regulations, and legal processes

4. How We Use Your Information

• Service Delivery: To provide document generation, template creation, and AI-powered features
• Account Management: To create and manage your account, authenticate access, and maintain security
• Communication: To send service updates, security alerts, and respond to support inquiries
• Improvement: To analyze usage patterns and improve our platform features and performance
• API Services: To provide programmatic access to our document generation capabilities
• AI Processing: To enable TARS AI assistant to help you create and edit documents
• Security: To detect, prevent, and address fraud, abuse, and security incidents

5. Temporary Documents and Data Retention

5.1 Temporary Documents

When you generate documents for preview or immediate download, these files are created temporarily and are never permanently stored on our servers. Temporary files are automatically deleted within 24 hours or immediately after download, whichever comes first.

5.2 Saved Documents

Documents, templates, and data you explicitly save to your account are retained until:

• You delete them manually
• You request account deletion
• Your account is inactive for 3 years (we will notify you before deletion)

5.3 Backup and Recovery

Deleted data may remain in encrypted backups for up to 30 days for disaster recovery purposes, after which it is permanently erased.

6. Data Security

We take the security of your personal data seriously and implement industry-standard measures to protect it:

6.1 Infrastructure Security

• Dedicated Infrastructure: All data is stored on secure, dedicated servers with restricted physical access
• Network Security: Firewalls, intrusion detection systems, and regular security audits
• SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using HTTPS
• Database Security: Separate PostgreSQL and MongoDB databases with encrypted connections

6.2 Data Encryption

• Password Encryption: All user passwords are hashed using bcrypt with individual salts
• Data at Rest: Sensitive data is encrypted in our databases
• Backup Encryption: All backups are encrypted and stored securely

6.3 Access Controls

• Role-Based Access: Access to user data is restricted based on job function and necessity
• Authentication: Multi-factor authentication for administrative access
• File Access Levels: All files and documents require proper authentication and authorization
• Audit Logs: Comprehensive logging of data access and modifications
• Limited Personnel: Only authorized technical staff have access to production systems

6.4 Regular Security Updates

• Regular software updates and security patches
• Vulnerability scanning and penetration testing
• Security incident response procedures
• Employee security training and awareness programs

7. Your Rights Under UK GDPR and GDPR

You have the following rights regarding your personal data:

To exercise any of these rights, please contact us at privacy@docmiral.com. We will respond to your request within 30 days.

8. Third-Party Services

We use the following third-party services:

8.1 Google Services

• Google Analytics: Website analytics (requires cookie consent)
• Google OAuth: Optional sign-in method using your Google account

8.2 OpenAI

Our TARS AI assistant uses OpenAI's API to help generate and edit documents. Data sent to OpenAI is processed according to their privacy policy and is not used to train their models.

8.3 Payment Processors

Payment information is processed securely by our payment provider. We do not store full credit card numbers on our servers.

9. International Data Transfers

Your data is primarily stored in the UK/EU. When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for countries with equivalent data protection laws
• Additional security measures for transfers to third countries

10. How to Delete Your Data

10.1 Individual Items

You can delete the following directly from your account:

• Individual documents (delete button in document list)
• Custom templates (delete button in template manager)
• Bucket data (delete button in Buckets section)
• API tokens (revoke in API settings)

10.2 Complete Account Deletion

To permanently delete your account and all associated data:

1. Email support@docmiral.com with subject "Account Deletion Request"
2. We will verify your identity and confirm the deletion
3. All your data will be permanently deleted within 30 days
4. You will receive confirmation once deletion is complete

Note: Account deletion is permanent and cannot be undone. Please export any data you wish to keep before requesting deletion.

11. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at privacy@docmiral.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes:

• We will update the "Last Updated" date at the top of this page
• We will notify you via email for material changes
• We may require your renewed consent for certain types of processing

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: