PRIVACY POLICY

Privacy Policy

Last updated: February 12, 2026

1. Introduction

Welcome to Gettingdocs ("we," "our," or "us"). We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our document collection service.

By using Gettingdocs, you confirm your acceptance of this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our service.

2. Information We Collect

2.1 Personal Information

When you register for an account, we collect:

  • Email address
  • Practice name
  • Password (encrypted using bcrypt)
  • Payment information (processed securely through Stripe)

2.2 Client Data

When you add clients to campaigns, we collect:

  • Client names
  • Phone numbers (for WhatsApp communication)
  • Email addresses (optional)
  • Document metadata (filenames, upload dates)

2.3 Document Storage

When clients upload documents:

  • Documents are temporarily stored on our secure servers
  • Documents are uploaded to YOUR Google Drive (if connected)
  • We retain metadata (filename, upload date, file size) for billing and service purposes
  • Document content is not analyzed or accessed by our staff

2.4 Authentication Data

If you use Google OAuth to connect Google Drive, we receive authorization tokens to access your Drive on your behalf. We do not have access to your Google password.

3. How We Use Your Information

3.1 Service Delivery

  • Facilitate WhatsApp communication with your clients
  • Process and organize client documents
  • Upload documents to your Google Drive
  • Manage your account and subscription
  • Track usage against your plan limits
  • Provide customer support

3.2 Communication

  • Send transactional emails (campaign updates, document receipts)
  • Send important service updates and security notices
  • Send notification alerts (if you've enabled email notifications)

4. Data Storage and Security

4.1 Security Measures

We implement industry-standard security measures:

  • All data transmitted via HTTPS encryption
  • Passwords hashed using bcrypt
  • Database hosted on secure Railway infrastructure
  • Regular security audits and updates
  • Access controls and authentication tokens

4.2 Payment Security

  • Payment processing handled by Stripe (PCI DSS compliant)
  • We never store your full credit card details
  • Only Stripe customer IDs are retained

4.3 Document Security

  • Documents uploaded via secure Twilio infrastructure
  • Files stored temporarily on our servers before Google Drive upload
  • Google Drive integration uses OAuth 2.0 for secure access
  • No third-party access to your documents without explicit permission

5. Data Retention

5.1 Account Data

  • Account information retained while your account is active
  • You can request account deletion at any time via Settings
  • Upon deletion, personal data removed within 30 days

5.2 Campaign and Message History

  • Campaign data retained for the duration of your subscription
  • Message history retained for audit and compliance purposes
  • Data automatically deleted upon account deletion

5.3 Documents

  • Documents stored in YOUR Google Drive (under your control)
  • Temporary server copies deleted after Google Drive upload
  • Document metadata retained for billing and service purposes

6. Data Sharing

We do not sell, trade, or rent your personal information to third parties.

We share data with trusted service providers:

  • Stripe: Payment processing
  • Twilio: WhatsApp messaging infrastructure
  • Google Drive: Document storage (under your control)
  • Anthropic (Claude AI): AI-powered message generation
  • Railway: Database and hosting infrastructure
  • Brevo: Transactional email delivery

7. Your Rights (GDPR Compliance)

You have the right to:

  • Access and download your personal data
  • Update or correct your account information
  • Request deletion of specific data (documents, clients, campaigns)
  • Request complete account deletion
  • Unsubscribe from email notifications at any time
  • Lodge a complaint with a data protection authority

All deletion requests can be performed directly in the Settings page under the "Danger Zone" section.

8. Cookies and Tracking

We use essential cookies for authentication, security, and service functionality. We do not use tracking cookies or sell your data to advertisers.

9. Children's Privacy

Gettingdocs is a business service not intended for users under 18 years of age. We do not knowingly collect personal information from children.

10. International Data Transfers

Your data may be transferred to and processed in countries outside of your residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Gettingdocs - Committed to protecting your privacy