Privacy Policy

Effective Date: April 14, 2026 ยท Last Updated: April 14, 2026

DocReceipt ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our document workflow platform, website, and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

a. Account Information

When you register for an account, we collect:

  • Full name
  • Email address
  • Password (stored in hashed form using argon2)
  • Firm/organization name
  • Role within the organization

b. Client Information

Firm users may add client records, which may include:

  • Client name and email address
  • Phone number (optional)
  • Organization or business name

c. Documents and Files

Files uploaded through the Service are stored securely. We do not access, read, or analyze the contents of uploaded documents unless required for technical support with your explicit consent, or as required by law.

d. Usage Data

We automatically collect certain information when you use the Service:

  • IP address
  • Browser type and version
  • Pages visited and features used
  • Date and time of access
  • Device information
  • Referring URL

e. Cookies and Tracking

We use essential cookies for authentication and session management. We may use analytics cookies to understand how the Service is used. You can control cookie preferences through your browser settings.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Create and manage your account
  • Process document requests and uploads
  • Send transactional emails (document requests, reminders, confirmations)
  • Send service-related notifications
  • Provide customer support
  • Monitor usage patterns to improve performance and user experience
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

3. Data Storage and Security

  • All data is stored on servers located in India
  • Data is encrypted in transit using TLS 1.2+ (256-bit encryption)
  • Files are stored in encrypted cloud storage (Amazon S3 with server-side encryption)
  • Passwords are hashed using argon2 and never stored in plain text
  • Access tokens are short-lived (15 minutes) with secure refresh token rotation
  • We implement row-level tenant isolation to ensure data separation between organizations

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share information only in the following circumstances:

  • Within your organization: Team members within the same tenant can see client records and document requests as permitted by their role
  • With clients: When a firm sends a document request, the client receives the request via email with a secure upload link
  • Service providers: We use third-party services for email delivery, cloud hosting, and payment processing. These providers are contractually bound to protect your data
  • Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction

5. Data Retention

  • Account data is retained as long as your account is active
  • Uploaded documents are retained according to your organization's subscription plan and settings
  • When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law
  • Backup copies may persist for up to 90 days after deletion
  • Usage logs are retained for up to 12 months for security and analytics purposes

6. Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Export your data in a portable format
  • Withdraw consent for optional data processing
  • Object to processing of your data for specific purposes

To exercise any of these rights, contact us at privacy@docreceipt.app.

7. Digital Personal Data Protection Act (DPDPA) Compliance

We are committed to compliance with India's Digital Personal Data Protection Act, 2023 (DPDPA). This includes:

  • Processing personal data only for lawful purposes with clear consent
  • Providing clear notice about what data is collected and why
  • Implementing reasonable security safeguards
  • Honoring data principal rights including access, correction, and erasure
  • Maintaining data localization requirements by hosting data in India
  • Appointing a grievance officer for data-related concerns

8. Third-Party Services

The Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

Third-party services we currently use include:

  • Amazon Web Services (cloud hosting and file storage)
  • Email delivery services (for transactional emails)
  • Payment processing services (for subscription billing)

9. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

10. International Data Transfers

Your data is primarily stored and processed in India. If any data transfer outside India is necessary (for example, through a third-party service provider), we will ensure appropriate safeguards are in place in accordance with applicable laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last Updated" date. For significant changes, we may also notify you via email or through an in-app notification.

Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

12. Grievance Officer

In accordance with the DPDPA, if you have any concerns or grievances regarding the processing of your personal data, you may contact our Grievance Officer:

Email: privacy@docreceipt.app
Address: Hyderabad, Telangana, India

We will acknowledge your grievance within 48 hours and resolve it within 30 days.

13. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us:

Email: privacy@docreceipt.app
General inquiries: hello@docreceipt.app
Address: Hyderabad, Telangana, India

โ† Back to home