Privacy Policy

Last updated: December 2025

DocCollector is operated from Norway and is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.

Data We Collect

Account Holders (Accountants)

  • Email address — for authentication and communication
  • Name and company name — displayed to your clients
  • Payment information — processed securely by Stripe (we do not store card details)

Clients (Document Uploaders)

  • Name and email address — provided by the accountant who created the request
  • Uploaded documents — files you upload in response to document requests

Automatically Collected

  • Usage data — basic analytics to improve the service
  • Technical data — IP address, browser type (for security and rate limiting)

How We Use Your Data

  • To provide and operate the DocCollector service
  • To send transactional emails (document requests, reminders, notifications)
  • To process payments and manage subscriptions
  • To protect against fraud and abuse
  • To comply with legal obligations

We do not sell your data. We do not use your data for advertising.

Data Storage and Security

All data is stored and processed within the European Union:

  • Database and file storage — hosted in Frankfurt, Germany
  • Application servers — Scalingo (hosted in France)
  • Encryption — all data is encrypted in transit (TLS) and at rest

Security Measures

  • Passwordless authentication via secure magic links
  • Time-limited access tokens for document uploads (expire after 30 days)
  • Rate limiting to prevent abuse
  • File type validation to prevent malicious uploads
  • Row-level security ensuring users can only access their own data

Third-Party Services

We use the following third-party services:

  • Supabase (EU region) — database, authentication, and file storage
  • Stripe — payment processing
  • Resend — transactional email delivery

Data Retention

  • Account data is retained while your account is active
  • Uploaded documents are retained until deleted by the accountant or upon account deletion
  • When you delete your account, all associated data is permanently removed

Your Rights

Under GDPR and applicable privacy laws, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data
  • Object to processing

To exercise these rights, contact us at the email below.

Contact

For privacy-related inquiries, contact us at: support@doccollector.app

Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email to account holders.

←  Back to home
Privacy Policy - DocCollector | DocCollector