PRIVACY POLICY

Updated at July 30, 2024
At Docxster, we prioritise the privacy and security of your personal data. In today’s digital age, safeguarding your information is more important than ever. Our commitment to data privacy protection is reflected in our rigorous adherence to the General Data Protection Regulation (GDPR) and other applicable data protection laws. This Privacy Policy outlines our practices for collecting, using, and protecting your personal data. We aim to provide you with transparency and control over your information, ensuring that you can use our cloud-based SaaS platform with confidence. Your trust in our data handling practices is paramount to us. We are dedicated to maintaining the highest standards of data privacy, and we continuously review and improve our policies and procedures to meet and exceed regulatory requirements. By using Docxster, registering an account, or engaging with our services, you consent to the terms outlined in this Privacy Policy and can be assured of our unwavering commitment to your privacy.

Regulatory Scope

Applicability:

This Privacy Policy applies to all personal data collected, processed, and stored by Docxster through our website and services. It covers the data we gather from users of the respective Organization and also the data processed from the documents uploaded by the client.

Compliance:

Docxster is dedicated to upholding GDPR standards. We have established and publicly available privacy policies and procedures to ensure lawful data collection and processing practices.
  • Cookie: small amount of data generated by a website and saved by your web browser. It is used to identify your browser, provide analytics, remember information about you such as your language preference or login information.
  • Company: when this policy mentions “Company,” “we,” “us,” or “our,” it refers to Docxster Private Limited, (215, Oxford Towers, Kodihalli, Bangalore 560017), that is responsible for your information under this Privacy Policy.
  • Country: where Docxster or the owners/founders of Docxster are based, in this case is India
  • Customer: refers to the company, organization or person that signs up to use the Docxster Service tomanage the relationships with your consumers or service users.
  • Device: any internet connected device such as a phone, tablet, computer or any other device that can be used to visit Docxster and use the services.
  • IP address: Every device connected to the Internet is assigned a number known as an Internet protocol (IP) address. These numbers are usually assigned in geographic blocks. An IP address can often be used to identify the location from which a device is connecting to the Internet.
  • Personnel: refers to those individuals who are employed by Docxster or are under contract to perform a service on behalf of one of the parties.
  • Personal Data: any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
  • Service: refers to the service provided by Docxster as described in the relative terms (if available) and on this platform.
  • Third-party service: refers to advertisers, contest sponsors, promotional and marketing partners, and others who provide our content or whose products or services we think may interest you.
  • You: a person or entity that is registered with Docxster to use the Services.

Lawful Bases for Processing

We process personal data based on the following legal grounds.

Contractual Necessity: We need to process personal data to fulfill our contract with you. For example, if you upload documents for processing, we need to use your data to complete this service.

Legal Obligation: We may need to process your data to comply with legal requirements. For example, we might need to retain certain records for tax or legal purposes.

Consent: We obtain your explicit consent when required. For instance, if we need to use your data for marketing purposes or other activities not covered by our service, we will ask for your permission.

Legitimate Interests: We process data based on legitimate interests such as fraud prevention and ensuring the security of our services. This includes using data to detect and prevent fraudulent activities and to enhance the security of our platform

Our legitimate interests include:

Fraud Detection and Prevention: We use personal data to identify and prevent fraudulent activities.

Customer Support: We use data to provide support and improve our services based on user feedback and interactions.

Service Security: We monitor and analyze data to ensure our services are secure and function properly.

Processing based on vital interests, which involves situations where data is needed to protect someone's life (e.g., medical emergencies), is not a primary basis for our data processing activities.
We document our legal bases for processing personal data to ensure transparency and compliance.
We do not process personal data based on public interest.
  • Cookie: small amount of data generated by a website and saved by your web browser. It is used to identify your browser, provide analytics, remember information about you such as your language preference or login information.
  • Company: when this policy mentions “Company,” “we,” “us,” or “our,” it refers to Docxster Private Limited, (215, Oxford Towers, Kodihalli, Bangalore 560017), that is responsible for your information under this Privacy Policy.
  • Country: where Docxster or the owners/founders of Docxster are based, in this case is India
  • Customer: refers to the company, organization or person that signs up to use the Docxster Service tomanage the relationships with your consumers or service users.
  • Device: any internet connected device such as a phone, tablet, computer or any other device that can be used to visit Docxster and use the services.
  • IP address: Every device connected to the Internet is assigned a number known as an Internet protocol (IP) address. These numbers are usually assigned in geographic blocks. An IP address can often be used to identify the location from which a device is connecting to the Internet.
  • Personnel: refers to those individuals who are employed by Docxster or are under contract to perform a service on behalf of one of the parties.
  • Personal Data: any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
  • Service: refers to the service provided by Docxster as described in the relative terms (if available) and on this platform.
  • Third-party service: refers to advertisers, contest sponsors, promotional and marketing partners, and others who provide our content or whose products or services we think may interest you.
  • You: a person or entity that is registered with Docxster to use the Services.

