Privacy Policy

Last updated: January 15, 2025

§1 Information We Collect

DocForge collects information to provide and improve our PDF generation API service. The information we collect falls into two categories:

1.1 Information You Provide Directly

  • Account Information: Email address, name, company name (optional), and account preferences when you register
  • Payment Information: Handled entirely by Paddle (our payment processor). We receive only transaction confirmation and billing history, not your payment card details
  • API Data: JSON payloads submitted through our API for PDF generation. This includes any data you choose to include in your PDF templates
  • Communications: Information you provide when contacting our support team or participating in surveys

1.2 Information Collected Automatically

  • Usage Data: API call counts, error rates, feature usage patterns, and timestamps
  • Technical Data: IP address, browser type, operating system, device information, and referring URLs
  • Log Data: Server logs containing request details, response times, and API endpoints accessed

§2 How We Collect Your Data

We collect information through multiple methods:

  • Account Registration: When you sign up for DocForge via our website or API
  • API Usage: When you make API requests to generate PDFs
  • Payment Processing: When you subscribe to a paid plan through Paddle
  • Cookies & Analytics: When you visit our website or landing page
  • Support Interactions: When you contact us via email or submit feedback

§3 How We Use Your Information

We use your information for the following purposes:

Purpose Data Used Legal Basis
Provide PDF generation service API data, account info Contract performance
Process payments & subscriptions Billing info Contract performance
Account management & support Contact information Legitimate interests
Usage analytics & improvements Usage data, technical data Legitimate interests
Security & fraud prevention IP address, log data Legitimate interests
Marketing communications (opt-in) Email address Consent

§4 Third-Party Services

DocForge uses the following third-party services to operate our business:

4.1 Paddle.com (Payment Processing)

Paddle Market Ltd. handles all payment processing for DocForge subscriptions. When you subscribe, you interact directly with Paddle's checkout system. We do not store your credit card, debit card, or bank account information on our servers.

Paddle may collect certain personal data as a data controller under their privacy policy. We recommend reviewing Paddle's Privacy Policy to understand how they handle your data.

Data shared with Paddle: Email address, billing address, transaction amount, and subscription status.

4.2 AWS (Cloud Infrastructure)

We host our infrastructure on Amazon Web Services (AWS). Your API data is processed on AWS servers located primarily in the United States. AWS is certified under the EU-US Privacy Shield and provides data processing agreements.

4.3 Vercel (Website Hosting)

Our landing page is hosted on Vercel. Vercel may collect basic server logs and analytics. We recommend reviewing Vercel's Privacy Policy.

4.4 Google Analytics

We use Google Analytics to understand how visitors interact with our landing page. This service collects anonymized usage data including page views, session duration, and referral sources. You can opt out using browser extensions like uBlock Origin or by enabling Do Not Track in your browser.

§5 Cookies & Tracking Technologies

DocForge uses cookies and similar technologies for the following purposes:

5.1 Essential Cookies

Required for the Service to function:

  • Authentication cookies: Maintain your logged-in state
  • API session cookies: Validate API requests
  • Security tokens: Prevent CSRF attacks

5.2 Functional Cookies

Enhance your experience:

  • Preference cookies: Remember your settings and display preferences
  • Language preferences: Store your preferred language

5.3 Analytics Cookies

Help us understand usage patterns:

  • Google Analytics: Anonymous aggregated statistics about page visits
  • Error tracking: Help us identify and fix bugs
Managing Cookies: Most web browsers allow you to control cookies through their settings. However, disabling cookies may affect the functionality of the DocForge dashboard and API key management.

§6 Data Security

We take data security seriously and implement multiple layers of protection:

  • Encryption in Transit: All API communications use TLS 1.3 encryption
  • Encryption at Rest: Sensitive data is encrypted using AES-256
  • API Key Security: API keys are hashed before storage
  • Access Controls: Strict role-based access controls limit who can access user data
  • Infrastructure Security: Hosted on AWS with VPC isolation, firewalls, and DDoS protection
  • Regular Audits: We conduct periodic security reviews and vulnerability assessments

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

§7 Data Retention

We retain your data only for as long as necessary to fulfill the purposes outlined in this policy:

Data Type Retention Period Deletion Method
API payloads (JSON data) Not stored persistently — processed in memory and discarded Immediate deletion after response
Generated PDFs Not stored persistently — returned directly to you Immediate deletion after transfer
API logs (metadata) 90 days Automated deletion
Account information Duration of account + 30 days Secure deletion on account deletion
Billing records 7 years (tax compliance) Secure deletion after retention period
Support communications 2 years Manual or automated deletion

§8 Your Rights

Depending on your location, you may have the following rights regarding your personal data:

8.1 General Rights

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data (subject to legal retention requirements)
  • Restriction: Request that we limit how we process your data
  • Portability: Request your data in a structured, commonly used format
  • Objection: Object to processing based on legitimate interests

8.2 GDPR Rights (EEA Users)

If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation:

  • The right to withdraw consent at any time
  • The right to lodge a complaint with your local data protection authority
  • The right to data portability
  • Rights related to automated decision-making and profiling

8.3 CCPA Rights (California Residents)

If you are a California resident, you have the right to:

  • Know what personal information is collected about you
  • Know whether your personal information is sold or disclosed
  • Say no to the sale of personal information (we do not sell your data)
  • Access your personal information
  • Request deletion of your personal information
  • Not be discriminated against for exercising your privacy rights

8.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at docforge.team@gmail.com. We will respond to your request within 30 days. For data export requests, we will provide data in a commonly used format (JSON).

§9 Children's Privacy

DocForge is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately at docforge.team@gmail.com, and we will take steps to delete that information.

§10 International Data Transfers

DocForge is operated from the United States. If you are located outside the United States, your data will be transferred to and processed in the United States, which may have different data protection laws than your country.

For users in the European Economic Area, we ensure appropriate safeguards for international data transfers, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Transfer to countries with adequate data protection as determined by the European Commission

§11 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes:

  • We will notify you by email at least 30 days before the changes take effect
  • We will post a prominent notice on our website
  • We will update the "Last updated" date at the top of this policy

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

§12 Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For EU/EEA users with data protection concerns, you may also contact our designated Data Protection Officer at docforge.team@gmail.com.