Docmods

Privacy Policy

Last updated: February 5, 2026

This Privacy Policy describes how Docmods ("we", "us", or "our") collects, uses, and shares your personal information when you use our website at docmods.com and our AI-powered document editing services (collectively, the "Service").

1. Information We Collect

Information You Provide

  • Account information: Name, email address, and password when you create an account.
  • Payment information: Billing details processed securely through Stripe. We do not store credit card numbers.
  • Documents: Files you upload for processing. See Section 5 for how we handle your documents.
  • Communications: Messages you send to us via email or support channels.

Information Collected Automatically

  • Usage data: Pages visited, features used, actions taken within the Service.
  • Device information: Browser type, operating system, screen resolution.
  • Log data: IP address, access times, referring URLs.
  • Cookies: See our Cookie Policy for details.

Information from Third Parties

  • Authentication providers: If you sign in via Google or other OAuth providers, we receive your name and email.
  • Analytics: We use PostHog for product analytics, which collects anonymized usage patterns.

2. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the Service.
  • Process your documents as instructed.
  • Send transactional emails (account confirmations, security alerts).
  • Respond to support requests.
  • Analyze usage patterns to improve our product.
  • Detect and prevent fraud or abuse.

We do not use your documents to train AI models.

If you are in the European Economic Area (EEA), we process your data under:

  • Contract performance: To provide the Service you requested.
  • Legitimate interest: To improve our product and prevent abuse.
  • Consent: For optional marketing communications (you may withdraw consent at any time).

4. How We Share Your Information

We share your information only with:

  • Service providers: Stripe (payments), Clerk (authentication), Cloudflare (infrastructure), PostHog (analytics), and cloud hosting providers necessary to operate the Service.
  • AI model providers: Document content is sent to third-party AI providers (e.g., Moonshot AI) for processing. These providers process data per our instructions and do not retain your content.
  • Legal requirements: When required by law, subpoena, or government request.
  • Business transfers: In connection with a merger, acquisition, or sale of assets.

We do not sell your personal information.

5. Document Handling

Your documents are central to the Service. Here is how we handle them:

  • Processing: Documents are processed in isolated, ephemeral sandboxes. Each session is independently containerized.
  • Storage: Uploaded documents are stored temporarily to enable editing sessions. Documents are retained for the duration of your session and automatically deleted afterward unless you explicitly save them.
  • No training: We do not use your documents to train, fine-tune, or improve AI models.
  • Encryption: Documents are encrypted in transit (TLS 1.2+) and at rest.

6. Data Retention

  • Account data: Retained while your account is active. Deleted within 30 days of account closure.
  • Documents: Deleted at end of session unless saved. Saved documents retained until you delete them or close your account.
  • Usage logs: Retained for up to 12 months for analytics, then anonymized.
  • Payment records: Retained as required by tax and financial regulations (typically 7 years).

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data.
  • Correct inaccurate data.
  • Delete your data ("right to be forgotten").
  • Export your data in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent for optional processing.

To exercise these rights, email us at [email protected].

8. International Transfers

We operate primarily in the United States. If you are outside the US, your data may be transferred to and processed in the US. We use standard contractual clauses and other safeguards to protect transferred data. For EU/EEA users, a Data Processing Agreement is available at /dpa.

9. Security

We implement industry-standard measures to protect your data:

  • TLS encryption for all data in transit.
  • Encryption at rest for stored documents.
  • Isolated sandbox environments for document processing.
  • Regular security reviews and dependency audits.
  • Access controls and audit logging.

No system is 100% secure. If you discover a vulnerability, please report it to [email protected].

10. Children's Privacy

The Service is not directed to individuals under 16. We do not knowingly collect data from children. If we learn we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or a notice on the Service. Your continued use after changes constitutes acceptance.

12. Contact Us

For privacy questions or requests:

For EU/EEA residents, you also have the right to lodge a complaint with your local data protection authority.