Data Collection and Use

We collect the following types of personal data:

Contact Information: This includes your email address and phone number.

Document Information: Data extracted from documents you upload, such as scanned copies of identity cards or invoices (basically any document you upload).

Identifiable Information: This includes your name and organization name.

We use your personal data for:

Providing and Improving Our Services: To deliver our document processing services and enhance their functionality.

Document Analysis: To process and analyze the documents you upload, extracting relevant information as required.

Ensuring Security: To protect our services from misuse, unauthorized access, and other security threats.

Communicating with You: To update you on your account, respond to inquiries, and provide important notices.

As a data processor, we handle your personal data on behalf of our clients, who are the data controllers. We follow their instructions for processing data and have a SCC in place that outlines our responsibilities.
  • Cookie: small amount of data generated by a website and saved by your web browser. It is used to identify your browser, provide analytics, remember information about you such as your language preference or login information.
  • Company: when this policy mentions “Company,” “we,” “us,” or “our,” it refers to Docxster Private Limited, (215, Oxford Towers, Kodihalli, Bangalore 560017), that is responsible for your information under this Privacy Policy.
  • Country: where Docxster or the owners/founders of Docxster are based, in this case is India
  • Customer: refers to the company, organization or person that signs up to use the Docxster Service tomanage the relationships with your consumers or service users.
  • Device: any internet connected device such as a phone, tablet, computer or any other device that can be used to visit Docxster and use the services.
  • IP address: Every device connected to the Internet is assigned a number known as an Internet protocol (IP) address. These numbers are usually assigned in geographic blocks. An IP address can often be used to identify the location from which a device is connecting to the Internet.
  • Personnel: refers to those individuals who are employed by Docxster or are under contract to perform a service on behalf of one of the parties.
  • Personal Data: any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
  • Service: refers to the service provided by Docxster as described in the relative terms (if available) and on this platform.
  • Third-party service: refers to advertisers, contest sponsors, promotional and marketing partners, and others who provide our content or whose products or services we think may interest you.
  • You: a person or entity that is registered with Docxster to use the Services.
  • Cookie: small amount of data generated by a website and saved by your web browser. It is used to identify your browser, provide analytics, remember information about you such as your language preference or login information.
  • Company: when this policy mentions “Company,” “we,” “us,” or “our,” it refers to Docxster Private Limited, (215, Oxford Towers, Kodihalli, Bangalore 560017), that is responsible for your information under this Privacy Policy.
  • Country: where Docxster or the owners/founders of Docxster are based, in this case is India
  • Customer: refers to the company, organization or person that signs up to use the Docxster Service tomanage the relationships with your consumers or service users.
  • Device: any internet connected device such as a phone, tablet, computer or any other device that can be used to visit Docxster and use the services.
  • IP address: Every device connected to the Internet is assigned a number known as an Internet protocol (IP) address. These numbers are usually assigned in geographic blocks. An IP address can often be used to identify the location from which a device is connecting to the Internet.
  • Personnel: refers to those individuals who are employed by Docxster or are under contract to perform a service on behalf of one of the parties.
  • Personal Data: any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
  • Service: refers to the service provided by Docxster as described in the relative terms (if available) and on this platform.
  • Third-party service: refers to advertisers, contest sponsors, promotional and marketing partners, and others who provide our content or whose products or services we think may interest you.
  • You: a person or entity that is registered with Docxster to use the Services.

Consent Management

We obtain explicit consent from users for processing their personal data, including during sign-up. You can withdraw your consent at any time by contacting us at dpo@docxster.com.
We have a consent management system to ensure that consent preferences are respected and implemented effectively.
We enter into SCCs with client organizations to ensure data protection when processing personal data on their behalf. This agreement outlines the responsibilities and safeguards for both parties. Additionally, we have a Data Processing Agreement (DPA) also in place with the client organization.

Data Security and Breach Management

We implement robust security measures to protect your personal data:

Encryption: We use encryption to secure data during transmission and storage, making it inaccessible to unauthorized parties.

