Privacy Policy

This policy applies to processing activities carried out when using the DocExtract Pro platform (public site, customer workspace, API, and integrations).

Depending on the processing activity, DocExtract Pro acts either as data controller (for example: account and billing management) or as data processor (for example: processing imported invoices on behalf of the customer).

• Account data: business email, company name, user role.
• Operational data: imported invoices, extracted fields, statuses, validations, exports, alerts, and notifications.
• Integration data: hashed API keys, webhook configuration, accounting connector states (QuickBooks, Xero).
• Security and traceability data: technical logs, audit events, and sensitive action history.
• Billing data: subscribed plan, usage volumes, Stripe transaction identifiers.

• Contract performance: access to services, extraction, validation, export, integrations.
• Legitimate interest: security, abuse detection, monitoring, and continuous improvement.
• Legal obligation: retention of certain accounting and billing data.
• Consent: sending non-essential communications when applicable.

Data is accessible only to authorized persons and, when required, to technical subprocessors bound by contractual obligations (hosting, database, payment, email delivery, and file storage providers).

DocExtract Pro does not sell your data and does not share it with third parties for commercial purposes.

When services involve international data transfers, DocExtract Pro applies GDPR-compliant safeguards (including standard contractual clauses and additional security measures when required).

• Account data: retained during the contractual relationship, then limited archiving.
• Billing data: up to 10 years according to legal requirements.
• Security and audit logs: retained proportionally to traceability needs.
• Imported documents (invoices): retained according to customer usage settings and legal obligations.

• Encryption of data in transit.
• Fine-grained access management through roles (ADMIN / MANAGER / ACCOUNTANT / VIEWER).
• Audit trail for critical actions.
• Secure API key storage (fingerprint/hash).
• Application monitoring and incident response procedures.

You have rights of access, rectification, erasure, objection, restriction, and portability under applicable regulations.

To exercise your rights: privacy@getdocextract.com.

The service may use technical trackers required for functionality, security, and performance measurement. Non-essential trackers, when applicable, are subject to consent according to applicable laws.

This policy may change to reflect legal, technical, or organizational updates. The update date displayed at the top of this page is authoritative.