doczap

doczap Privacy Policy

Effective Date: 29 May 2025
Dear Inc. is the data controller.

1. Scope

This Policy applies to doczap.io, its APIs, SDKs, dashboards, support channels, marketing sites, and related services.

2. Personal Data We Collect

CategoryExamplesPurpose
Account DataName, company, email, phoneAccount creation, authentication, support
Payment DataLast-4 digits, card brand (tokenised by Stripe)Billing, fraud prevention
Technical LogsIP address, user agent, API key ID, request/response metadataSecurity, abuse monitoring, analytics
Content DataPDF or other files Customer uploads for Template creationRendering, QA, support
CommunicationsEmails, tickets, chat transcriptsCustomer service, dispute resolution

3. Legal Bases

  • Performance of contract (GDPR Art 6 (1)(b))
  • Legitimate interests (service improvement, security) (Art 6 (1)(f))
  • Compliance with legal obligations
  • Consent where required for marketing emails or cookies

4. How We Use Personal Data

Provide and improve the Service, process payments, communicate with Customer, detect fraud, comply with law, enforce Terms, and conduct analytics.

5. Sharing and Disclosure

  • Processors: Stripe (payments), Cloudflare & Supabase (hosting), analytics providers.
  • Business transfers: As part of merger, acquisition, or asset sale.
  • Legal: When required by court order or to defend legal rights.
  • Template QA Contractors: Limited, secure access under NDA.

6. International Transfers

Data may be stored or processed in Japan, the United States, the EU, or other regions where we or our processors operate. For EEA/UK transfers we will implement Standard Contractual Clauses (SCC) or successor mechanisms.

7. Security

TLS 1.2+, encryption at rest, least-privilege access, vulnerability scanning, incident-response plan. In case of personal-data breach we will notify authorities and affected users within 72 hours where required by law.

8. Data Retention

DataRetention
Account & Billing5 years after termination (tax & audit)
Technical Logs2 years
Uploaded PDFs for Template creation90 days after Template delivery (unless longer retention requested in dashboard)

9. Your Rights

Where applicable (e.g., GDPR, UK DPA, CCPA/CPRA) you may request access, correction, deletion, restriction, data export, or opt-out of certain processing. Contact privacy@doczap.io.

10. Marketing Communications

We send product updates and marketing emails only with consent; you may unsubscribe at any time.

11. Children

The Service is not directed to children under 16. We do not knowingly collect their personal data.

12. Changes to This Policy

We will post any changes on this page and, for material changes, notify registered users at least 30 days in advance.

13. Contact

Questions: privacy@doczap.io
Data-protection officer: DPO Office, Dear Inc., Tokyo.