Data Masking: We apply Data Masking techniques to reduce the risk of identifying individuals from data.

We have procedures in place to detect and respond to data breaches. This includes monitoring our systems for unusual activities and potential security threats.
Our incident management policy includes steps for managing information security incidents, including detecting breaches, notifying affected individuals, and taking remedial actions.
In the event of a data breach, we will notify affected individuals and relevant authorities as required by GDPR, providing details about the breach and our response. We have a detailed Breach Response Policy that dictates our immediate reactions.

Data Subject Rights

To exercise your rights, please email us. We will handle your requests in accordance with GDPR requirements and respond promptly. The contact details of Data Protection Committee is given: dpo@docxster.com.

a copy of the Personal Data we hold about you;

to exercise your choices with regard to sharing your Personal Data as noted under "Your Choices" above;

to object to the processing of your Personal Data for certain purposes;

to correct the Personal Data we hold about you;to delete your Personal Data;

to restrict how we use your personal information, but this right is determined by applicable law and may impact your access to some of our services;

to lodge a complaint with the relevant authority if you consider that processing your personal data infringes applicable law. However, we encourage you to contact us first, and we will do our very best to resolve your concern;

or to object to processing your personal information where it is so conducted by automated means and involves any kind of decision-making subject to discovery that your data was used for automated means.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Docxster processes or stores all personal data in fully vetted, DPA compliant vendors. We do store all conversation and personal data for up to 6 years unless your account is deleted. In which case, we dispose of all data in accordance with our Terms of Service and Privacy Policy, but we will not hold it longer than 60 days.
We maintain a retention matrix that specifies:

Categories of Data: Types of data we collect.

Retention Periods: How long each type of data is kept.

Regulations: Relevant laws or policies that apply.

Storage Locations: Where data is stored.

Disposal Mechanisms: Methods for securely deleting or anonymizing data.

Cross-Border Data Transfers

Sometimes, we might partner with other companies (sub-processors) to deliver our services effectively. We carefully choose these partners and ensure they comply with GDPR just like we do. You can find more details about our sub-processors on our dedicated Sub-processors page. These sub-processors may be based outside Europe.

If your data needs to travel outside Europe (EEA), we take extra precautions. We use Standard Contractual Clauses (SCCs) approved by the European Commission. These clauses guarantee the same level of protection for your data as it receives within Europe. These include legal agreements and security measures to ensure data is handled securely.

We also obtain explicit consent from individuals for transferring their data outside the EEA if necessary.

Data Protection Committee

We have appointed a three member committee to oversee our data protection practices and ensure compliance with data protection laws. The Data Protection Committee operates independently and possesses expertise in data protection and privacy regulations.

The Data Protection Committee’s responsibilities include:

Communication: Acting as a liaison between Docxster, data subjects, and regulatory authorities.

Compliance: Ensuring our data protection practices meet legal requirements.

Privacy Reviews: Conducting regular reviews and improvements of our privacy practices.

Children's Data

Docxster's platform does not specifically target children under the age of 18 or vulnerable groups. However, it is crucial to ensure that the platform’s data protection measures are robust enough to safeguard all users, including potentially vulnerable individuals.

Policy Updates

We may change our Service and policies, and we may need to make changes to this Privacy Policy so that
they accurately reflect our Service and policies. Unless otherwise required by law, we will notify you (for example, through our Service) before we make changes to this Privacy Policy and give you an opportunity to review them before they go into effect. We review and update this Privacy Policy annually or as needed to reflect changes in our practices or regulatory requirements.

Then, if you continue to use the Service, you will be bound by the updated Privacy Policy. If you do not want to agree to this or any updated Privacy Policy, you can delete your account.

Contact Information

For any questions or concerns regarding this Privacy Policy or our data protection practices, please contact:

Via Email: dpo@docxster.com / support@docxster.com 
Via Phone Number: +1 959-500-6203
Address: 3rd Floor, Cosmos Prime, 80ft Road Indiranagar, Bengaluru 560038
  • Cookie: small amount of data generated by a website and saved by your web browser. It is used to identify your browser, provide analytics, remember information about you such as your language preference or login information.
  • Company: when this policy mentions “Company,” “we,” “us,” or “our,” it refers to Docxster Private Limited, (215, Oxford Towers, Kodihalli, Bangalore 560017), that is responsible for your information under this Privacy Policy.
  • Country: where Docxster or the owners/founders of Docxster are based, in this case is India
  • Customer: refers to the company, organization or person that signs up to use the Docxster Service tomanage the relationships with your consumers or service users.
  • Device: any internet connected device such as a phone, tablet, computer or any other device that can be used to visit Docxster and use the services.
  • IP address: Every device connected to the Internet is assigned a number known as an Internet protocol (IP) address. These numbers are usually assigned in geographic blocks. An IP address can often be used to identify the location from which a device is connecting to the Internet.
  • Personnel: refers to those individuals who are employed by Docxster or are under contract to perform a service on behalf of one of the parties.
  • Personal Data: any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
  • Service: refers to the service provided by Docxster as described in the relative terms (if available) and on this platform.
  • Third-party service: refers to advertisers, contest sponsors, promotional and marketing partners, and others who provide our content or whose products or services we think may interest you.
  • You: a person or entity that is registered with Docxster to use the Services.

Additional Information

We conduct thorough due diligence on our vendors to ensure they comply with data protection regulations. Our contracts with third parties define the scope of data sharing, usage, and security measures.

Our Business Continuity Policy includes measures for the backup and restoration of personal data to ensure ongoing protection.

We adhere to the principle of data minimization, collecting only the data necessary for our services. We have mechanisms in place to ensure we collect and process minimal data. We Use techniques like data masking for any sensitive data that is collected. We also engage with stakeholders, including data subjects, to ensure transparency about what data is collected and why.

We conduct Privacy Risk Assessments to identify and mitigate privacy risks as part of our ongoing risk management processes.

We provide regular training to our employees on data protection practices and the procedures for reporting breaches

We have established procedures to ensure that employees know how to report breaches and that our response mechanisms are effective in detecting and managing privacy breaches.

Conclusion

Docxster is dedicated to maintaining the highest standards of data protection and privacy. We regularly review and update our policies to ensure compliance with GDPR and other applicable regulations. For any questions or concerns with regards to our privacy policies, please contact our team at support@docxster.com.
  • Cookie: small amount of data generated by a website and saved by your web browser. It is used to identify your browser, provide analytics, remember information about you such as your language preference or login information.
  • Company: when this policy mentions “Company,” “we,” “us,” or “our,” it refers to Docxster Private Limited, (215, Oxford Towers, Kodihalli, Bangalore 560017), that is responsible for your information under this Privacy Policy.
  • Country: where Docxster or the owners/founders of Docxster are based, in this case is India
  • Customer: refers to the company, organization or person that signs up to use the Docxster Service tomanage the relationships with your consumers or service users.
  • Device: any internet connected device such as a phone, tablet, computer or any other device that can be used to visit Docxster and use the services.
  • IP address: Every device connected to the Internet is assigned a number known as an Internet protocol (IP) address. These numbers are usually assigned in geographic blocks. An IP address can often be used to identify the location from which a device is connecting to the Internet.
  • Personnel: refers to those individuals who are employed by Docxster or are under contract to perform a service on behalf of one of the parties.
  • Personal Data: any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
  • Service: refers to the service provided by Docxster as described in the relative terms (if available) and on this platform.
  • Third-party service: refers to advertisers, contest sponsors, promotional and marketing partners, and others who provide our content or whose products or services we think may interest you.
  • You: a person or entity that is registered with Docxster to use the Services.
  • Cookie: small amount of data generated by a website and saved by your web browser. It is used to identify your browser, provide analytics, remember information about you such as your language preference or login information.
  • Company: when this policy mentions “Company,” “we,” “us,” or “our,” it refers to Docxster Private Limited, (215, Oxford Towers, Kodihalli, Bangalore 560017), that is responsible for your information under this Privacy Policy.
  • Country: where Docxster or the owners/founders of Docxster are based, in this case is India
  • Customer: refers to the company, organization or person that signs up to use the Docxster Service tomanage the relationships with your consumers or service users.
  • Device: any internet connected device such as a phone, tablet, computer or any other device that can be used to visit Docxster and use the services.
  • IP address: Every device connected to the Internet is assigned a number known as an Internet protocol (IP) address. These numbers are usually assigned in geographic blocks. An IP address can often be used to identify the location from which a device is connecting to the Internet.
  • Personnel: refers to those individuals who are employed by Docxster or are under contract to perform a service on behalf of one of the parties.
  • Personal Data: any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
  • Service: refers to the service provided by Docxster as described in the relative terms (if available) and on this platform.
  • Third-party service: refers to advertisers, contest sponsors, promotional and marketing partners, and others who provide our content or whose products or services we think may interest you.
  • You: a person or entity that is registered with Docxster to use the Services.